anoniem Geplaatst: 3 juli 2013 Delen Geplaatst: 3 juli 2013 Ik krijg na het opstarten steeds weer dezelfde melding van MBAM. Hij staat steeds in Users/name/appdata/local/temp/470D.tmp/logitech.exe. Vreemd dat het een logitech bestand is. Iemand hier een oplossing voor? Quote Link naar reactie
0 anoniem Geplaatst: 4 juli 2013 Auteur Delen Geplaatst: 4 juli 2013 Een bestandsnaam zegt verder niets. Vaak krijgt malware een naam die vertrouwd klinkt. Controleer dat bestand eens op https://www.virustotal.com/nl/ Als meerdere programma's dat als malware detecteren moet je het hele systeem eens grondig scannen. Wordt er dan nog niets gevonden door je eigen AV, probeer het dan eens met de [url=http://www.emsisoft.nl/nl/software/eek/]Emsisoft Emergency kit[/url] Quote Link naar reactie
0 anoniem Geplaatst: 5 juli 2013 Auteur Delen Geplaatst: 5 juli 2013 Logitech zet vreemd genoeg bepaalde driverbestanden in de tijdelijke mappen. Verwijder je die, worden ze ook weer teruggezet. Maar laten we kijken hoe jouw Windows er bij staat: [b:7fdda04be5]Welk programma[/b:7fdda04be5]: [color=#008000:7fdda04be5][b:7fdda04be5]OTL.exe[/b:7fdda04be5][/color:7fdda04be5] [b:7fdda04be5]Waarvoor/waarom[/b:7fdda04be5]: multifunktioneel tool - analyse en fix [b:7fdda04be5]Moeilijkheidsgraad[/b:7fdda04be5]: geen. [b:7fdda04be5]Download[/b:7fdda04be5]: [url=http://oldtimer.geekstogo.com/OTL.exe][b:7fdda04be5][color=red:7fdda04be5]OTL.exe[/color:7fdda04be5][/b:7fdda04be5][/url] en plaats het bestand op het bureaublad. [b:7fdda04be5]Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters![/b:7fdda04be5] [b:7fdda04be5]OTL.exe gebruiken[/b:7fdda04be5]: [list:7fdda04be5][list:7fdda04be5][*:7fdda04be5][b:7fdda04be5][color=#0000FF:7fdda04be5]Windows 2000[/color:7fdda04be5][/b:7fdda04be5] en [color=#0000FF:7fdda04be5][b:7fdda04be5]Windows XP[/b:7fdda04be5][/color:7fdda04be5]: dubbelklik op [color=#008000:7fdda04be5][b:7fdda04be5]OTL.exe[/b:7fdda04be5][/color:7fdda04be5]. [*:7fdda04be5][color=#0000FF:7fdda04be5][b:7fdda04be5]Windows Vista[/b:7fdda04be5][/color:7fdda04be5], [color=#0000FF:7fdda04be5][b:7fdda04be5]Windows 7[/b:7fdda04be5][/color:7fdda04be5] en [color=#0000FF:7fdda04be5][b:7fdda04be5]Windows 8[/b:7fdda04be5][/color:7fdda04be5]: via rechtsklik op [color=#008000:7fdda04be5][b:7fdda04be5]OTL.exe[/b:7fdda04be5][/color:7fdda04be5] en kies voor "Als Administrator uitvoeren".[/list:u:7fdda04be5][/list:u:7fdda04be5] [list:7fdda04be5][*:7fdda04be5]Zet een vinkje bij [b:7fdda04be5]Scan All Users[/b:7fdda04be5], [b:7fdda04be5]LOP Check[/b:7fdda04be5] en bij [b:7fdda04be5]PURITY Check[/b:7fdda04be5]. [*:7fdda04be5]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder [img:7fdda04be5]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:7fdda04be5] [code:1:7fdda04be5] services.* explorer.exe winlogon.exe Userinit.exe svchost.exe netsvcs BASESERVICES DRIVES msconfig %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %PROGRAMFILES%\* [/code:1:7fdda04be5] [*:7fdda04be5]Klik vervolgens op de knop [img:7fdda04be5]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:7fdda04be5]. [*:7fdda04be5]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:7fdda04be5]De scan zal niet heel erg lang duren. [list:7fdda04be5][*:7fdda04be5]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:7fdda04be5]OTL.Txt[/b:7fdda04be5] en [b:7fdda04be5]Extras.txt[/b:7fdda04be5]. [*:7fdda04be5]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:7fdda04be5][/list:u:7fdda04be5] [color=#008000:7fdda04be5][b:7fdda04be5]Notabene:[/b:7fdda04be5][/color:7fdda04be5] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten. Quote Link naar reactie
0 anoniem Geplaatst: 5 juli 2013 Auteur Delen Geplaatst: 5 juli 2013 OTL Extras logfile created on: 5-7-2013 10:42:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bert\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 7,98 Gb Total Physical Memory | 6,71 Gb Available Physical Memory | 84,06% Memory free 15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,13 Gb Total Space | 109,03 Gb Free Space | 48,65% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1649,25 Gb Free Space | 88,53% Space Free | Partition Type: NTFS Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:9bb2f52310]========== Extra Registry (SafeList) ==========[/color:9bb2f52310] [color=#E56717:9bb2f52310]========== File Associations ==========[/color:9bb2f52310] [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found [color=#E56717:9bb2f52310]========== Shell Spawning ==========[/color:9bb2f52310] [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1" http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error. [color=#E56717:9bb2f52310]========== Security Center Settings ==========[/color:9bb2f52310] [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717:9bb2f52310]========== Firewall Settings ==========[/color:9bb2f52310] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [color=#E56717:9bb2f52310]========== Authorized Applications List ==========[/color:9bb2f52310] [color=#E56717:9bb2f52310]========== Vista Active Open Ports Exception List ==========[/color:9bb2f52310] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00FCD404-D417-419C-851D-DDCA6E257582}" = rport=10243 | protocol=6 | dir=out | app=system | "{123ECA3E-D0F6-4397-A78E-94A06DA9CA1C}" = rport=137 | protocol=17 | dir=out | app=system | "{16736976-3D79-43FD-BC86-454C40957AAA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1A0BFA4F-6AFB-45DA-BBE8-92C4BCCA7EB0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{324AF649-3E60-468E-8F1C-E8F48D1DF0C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{3C86EE98-216D-4B0F-9B0A-CF2AF7DD9EBC}" = rport=138 | protocol=17 | dir=out | app=system | "{4393C30D-D92A-4876-A03D-3865431B1E7A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{4C6ABD09-AB10-4216-8015-E4F6208F8F9A}" = lport=138 | protocol=17 | dir=in | app=system | "{54CAD0EC-EBC5-4679-8D39-3F4B43045245}" = rport=139 | protocol=6 | dir=out | app=system | "{5C44BF06-8008-4DC3-96FF-8557E42D5CA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6CE00D2C-823E-49A0-86F9-FB4DD76A57F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{771C390D-D587-4DB1-A314-F8E5A19CFB24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{84C3E0C3-0DA1-4AC7-98D9-41A621BB9226}" = lport=137 | protocol=17 | dir=in | app=system | "{9A680860-CDF0-4517-956B-E155A7239E16}" = lport=139 | protocol=6 | dir=in | app=system | "{9C0CCE0D-E399-441C-A41F-84F62C1083E6}" = rport=445 | protocol=6 | dir=out | app=system | "{AF700F90-5148-4CCD-A8AD-23E63C5C71A2}" = lport=10243 | protocol=6 | dir=in | app=system | "{B4563A61-C6E6-4236-ABFE-854699BDAAEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CB9CD761-8767-4980-ADF6-1E847B680DEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E3648193-3195-4C54-8EE2-A04D3C5728AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{E7565598-3184-4097-8CB0-135FAFFAFF5D}" = lport=445 | protocol=6 | dir=in | app=system | "{EE33FDC1-440A-49E1-8BC0-AD2806FCEE9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EE67E9E7-8DD2-4F56-B885-C953CF13EF0C}" = lport=2869 | protocol=6 | dir=in | app=system | "{EEFE7DC9-9B5C-4E81-B74C-4E51D19E1A44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{F074FC4C-4411-42E1-9555-C4DC2F0D60DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{F09B543D-8B47-434A-9421-CD9A2FF16F91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | [color=#E56717:9bb2f52310]========== Vista Active Application Exception List ==========[/color:9bb2f52310] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0550BE32-E07A-4F97-964F-09EDF2E1A345}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{15D400A6-3330-475C-904B-DB7DC2346F98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{20665D23-F957-44FD-B410-73FD21E4D65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{219F0485-B3C9-407D-830A-F688821D0025}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{271C0C92-AB24-4FEC-A428-54B54F8CDA76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2A3BA0DC-1B57-45EA-A7D1-56D3ABE43FF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{396AB77D-10DA-4714-BB6A-077EE4FD59C8}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{3CD9C330-9EF6-4415-A26E-998C722242E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{3E3A727A-E998-46E1-B2E7-894270D7BC58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{46AA82CF-C54A-4386-9FBF-41D276231D91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{49250E74-41AA-4B1A-A504-3FA2BE9D808B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{5BE51FA7-E27F-493E-8199-1A0B5616BBD9}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{5FC7EC71-5DB2-4CB6-85CF-DACB4D57B985}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{6DF661FA-9D93-4288-839C-486569E2C4B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6EADB8DB-7FB2-4484-AC8F-3BEDDB331D34}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{747E4A5E-D85A-4095-A7A0-098B30B488B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{7562C37A-38D4-43D9-9AFA-14C410C3890E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe | "{77B9483B-EB06-424D-B42B-8923BCC36E7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{7BFCDD10-8347-496A-881C-174B6D91591C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{7FA93D56-610D-4644-8655-C1DAE074C2B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{8098EE6C-FEB2-4DAD-8BAA-89446D62ECE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe | "{838A10C9-1BEE-4134-8404-3FAF6AD3981B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{8A19FAF0-C380-4E9A-8C49-C1EB6FA1E20E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{8C29BD49-D243-4BCF-915F-C6C9C2ED2E80}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{8FF02B39-9033-433B-9EE2-FA4654CB37ED}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | "{91E47C66-FB49-4AD9-A59E-4FFA04BEDD3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | "{997464E4-B467-4F27-9821-9E415FDC706B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe | "{9D35B16F-517D-4794-893A-E1570539A00F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{9E1D975D-5423-42A5-AC42-8440AE809D67}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | "{A2BC3297-5022-49F5-A0FD-37B51AF3D691}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | "{AB7071A4-F2BE-4384-93CC-B94859FCD831}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{AC0131E8-0C9B-4E86-92BC-731D01818A95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{AE325D52-1B75-4C67-9BF8-F5F385963BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe | "{B098C485-D4D5-498C-8B27-24F2C592951E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe | "{B47D2887-FA70-4FA1-B1E9-160E31C0A4F0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{B61B0B5A-A546-46AC-A8ED-426FBD970F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe | "{B6978495-51CC-454F-8C87-5CCA6A85FC23}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{CE43EED4-CADE-42E4-AE98-38F09257D3CC}" = protocol=6 | dir=out | app=system | "{DB7EB6F1-C9C2-4138-94F5-DA61EDFF13C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{DC4DD6D9-109F-4AA3-BF40-2980E6808DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{DD7D398C-ADD0-4732-BE96-23DAD0B5D601}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{DF24FFCA-0609-4403-A012-19BBB8537CB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe | "{E1E4994C-FFC6-4059-91FD-06EC74CB9C53}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{EF8C290F-364E-403A-A80D-976848CABCA7}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{F2BBD380-3721-4694-9B26-EAEFB8F70EF7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{F2E6EC37-40A2-46F5-A7BA-46CCDDB052F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe | "{F301B8C2-8ADC-44A6-AC9E-30C28F93EBBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FADDAF1E-AA3F-4608-9C07-7865BCBA6726}" = dir=in | app=c:\users\bert\appdata\local\microsoft\skydrive\skydrive.exe | "TCP Query User{0E9AF403-21B7-4DF6-8530-2C167451FC98}C:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe | "TCP Query User{5A00B1CE-D362-4462-9237-28607F321694}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "TCP Query User{823FDDE9-600A-412A-A03C-158007B492F9}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe | "TCP Query User{E0485C78-EC7B-468D-B05C-E64E9F4E8012}C:\users\bert\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\bert\appdata\roaming\spotify\spotify.exe | "UDP Query User{0E97A21D-D264-4C66-82BE-8C5ED7187A99}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe | "UDP Query User{16DB5D2A-997B-4F95-B7A1-40FC470FCDE6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | "UDP Query User{47459A55-B296-44B4-9887-904B129F3D4F}C:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe | "UDP Query User{E95E7077-50BA-413E-9AA5-32F79B06FDC6}C:\users\bert\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\bert\appdata\roaming\spotify\spotify.exe | [color=#E56717:9bb2f52310]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:9bb2f52310] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit) "{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel "{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders "{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding "{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{AEB3EABF-143B-45AC-83E3-2DE9B51D60E2}" = AMD APP CPU SDK Runtime "{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager "{CC1FE395-D90F-712C-E013-EBDCC30433B1}" = AMD Fuel "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant "{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64 "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter "B81055EA372C9E3EA5000B4BD9585D992D51F1DE" = Windows-stuurprogrammapakket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) "CCleaner" = CCleaner "EPSON PX710W Series" = Printer EPSON PX710W Series verwijderen "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "TeamSpeak 3 Client" = TeamSpeak 3 Client [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer "{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}" = EpsonNet Config V4 "{08597792-778c-4af3-8e60-0d7a09ecf120}_is1" = Media converter "{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail "{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2 "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources "{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2 "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery "{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish "{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = AMD VISION Engine Control Center "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie "{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update "{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos "{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian "{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish "{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5 "{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish "{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker "{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{71B53BA8-4BE3-49AF-BC3E-07F392006300}" = USB PnP Sound Device "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0 "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety "{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch "{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions "{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110 "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 "{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer "{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive "{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker "{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety "{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7) "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4 "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6 "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack "{B72BF443-ABD6-4EDC-ACD5-CCB72DBEC33D}" = AVG PC TuneUp Language Pack (nl-NL) "{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail "{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian "{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer "{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer "{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common "{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64 "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD "{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard "{D615D099-5C0F-41E0-B69E-B7D1CDC51B61}" = Philips Media Converter "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery "{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery "{FE48654B-F9AA-40ED-BEF3-48F3FE2FA847}" = Philips Media Converter "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE "{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "avast" = avast! Internet Security "AVG PC TuneUp" = AVG PC TuneUp "Battlelog Web Plugins" = Battlelog Web Plugins "Downloader" = Downloader "EPSON Scanner" = EPSON Scan "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps "Google Chrome" = Google Chrome "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300 "ManiaPlanet_is1" = ManiaPlanet "Opera 12.15.1748" = Opera 12.15 "Origin" = Origin "Philips Songbird" = Philips Songbird "PowerISO" = PowerISO "R1JJRDI=_is1" = GRID 2 (c) Codemasters version 1 "Steam App 10180" = Call of Duty: Modern Warfare 2 "Steam App 4850" = Cossacks: Back to War "tixati" = Tixati "Totalcmd" = Total Commander (Remove or Repair) "Uplay" = Uplay "uTorrent" = µTorrent "WinLiveSuite" = Windows Live Essentials "Xfire" = Xfire [color=#E56717:9bb2f52310]========== HKEY_USERS Uninstall List ==========[/color:9bb2f52310] [HKEY_USERS\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "SkyDriveSetup.exe" = Microsoft SkyDrive "Spotify" = Spotify [color=#E56717:9bb2f52310]========== Last 20 Event Log Errors ==========[/color:9bb2f52310] [ Application Events ] Error - 16-5-2013 1:50:12 | Computer Name = Bert-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: TuneUpUtilitiesApp64.exe, versie: 12.0.4000.108, tijdstempel: 0x5035f809 Naam van module met fout: TuneUpUtilitiesApp64.exe, versie: 12.0.4000.108, tijdstempel: 0x5035f809 Uitzonderingscode: 0xc0000417 Foutoffset: 0x00000000000392b0 Id van proces met fout: 0xf84 Starttijd van toepassing met fout: 0x01ce51f93522f2cf Pad naar toepassing met fout: C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe Pad naar module met fout: C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe Rapport-id: 78ca127e-bdec-11e2-8f8a-902b3496061b Error - 16-5-2013 1:51:33 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10 Description = Error - 17-5-2013 16:52:11 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10 Description = Error - 19-5-2013 13:00:00 | Computer Name = Bert-PC | Source = Windows Backup | ID = 4103 Description = Error - 21-5-2013 16:07:33 | Computer Name = Bert-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: setup.tmp, versie: 51.1052.0.0, tijdstempel: 0x506a75b5 Naam van module met fout: unarc.dll, versie: 0.0.0.0, tijdstempel: 0x4e901f46 Uitzonderingscode: 0xc00000fd Foutoffset: 0x00002885 Id van proces met fout: 0x3f0 Starttijd van toepassing met fout: 0x01ce565e48e88b3a Pad naar toepassing met fout: C:\Users\Bert\AppData\Local\Temp\is-QAIC6.tmp\setup.tmp Pad naar module met fout: C:\Users\Bert\AppData\Local\Temp\is-JKKF1.tmp\unarc.dll Rapport-id: 122f1f7d-c252-11e2-ab8d-902b3496061b Error - 22-5-2013 1:18:19 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10 Description = Error - 22-5-2013 13:32:06 | Computer Name = Bert-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: engine.exe, versie: 2.0.0.0, tijdstempel: 0x426e2f24 Naam van module met fout: Upload.dll_unloaded, versie: 0.0.0.0, tijdstempel: 0x41fa0b45 Uitzonderingscode: 0xc0000005 Foutoffset: 0x082c8ed1 Id van proces met fout: 0xfb4 Starttijd van toepassing met fout: 0x01ce57123f45debb Pad naar toepassing met fout: C:\Program Files (x86)\GSC Game World\Cossacks II\Data\engine.exe Pad naar module met fout: Upload.dll Rapport-id: 856a0ebe-c305-11e2-9192-902b3496061b Error - 22-5-2013 13:32:33 | Computer Name = Bert-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: engine.exe, versie: 2.0.0.0, tijdstempel: 0x426e2f24 Naam van module met fout: Upload.dll_unloaded, versie: 0.0.0.0, tijdstempel: 0x41fa0b45 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00398ed1 Id van proces met fout: 0x100c Starttijd van toepassing met fout: 0x01ce57124d9202a8 Pad naar toepassing met fout: C:\Program Files (x86)\GSC Game World\Cossacks II\Data\engine.exe Pad naar module met fout: Upload.dll Rapport-id: 959708a2-c305-11e2-9192-902b3496061b Error - 22-5-2013 13:35:12 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10 Description = Error - 22-5-2013 13:54:47 | Computer Name = Bert-PC | Source = Application Error | ID = 1000 Description = Naam van toepassing met fout: engine.exe, versie: 2.0.0.0, tijdstempel: 0x426e2f24 Naam van module met fout: Upload.dll_unloaded, versie: 0.0.0.0, tijdstempel: 0x41fa0b45 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00398fb7 Id van proces met fout: 0xe3c Starttijd van toepassing met fout: 0x01ce5713a4f9e5a8 Pad naar toepassing met fout: C:\Program Files (x86)\GSC Game World\Cossacks II\Data\engine.exe Pad naar module met fout: Upload.dll Rapport-id: b07d9910-c308-11e2-b5cb-902b3496061b [ System Events ] Error - 19-6-2013 16:27:30 | Computer Name = Bert-PC | Source = DCOM | ID = 10016 Description = Error - 21-6-2013 7:52:14 | Computer Name = Bert-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma. Error - 21-6-2013 7:52:55 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7024 Description = De HomeGroup Listener-service is gestopt met de specifieke servicefout %%-2147023143. Error - 21-6-2013 9:01:42 | Computer Name = Bert-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma. Error - 21-6-2013 9:02:16 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7024 Description = De HomeGroup Listener-service is gestopt met de specifieke servicefout %%-2147023143. Error - 21-6-2013 12:50:08 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7009 Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van deze service: Steam Client Service. Error - 21-6-2013 12:50:08 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7000 Description = De Steam Client Service-service kan vanwege de volgende fout niet worden gestart: %%1053 Error - 23-6-2013 2:04:35 | Computer Name = Bert-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys kan niet worden geladen vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software om een compatibele versie van het stuurprogramma. Error - 23-6-2013 2:05:11 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7024 Description = De HomeGroup Listener-service is gestopt met de specifieke servicefout %%-2147023143. Error - 24-6-2013 1:10:01 | Computer Name = Bert-PC | Source = DCOM | ID = 10010 Description = < End of report > Quote Link naar reactie
0 anoniem Geplaatst: 5 juli 2013 Auteur Delen Geplaatst: 5 juli 2013 OTL logfile created on: 5-7-2013 10:42:28 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bert\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 7,98 Gb Total Physical Memory | 6,71 Gb Available Physical Memory | 84,06% Memory free 15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,73% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,13 Gb Total Space | 109,03 Gb Free Space | 48,65% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1649,25 Gb Free Space | 88,53% Space Free | Partition Type: NTFS Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:66292ca6b2]========== Processes (SafeList) ==========[/color:66292ca6b2] PRC - [2013-07-05 10:39:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bert\Downloads\OTL.exe PRC - [2013-06-27 14:23:57 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013-05-09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2012-02-08 11:49:16 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2012-01-18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [color=#E56717:66292ca6b2]========== Modules (No Company Name) ==========[/color:66292ca6b2] MOD - [2012-02-08 11:49:16 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [color=#E56717:66292ca6b2]========== Services (SafeList) ==========[/color:66292ca6b2] SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-03-29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-12-19 17:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-06-21 13:53:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-06-07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-06-03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-08-23 12:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012-01-18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010-03-18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-12-17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007-01-11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) [color=#E56717:66292ca6b2]========== Driver Services (SafeList) ==========[/color:66292ca6b2] DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-06-27 22:48:27 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-06-27 22:48:27 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-06-27 22:48:27 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-03-29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-03-29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-02-14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-16 17:54:04 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-12-09 11:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-09-21 11:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-09-12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-04-09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-01-18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-01-18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-10-09 17:29:28 | 000,040,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-10-09 17:29:26 | 000,080,000 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-08-23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-07-29 05:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-07-29 05:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-07-06 12:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012-07-04 16:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011-07-15 13:35:20 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717:66292ca6b2]========== Standard Registry (SafeList) ==========[/color:66292ca6b2] [color=#E56717:66292ca6b2]========== Internet Explorer ==========[/color:66292ca6b2] IE:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.diesiedleronline.de/de/startseite IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 8E CF E6 AB FA CD 01 [binary data] IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:66292ca6b2]========== FireFox ==========[/color:66292ca6b2] FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Bert\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () [2013-03-27 13:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bert\AppData\Roaming\mozilla\Extensions [2013-03-27 13:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bert\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [color=#E56717:66292ca6b2]========== Chrome ==========[/color:66292ca6b2] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.diesiedleronline.de/de/startseite CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: Google Documenten = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Zoeken = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: GFACE Experience Plugin = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.33.0_0\ CHR - Extension: avast! Online Security = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Image Search by Cooliris = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllgofbnhaihnfbokejhcndhoogagdmk\1.0.3_0\ CHR - Extension: Qtube = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\ CHR - Extension: Google Reader = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\ CHR - Extension: Gmail = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ CHR - Extension: Abstract-Blue = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.0_0\ O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O4:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation) O4 - HKLM..\Run: [AMD Catalyst] C:\ProgramData\Catalyst\CCC\colorrgb.exe () O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002..\Run: [Spotify Web Helper] C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O13[b:66292ca6b2]64bit:[/b:66292ca6b2] - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 212.54.40.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B629CB8-C6D6-4AE4-9638-DE27D7734B4B}: DhcpNameServer = 212.54.35.25 212.54.40.25 O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\livecall - No CLSID value found O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\msnim - No CLSID value found O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\skype4com - No CLSID value found O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:[b:66292ca6b2]64bit:[/b:66292ca6b2] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O27:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{79f3865a-96cb-11e2-a15f-902b3496061b}\Shell - "" = AutoRun O33 - MountPoints2\{79f3865a-96cb-11e2-a15f-902b3496061b}\Shell\AutoRun\command - "" = H:\PMCsetup.exe O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Cossacks2Setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..comfile [open] -- "%1" %* O35:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\...com [@ = comfile] -- "%1" %* O37:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^Bert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - C:\Users\Bert\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE - (Facebook) MsConfig:64bit - StartUpReg: [b:66292ca6b2]Adobe ARM[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b:66292ca6b2]BlueStacks Agent[/b:66292ca6b2] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:66292ca6b2]boincmgr[/b:66292ca6b2] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:66292ca6b2]boinctray[/b:66292ca6b2] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:66292ca6b2]Dolby Home Theater v4[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) MsConfig:64bit - StartUpReg: [b:66292ca6b2]EADM[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) MsConfig:64bit - StartUpReg: [b:66292ca6b2]EPSON PX710W Series[/b:66292ca6b2] - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFSE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: [b:66292ca6b2]Facebook Update[/b:66292ca6b2] - hkey= - key= - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig:64bit - StartUpReg: [b:66292ca6b2]msnmsgr[/b:66292ca6b2] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:66292ca6b2]PWRISOVM.EXE[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd) MsConfig:64bit - StartUpReg: [b:66292ca6b2]RtHDVBg_Dolby[/b:66292ca6b2] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: [b:66292ca6b2]RTHDVCPL[/b:66292ca6b2] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: [b:66292ca6b2]Spotify[/b:66292ca6b2] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: [b:66292ca6b2]Spotify Web Helper[/b:66292ca6b2] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: [b:66292ca6b2]Steam[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. [color=#E56717:66292ca6b2]========== Files/Folders - Created Within 30 Days ==========[/color:66292ca6b2] [2013-07-04 18:52:26 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Local\Downloader [2013-07-04 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader [2013-07-04 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloader [2013-07-02 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Bert\matrixiicache1 [2013-07-01 19:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab [2013-06-30 17:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EZDownloader [2013-06-30 17:05:42 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate [2013-06-30 11:53:54 | 000,000,000 | ---D | C] -- C:\Users\Bert\Documents\theHunter [2013-06-30 11:53:50 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\theHunter [2013-06-30 11:53:50 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Local\theHunter [2013-06-30 11:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter [2013-06-24 21:18:20 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Epson [2013-06-24 20:08:50 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\tabagames [2013-06-24 19:59:07 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs [2013-06-22 20:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 [2013-06-22 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Euro Truck Simulator 2 [2013-06-22 07:59:28 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013-06-22 07:59:25 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013-06-22 07:59:25 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013-06-22 07:59:25 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013-06-22 07:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-06-21 15:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-06-21 15:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013-06-21 15:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013-06-21 13:55:26 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Milestone [2013-06-20 20:25:51 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\uTorrent [2013-06-19 18:33:01 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-06-15 21:43:14 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\SpinTires [2013-06-15 13:43:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-06-15 13:43:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-06-14 20:42:09 | 000,000,000 | ---D | C] -- C:\Users\Bert\Documents\Rockstar Games [2013-06-14 20:39:53 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Local\Rockstar Games [2013-06-14 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\Bert\Documents\ManiaPlanet [2013-06-14 10:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet [2013-06-14 10:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet [2013-06-14 10:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManiaPlanet [2013-06-13 03:00:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-06-13 03:00:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-06-13 03:00:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-06-13 03:00:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-06-13 03:00:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-06-13 03:00:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-06-13 03:00:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-06-13 03:00:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-06-13 03:00:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-06-13 03:00:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-06-13 03:00:45 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-06-13 03:00:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-06-13 03:00:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-06-12 17:31:55 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013-06-12 17:31:55 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013-06-12 17:31:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013-06-12 17:31:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013-06-12 17:31:52 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013-06-12 17:31:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-06-12 17:31:51 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013-06-12 17:31:51 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013-06-12 17:31:50 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-06-12 17:31:50 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013-06-12 17:31:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013-06-12 17:31:48 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013-06-12 17:31:48 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013-06-10 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013-06-08 14:17:54 | 000,000,000 | ---D | C] -- C:\hitsplat [2013-06-07 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Bert\matrixiicache [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717:66292ca6b2]========== Files - Modified Within 30 Days ==========[/color:66292ca6b2] [2013-07-05 10:40:39 | 000,001,418 | ---- | M] () -- C:\Users\Bert\Desktop\OTL - Snelkoppeling.lnk [2013-07-05 10:23:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job [2013-07-05 10:17:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-07-05 10:17:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-07-05 08:17:00 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-07-05 07:10:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-07-04 18:58:53 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job [2013-07-04 18:57:20 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk [2013-07-03 19:40:17 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-07-03 19:40:17 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-07-03 19:37:39 | 001,663,048 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-07-03 19:37:39 | 000,743,092 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013-07-03 19:37:39 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-07-03 19:37:39 | 000,152,208 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013-07-03 19:37:39 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-07-03 19:33:11 | 2132,709,375 | -HS- | M] () -- C:\hiberfil.sys [2013-07-02 11:48:16 | 000,000,024 | ---- | M] () -- C:\Users\Bert\random.dat [2013-07-02 11:33:29 | 000,000,043 | ---- | M] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE.dat [2013-07-02 11:02:33 | 000,000,044 | ---- | M] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat [2013-06-27 22:48:27 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013-06-27 22:48:27 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013-06-27 22:48:27 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013-06-27 22:48:27 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013-06-27 22:48:27 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013-06-27 22:48:27 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013-06-24 21:17:19 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk [2013-06-22 20:25:47 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk [2013-06-22 07:59:23 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013-06-22 07:59:23 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013-06-22 07:59:23 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013-06-22 07:59:23 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013-06-22 07:59:23 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013-06-22 07:59:23 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013-06-21 13:53:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-06-21 13:53:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-06-20 20:26:52 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013-06-20 20:26:52 | 000,000,866 | ---- | M] () -- C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2013-06-20 18:19:04 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013-06-18 15:28:11 | 000,002,764 | ---- | M] () -- C:\Users\Bert\Documents\FinalSetList.rtf [2013-06-14 10:15:49 | 000,000,312 | ---- | M] () -- C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf [2013-06-14 03:01:51 | 001,640,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-06-12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013-06-12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013-06-12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-06-12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-06-12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-06-12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-06-10 21:29:53 | 000,000,517 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013-06-08 16:08:18 | 000,000,043 | ---- | M] () -- C:\Users\Bert\jagex_cl_runescape_LIVE.dat [2013-06-08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-06-08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717:66292ca6b2]========== Files Created - No Company Name ==========[/color:66292ca6b2] [2013-07-05 10:40:20 | 000,001,418 | ---- | C] () -- C:\Users\Bert\Desktop\OTL - Snelkoppeling.lnk [2013-07-02 10:38:20 | 000,000,044 | ---- | C] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat [2013-06-27 22:48:27 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013-06-26 22:49:40 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013-06-26 22:49:39 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013-06-24 21:17:19 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk [2013-06-22 20:25:47 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk [2013-06-20 20:26:52 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013-06-20 20:26:52 | 000,000,866 | ---- | C] () -- C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2013-06-16 13:22:55 | 000,002,764 | ---- | C] () -- C:\Users\Bert\Documents\FinalSetList.rtf [2013-06-14 10:15:49 | 000,000,312 | ---- | C] () -- C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf [2013-06-14 10:03:08 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk [2013-06-10 21:29:53 | 000,000,517 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013-06-08 16:08:18 | 000,000,043 | ---- | C] () -- C:\Users\Bert\jagex_cl_runescape_LIVE.dat [2013-06-07 13:14:45 | 000,000,043 | ---- | C] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE.dat [2013-05-28 08:44:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013-05-05 10:45:51 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013-05-03 13:37:34 | 000,000,527 | ---- | C] () -- C:\Windows\eReg.dat [2013-04-26 18:04:04 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe [2013-04-26 18:04:04 | 000,143,173 | ---- | C] () -- C:\Windows\unins000.dat [2013-04-13 18:52:09 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2013-04-05 11:07:22 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll [2013-04-05 11:07:22 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2013-04-05 11:07:14 | 000,001,459 | ---- | C] () -- C:\Windows\Cm108.ini.cfg [2013-04-05 11:07:14 | 000,000,237 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2013-04-05 11:07:13 | 000,001,353 | ---- | C] () -- C:\Windows\cm108.ini [2013-04-01 13:45:57 | 000,000,043 | ---- | C] () -- C:\Users\Bert\jagex_cl_oldschool_LIVE.dat [2013-04-01 13:45:57 | 000,000,024 | ---- | C] () -- C:\Users\Bert\random.dat [2013-03-29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013-03-29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013-03-23 13:15:18 | 000,003,584 | ---- | C] () -- C:\Users\Bert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-03-23 11:39:06 | 000,015,405 | ---- | C] () -- C:\Users\Bert\.TransferManager.db [2013-03-21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2013-01-28 09:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-01-26 20:41:36 | 000,582,656 | ---- | C] () -- C:\Users\Bert\AppData\Local\file__0.localstorage [2013-01-25 20:50:55 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2013-01-24 19:47:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012-11-27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-09-28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-09-28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-06-22 13:19:01 | 001,640,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-01-18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012-01-18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012-01-18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [color=#E56717:66292ca6b2]========== ZeroAccess Check ==========[/color:66292ca6b2] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717:66292ca6b2]========== LOP Check ==========[/color:66292ca6b2] [2013-01-25 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\AVG [2013-03-21 20:28:43 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Belastingdienst [2013-06-27 09:21:35 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Epson [2013-04-21 10:18:26 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\ERS Game Studios [2013-03-23 12:39:05 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\GetRightToGo [2013-01-25 16:42:43 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\GHISLER [2013-06-21 13:55:26 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Milestone [2013-03-26 09:53:54 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\OpenCandy [2013-01-25 17:38:54 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Opera [2013-06-11 08:31:26 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Origin [2013-03-27 13:22:20 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Philips [2013-03-27 13:21:29 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Philips-Songbird [2013-03-23 14:26:35 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\PowerISO [2013-06-15 22:17:37 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\SpinTires [2013-06-27 14:27:38 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Spotify [2013-01-28 21:46:56 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\SystemRequirementsLab [2013-06-24 20:08:50 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\tabagames [2013-06-30 11:53:50 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\theHunter [2013-07-01 10:15:20 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\tixati [2013-04-08 09:57:55 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\TS3Client [2013-06-24 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\uTorrent [2013-03-28 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Windows Live Writer [color=#E56717:66292ca6b2]========== Purity Check ==========[/color:66292ca6b2] [color=#E56717:66292ca6b2]========== Custom Scans ==========[/color:66292ca6b2] [color=#A23BEC:66292ca6b2]< services.* >[/color:66292ca6b2] [2009-07-14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009-07-14 07:08:49 | 000,022,756 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013-01-25 05:29:10 | 000,001,048 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013-01-25 05:29:10 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013-03-21 14:18:53 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013-03-31 16:18:51 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job [2013-03-31 16:18:51 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job [color=#A23BEC:66292ca6b2]< explorer.exe >[/color:66292ca6b2] [color=#A23BEC:66292ca6b2]< winlogon.exe >[/color:66292ca6b2] [color=#A23BEC:66292ca6b2]< Userinit.exe >[/color:66292ca6b2] [color=#A23BEC:66292ca6b2]< svchost.exe >[/color:66292ca6b2] [color=#E56717:66292ca6b2]========== Base Services ==========[/color:66292ca6b2] SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-02-27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2009-07-14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:38:23 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV - [2013-05-13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2010-11-21 05:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-03-03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2009-07-14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:40:40 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-05-24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-02-11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2010-11-21 05:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:16 | 001,110,016 | ---- | M] Quote Link naar reactie
0 anoniem Geplaatst: 5 juli 2013 Auteur Delen Geplaatst: 5 juli 2013 Graag de drie logs in één keer posten. [color=#008000:c090b495a3][b:c090b495a3]Stap •1•[/b:c090b495a3][/color:c090b495a3] [b:c090b495a3]Welk programma[/b:c090b495a3]: [color=#008000:c090b495a3][b:c090b495a3]AdwCleaner[/b:c090b495a3][/color:c090b495a3] [b:c090b495a3]Waarvoor/waarom[/b:c090b495a3]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars. [b:c090b495a3]Moeilijkheidsgraad[/b:c090b495a3]: Geen. [b:c090b495a3]Downloadlokatie[/b:c090b495a3]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:c090b495a3]Download[/b:c090b495a3]: [url=http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/2-adwcleaner][color=#FF0000:c090b495a3][b:c090b495a3]AdwCleaner by Xplode[/b:c090b495a3][/color:c090b495a3][/url]. [b:c090b495a3]Opmerkingen[/b:c090b495a3]: [list:c090b495a3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:c090b495a3]Dat na opstarten van [b:c090b495a3]AdwCleaner[/b:c090b495a3] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:c090b495a3] [b:c090b495a3]AdwCleaner opstarten[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3][b:c090b495a3][color=#0000FF:c090b495a3]Windows 2000[/color:c090b495a3][/b:c090b495a3] en [color=#0000FF:c090b495a3][b:c090b495a3]Windows XP[/b:c090b495a3][/color:c090b495a3]: dubbelklik op adwcleaner.exe. [*:c090b495a3][color=#0000FF:c090b495a3][b:c090b495a3]Windows Vista[/b:c090b495a3][/color:c090b495a3], [color=#0000FF:c090b495a3][b:c090b495a3]Windows 7[/b:c090b495a3][/color:c090b495a3] en [color=#0000FF:c090b495a3][b:c090b495a3]Windows 8[/b:c090b495a3][/color:c090b495a3]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:c090b495a3] [b:c090b495a3]AdwCleaner is opgestart[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3]Klik op de knop [b:c090b495a3]Verwijderen[/b:c090b495a3] [*:c090b495a3]Klik bij [b:c090b495a3]AdwCleaner – Afsluiting van de programma's[/b:c090b495a3] op [b:c090b495a3]OK[/b:c090b495a3] [*:c090b495a3]Klik bij [b:c090b495a3]AdwCleaner – Herstarten noodzakelijk[/b:c090b495a3] op [b:c090b495a3]OK[/b:c090b495a3][/list:u:c090b495a3] [b:c090b495a3]AdwCleaner logbestand[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3]Nadat de PC opnieuw is opgestart, opent een logfile. [*:c090b495a3]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:c090b495a3] [color=#008000:c090b495a3][b:c090b495a3]Stap •2•[/b:c090b495a3][/color:c090b495a3] [b:c090b495a3]Welk programma[/b:c090b495a3]: [color=#008000:c090b495a3][b:c090b495a3]Junkware Removal Tool by Thisisu[/b:c090b495a3][/color:c090b495a3] [b:c090b495a3]Waarvoor/waarom[/b:c090b495a3]: Scanner om Windows o.a. te ontdoen van malafide toolbars. [b:c090b495a3]Moeilijkheidsgraad[/b:c090b495a3]: Geen. [b:c090b495a3]Downloadlokatie[/b:c090b495a3]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen! [b:c090b495a3]Download[/b:c090b495a3]: [url=http://thisisudax.org/downloads/JRT.exe][color=#FF0000:c090b495a3][b:c090b495a3]JRT.exe[/b:c090b495a3][/color:c090b495a3] [/url]. [b:c090b495a3]Opmerkingen[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn. [*:c090b495a3]Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.: [*:c090b495a3][url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:c090b495a3][color=#0000FF:c090b495a3]Hier[/color:c090b495a3][/b:c090b495a3][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:c090b495a3][color=#0000FF:c090b495a3]hier[/color:c090b495a3][/b:c090b495a3][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [*:c090b495a3]Dat tijdens de scan van [b:c090b495a3]JRT.exe[/b:c090b495a3] tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.[/list:u:c090b495a3] [b:c090b495a3]Junkware Removal Tool by Thisisu opstarten[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3][b:c090b495a3][color=#0000FF:c090b495a3]Windows 2000[/color:c090b495a3][/b:c090b495a3] en [color=#0000FF:c090b495a3][b:c090b495a3]Windows XP[/b:c090b495a3][/color:c090b495a3]: dubbelklik op [b:c090b495a3]JRT.exe[/b:c090b495a3]. [*:c090b495a3][color=#0000FF:c090b495a3][b:c090b495a3]Windows Vista[/b:c090b495a3][/color:c090b495a3], [color=#0000FF:c090b495a3][b:c090b495a3]Windows 7[/b:c090b495a3][/color:c090b495a3] en [color=#0000FF:c090b495a3][b:c090b495a3]Windows 8[/b:c090b495a3][/color:c090b495a3]: via rechtsklik op [b:c090b495a3]JRT.exe[/b:c090b495a3] en kies voor "Als Administrator uitvoeren". [*:c090b495a3][b:c090b495a3]JRT.exe[/b:c090b495a3] zal daarna Windows gaan scannen. [*:c090b495a3]Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig. [*:c090b495a3]Indien de scan voltooid is, zal een logje ([b:c090b495a3]JRT.txt[/b:c090b495a3]) op het bureaublad opgeslagen worden en automatisch openen. [*:c090b495a3]Post de inhoud van dit log in je volgende bericht.[/list:u:c090b495a3] [color=#008000:c090b495a3][b:c090b495a3]Stap •3•[/b:c090b495a3][/color:c090b495a3] [b:c090b495a3]Welk programma[/b:c090b495a3]: [color=#008000:c090b495a3][b:c090b495a3]RogueKiller[/b:c090b495a3][/color:c090b495a3] [b:c090b495a3]Waarvoor/waarom[/b:c090b495a3]: gratis specialistische scanner om lopende processen te scannen en om malware processen te kunnen uitschakelen. [b:c090b495a3]Moeilijkheidsgraad[/b:c090b495a3]: geen. [b:c090b495a3]Download: [url=http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe][img:c090b495a3]http://www.imgdumper.nl/uploads6/51a5d25f9546d/51a5d25f95083-roguekiller.png[/img:c090b495a3][color=#FF0000:c090b495a3] RogueKiller 32 bit (x86)[/color:c090b495a3][/url] of [url=http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe][img:c090b495a3]http://www.imgdumper.nl/uploads6/51a5d25f9546d/51a5d25f95083-roguekiller.png[/img:c090b495a3][color=#FF0000:c090b495a3] RogueKiller 64 bit (x64)[/color:c090b495a3][/url][/b:c090b495a3] [b:c090b495a3]RogueKiller opstarten[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3]Sluit nu eerst alle nog openstaande programmavensters! [*:c090b495a3][b:c090b495a3][color=#0000FF:c090b495a3]Windows 2000[/color:c090b495a3][/b:c090b495a3] en [color=#0000FF:c090b495a3][b:c090b495a3]Windows XP[/b:c090b495a3][/color:c090b495a3]: dubbelklik op RogueKiller.exe. [*:c090b495a3][color=#0000FF:c090b495a3][b:c090b495a3]Windows Vista[/b:c090b495a3][/color:c090b495a3], [color=#0000FF:c090b495a3][b:c090b495a3]Windows 7[/b:c090b495a3][/color:c090b495a3] en [color=#0000FF:c090b495a3][b:c090b495a3]Windows 8[/b:c090b495a3][/color:c090b495a3]: rechtsklik op RogueKiller.exe en dan kiezen voor Als Administrator uitvoeren.[/list:u:c090b495a3] [b:c090b495a3]Scannen[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3][b:c090b495a3]Sluit voordat RogueKiller gaat scannen, eerst alle andere openstaande vensters![/b:c090b495a3] [*:c090b495a3]Na opstarten begint RogueKiller meteen een pre-scan, dus wacht tot de scan klaar is. [*:c090b495a3]Let op - activeer de volgende opties in RogueKiller: [list:c090b495a3] [*:c090b495a3] MBR Scan [*:c090b495a3] Check Faked [*:c090b495a3] Anti-Rootkit[/list:u:c090b495a3] [*:c090b495a3]Klik vervolgens op de knop [b:c090b495a3]Scan[/b:c090b495a3] [*:c090b495a3]Wacht tot het einde van de scan. [*:c090b495a3]Een log wordt aangemaakt en geplaatst op het bureaublad.[/list:u:c090b495a3] [b:c090b495a3]Hoe nu verder[/b:c090b495a3]: [list:c090b495a3][*:c090b495a3][b:c090b495a3][color=#008000:c090b495a3]Doe verder nog niks maar plaats eerst de inhoud van dat log in jouw volgende bericht.[/color:c090b495a3][/b:c090b495a3][/list:u:c090b495a3] Quote Link naar reactie
0 anoniem Geplaatst: 5 juli 2013 Auteur Delen Geplaatst: 5 juli 2013 # AdwCleaner v2.304 - Verslag gemaakt op 05/07/2013 om 12:42:26 # Geactualiseerd op 03/07/2013 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : Bert - BERT-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\Bert\Downloads\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** Map Verwijderd : C:\ProgramData\InstallMate Map Verwijderd : C:\Users\Bert\AppData\Local\Wondershare Map Verwijderd : C:\Users\Bert\AppData\Roaming\OpenCandy ***** [Register] ***** Sleutel Verwijderd : HKCU\Software\SmartBar Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32 Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [Browsers] ***** -\\ Internet Explorer v10.0.9200.16611 Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 --> hxxp://www.google.com Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 --> hxxp://www.google.com Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 --> hxxp://www.google.com Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 --> hxxp://www.google.com Vervangen : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 --> hxxp://www.google.com Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 --> hxxp://www.google.com -\\ Google Chrome v27.0.1453.116 File : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences Verwijderd [l.3861] : urls_to_restore_on_startup = [ "hxxps://www.google.nl/", [ "hxxp://search.conduit.com/?ctid=C[...] -\\ Opera v12.15.1748.0 File : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[S1].txt - [3542 octets] - [05/07/2013 12:42:26] ########## EOF - C:\AdwCleaner[S1].txt - [3602 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x64 Ran by Bert on vr 05-07-2013 at 12:48:16,20 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{019CA7EE-5527-46B7-9DEA-BA6992FE5ED1} Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{1C7F5D42-6557-4860-B9B8-9A18548D4F3C} Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{1CFB0F6B-75C3-47CB-AE65-5107FD5EBF8C} Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{5F09684F-62D4-4D78-B5E8-A06EB266EA9C} Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{68F3531E-6354-4B57-8AE2-8DF8C0C0D4FC} Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{8C5359CB-BB7E-46C8-8B18-D82DA03F694B} Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{F2F6D39F-780C-41F6-97E6-D24DF6F1058B} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on vr 05-07-2013 at 12:50:59,26 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : hxxp://www.adlice.com/forum/ Website : hxxp://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Gestart vanuit : Normale modus Gebruiker : Bert [Administrator rechten] Modus : Scan -- Datum : 07/05/2013 12:52:36 | ARK || FAK || MBR | ¤¤¤ Kwaadaardige processen : 0 ¤¤¤ ¤¤¤ Register verwijzingen : 7 ¤¤¤ [RUN][SUSP PATH] HKLM\[...]\Wow6432Node\[...]\Run : AMD Catalyst (C:\ProgramData\Catalyst\CCC\colorrgb.exe [-]) -> gevonden [HJ POL] HKCU\[...]\System : DisableTaskMgr (0) -> gevonden [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> gevonden [HJ POL] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden [HJ POL] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden ¤¤¤ geplande taken : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ webbrowsers : 0 ¤¤¤ ¤¤¤ Speciale Files / Folders: ¤¤¤ ¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤ ¤¤¤ Externe Hives: ¤¤¤ ¤¤¤ Infectie : ¤¤¤ ¤¤¤ HOSTS Bestand: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Controle: ¤¤¤ +++++ PhysicalDrive0: M4-CT256 M4SSD2 SATA Disk Device +++++ --- User --- [MBR] e33cb6f0ce1e4ab46a3e73571abb1880 [BSP] 076d677b30f76797af44975d020f07c9 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 229510 Mo 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 470755328 | Size: 14336 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: M4-CT256 M4SSD2 SATA Disk Device +++++ --- User --- [MBR] 43231d686d1a1d4672e0605bd93b4f30 [BSP] 3eea5ef7fbc3da3ecda469111b39788b : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo User = LL1 ... OK! User = LL2 ... OK! Gereed : << RKreport[0]_S_07052013_125236.txt >> Quote Link naar reactie
0 anoniem Geplaatst: 5 juli 2013 Auteur Delen Geplaatst: 5 juli 2013 Wat RK toont zijn standaard gegevens. We kijken verder: [b:841c6df2f1]Welk programma[/b:841c6df2f1]: [img:841c6df2f1]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:841c6df2f1][color=#008000:841c6df2f1][b:841c6df2f1] ComboFix[/b:841c6df2f1][/color:841c6df2f1] [b:841c6df2f1]Waarvoor/waarom[/b:841c6df2f1]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen. [b:841c6df2f1]Moeilijkheidsgraad[/b:841c6df2f1]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:841c6df2f1]Downloadlokatie[/b:841c6df2f1]: Dit programma absoluut naar het bureaublad downloaden! [b:841c6df2f1]Download ComboFix via één van deze locaties[/b:841c6df2f1]: [list:841c6df2f1][*:841c6df2f1][url=http://download.bleepingcomputer.com/sUBs/ComboFix.exe][b:841c6df2f1]Bleepingcomputer[/b:841c6df2f1][/url] [*:841c6df2f1][url=http://www.forospyware.com/sUBs/ComboFix.exe][b:841c6df2f1]ForoSpyware[/b:841c6df2f1][/url] [*:841c6df2f1][url=http://subs.geekstogo.com/ComboFix.exe][b:841c6df2f1]Geekstogo[/b:841c6df2f1][/url][/list:u:841c6df2f1] [url=http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden][b:841c6df2f1][color=#0000FF:841c6df2f1]Hier[/color:841c6df2f1][/b:841c6df2f1][/url] zie je hoe je ComboFix moet gebruiken. Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn! [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608][b:841c6df2f1][color=#0000FF:841c6df2f1]Hier[/color:841c6df2f1][/b:841c6df2f1][/url] en [url=http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607][b:841c6df2f1][color=#0000FF:841c6df2f1]hier[/color:841c6df2f1][/b:841c6df2f1][/url] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren. [b:841c6df2f1]Opmerkingen[/b:841c6df2f1]: [list:841c6df2f1][*:841c6df2f1] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren! Sta dit dan toe (hiervoor is een actieve internet verbinding vereist). [*:841c6df2f1]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:841c6df2f1] [b:841c6df2f1]ComboFix opstarten[/b:841c6df2f1]: [list:841c6df2f1][*:841c6df2f1][b:841c6df2f1][color=#0000FF:841c6df2f1]Windows 2000[/color:841c6df2f1][/b:841c6df2f1] en [color=#0000FF:841c6df2f1][b:841c6df2f1]Windows XP[/b:841c6df2f1][/color:841c6df2f1]: dubbelklik op ComboFix.exe. [*:841c6df2f1][color=#0000FF:841c6df2f1][b:841c6df2f1]Windows Vista[/b:841c6df2f1][/color:841c6df2f1], [color=#0000FF:841c6df2f1][b:841c6df2f1]Windows 7[/b:841c6df2f1][/color:841c6df2f1] en [color=#0000FF:841c6df2f1][b:841c6df2f1]Windows 8[/b:841c6df2f1][/color:841c6df2f1]: via rechtsklik op [b:841c6df2f1]ComboFix.exe[/b:841c6df2f1] en kies voor "Als Administrator uitvoeren".[/list:u:841c6df2f1] [b:841c6df2f1]ComboFix is opgestart[/b:841c6df2f1]: [list:841c6df2f1][*:841c6df2f1]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"! [*:841c6df2f1]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen! [*:841c6df2f1]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal. [*:841c6df2f1]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken. [*:841c6df2f1]Post de inhoud van dit logbestand in je volgende bericht. [*:841c6df2f1]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:841c6df2f1] [b:841c6df2f1]Belangrijke opmerking[/b:841c6df2f1]: [list:841c6df2f1][*:841c6df2f1][b:841c6df2f1][color=#0000FF:841c6df2f1]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:841c6df2f1][/b:841c6df2f1] [*:841c6df2f1][b:841c6df2f1][color=#FF0000:841c6df2f1]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:841c6df2f1][/b:841c6df2f1] [*:841c6df2f1][b:841c6df2f1][color=#008000:841c6df2f1]Start dan de computer opnieuw op.[/color:841c6df2f1][/b:841c6df2f1][/list:u:841c6df2f1] Quote Link naar reactie
0 anoniem Geplaatst: 5 juli 2013 Auteur Delen Geplaatst: 5 juli 2013 ComboFix 13-07-04.01 - Bert 05-07-2013 15:59:23.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8173.6624 [GMT 2:00] Gestart vanuit: C:\Users\Bert\Downloads\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\Catalyst C:\ProgramData\Catalyst\CCC\1.bat C:\ProgramData\Catalyst\CCC\1.exe C:\ProgramData\Catalyst\CCC\123.bat C:\ProgramData\Catalyst\CCC\checkOS.txt C:\ProgramData\Catalyst\CCC\colorrgb.exe C:\ProgramData\Catalyst\CCC\mnr.exe C:\ProgramData\Catalyst\CCC\OpenCL.exe C:\ProgramData\Catalyst\CCC\start.reg C:\ProgramData\Catalyst\CCC\stop.bat C:\ProgramData\Catalyst\CCC\StringCheck.txt C:\ProgramData\Catalyst\CCC\upd.exe C:\ProgramData\Catalyst\CCC\upd1.exe C:\Windows\pkunzip.pif C:\Windows\pkzip.pif C:\Windows\SysWow64\frapsvid.dll (((((((((((((((((((( Bestanden Gemaakt van 2013-06-05 to 2013-07-05 )))))))))))))))))))))))))))))) 2013-07-05 10:48:15 . 2013-07-05 10:48:15 -------- d-----w- C:\Windows\ERUNT 2013-07-05 10:48:12 . 2013-07-05 10:48:12 -------- d-----w- C:\JRT 2013-07-04 16:52:26 . 2013-07-04 16:52:40 -------- d-----w- C:\Users\Bert\AppData\Local\Downloader 2013-07-04 16:52:11 . 2013-07-04 16:52:11 -------- d-----w- C:\Program Files (x86)\Downloader 2013-07-02 06:17:11 . 2013-06-12 03:08:52 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88FCA82C-D7E1-48B5-A94F-5330B7F23F45}\mpengine.dll 2013-07-01 17:03:35 . 2013-07-01 17:03:35 -------- d-----w- C:\ProgramData\SystemRequirementsLab 2013-06-30 15:05:55 . 2013-06-30 19:27:33 -------- d-----w- C:\Program Files (x86)\EZDownloader 2013-06-30 09:53:50 . 2013-06-30 09:53:50 -------- d-----w- C:\Users\Bert\AppData\Roaming\theHunter 2013-06-30 09:53:50 . 2013-06-30 09:53:50 -------- d-----w- C:\Users\Bert\AppData\Local\theHunter 2013-06-30 09:38:53 . 2013-06-30 09:38:53 -------- d-----w- C:\ProgramData\Hunter 2013-06-24 19:18:20 . 2013-06-27 07:21:35 -------- d-----w- C:\Users\Bert\AppData\Roaming\Epson 2013-06-24 18:08:50 . 2013-06-24 18:08:50 -------- d-----w- C:\Users\Bert\AppData\Roaming\tabagames 2013-06-22 18:24:47 . 2013-06-23 07:05:06 -------- d-----w- C:\Program Files (x86)\Euro Truck Simulator 2 2013-06-22 05:59:28 . 2013-06-22 05:59:23 312232 ----a-w- C:\Windows\system32\javaws.exe 2013-06-22 05:59:25 . 2013-06-22 05:59:23 189352 ----a-w- C:\Windows\system32\javaw.exe 2013-06-22 05:59:25 . 2013-06-22 05:59:23 188840 ----a-w- C:\Windows\system32\java.exe 2013-06-22 05:59:25 . 2013-06-22 05:59:23 108968 ----a-w- C:\Windows\system32\WindowsAccessBridge-64.dll 2013-06-22 05:59:22 . 2013-06-22 05:59:22 -------- d-----w- C:\Program Files\Java 2013-06-21 13:00:36 . 2013-06-21 13:00:36 -------- d-----w- C:\ProgramData\ATI 2013-06-21 13:00:34 . 2013-06-21 13:00:34 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-06-21 11:55:26 . 2013-06-21 11:55:26 -------- d-----w- C:\Users\Bert\AppData\Roaming\Milestone 2013-06-20 18:25:51 . 2013-06-24 18:01:41 -------- d-----w- C:\Users\Bert\AppData\Roaming\uTorrent 2013-06-15 19:43:14 . 2013-06-15 20:17:37 -------- d-----w- C:\Users\Bert\AppData\Roaming\SpinTires 2013-06-15 11:43:02 . 2013-06-08 14:08:00 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-06-15 11:43:02 . 2013-06-08 12:28:46 2706432 ----a-w- C:\Windows\system32\mshtml.tlb 2013-06-15 11:43:02 . 2013-06-08 11:41:58 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2013-06-15 11:43:02 . 2013-06-08 11:13:19 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-15 11:43:01 . 2013-06-08 14:08:10 1365504 ----a-w- C:\Windows\system32\urlmon.dll 2013-06-15 11:43:01 . 2013-06-08 14:06:58 526336 ----a-w- C:\Windows\system32\ieui.dll 2013-06-15 11:43:01 . 2013-06-08 14:06:58 2648064 ----a-w- C:\Windows\system32\iertutil.dll 2013-06-15 11:42:59 . 2013-06-08 14:06:57 15404544 ----a-w- C:\Windows\system32\ieframe.dll 2013-06-15 11:42:58 . 2013-06-08 14:07:17 19233792 ----a-w- C:\Windows\system32\mshtml.dll 2013-06-14 18:39:53 . 2013-06-14 18:39:53 -------- d-----w- C:\Users\Bert\AppData\Local\Rockstar Games 2013-06-14 08:02:47 . 2013-07-05 07:00:55 -------- d-----w- C:\ProgramData\ManiaPlanet 2013-06-14 08:02:47 . 2013-07-04 16:57:20 -------- d-----w- C:\Program Files (x86)\ManiaPlanet 2013-06-12 15:31:55 . 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys 2013-06-08 12:17:54 . 2013-06-08 12:17:55 -------- d-----w- C:\hitsplat 2013-06-07 11:14:45 . 2013-06-07 11:14:45 -------- d-----w- C:\Users\Bert\matrixiicache . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-06-27 20:48:27 . 2013-03-21 06:04:54 189936 ----a-w- C:\Windows\system32\drivers\aswVmm.sys 2013-06-27 20:48:27 . 2013-01-25 14:35:27 378944 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2013-06-27 20:48:27 . 2013-01-25 14:35:27 1030952 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2013-06-22 05:59:23 . 2012-06-22 12:05:27 972712 ----a-w- C:\Windows\system32\deployJava1.dll 2013-06-22 05:59:23 . 2012-06-22 12:05:27 1093032 ----a-w- C:\Windows\system32\npDeployJava1.dll 2013-06-21 11:53:34 . 2013-03-21 12:18:53 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-21 11:53:34 . 2012-06-22 12:06:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-13 01:01:35 . 2012-06-22 10:55:13 75825640 ----a-w- C:\Windows\system32\MRT.exe 2013-06-12 19:48:23 . 2012-06-22 12:05:09 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-12 19:48:17 . 2012-06-22 12:05:09 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-12 19:47:57 . 2013-05-02 05:28:51 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-03 07:14:45 . 2013-06-03 07:14:42 38688 ----a-w- C:\Windows\system32\cc_20130603_091441.reg 2013-05-28 06:44:35 . 2013-05-28 06:44:35 53248 ----a-w- C:\Windows\SysWow64\unrar.dll 2013-05-14 06:32:56 . 2011-03-29 01:36:46 22240 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-05-11 14:17:08 . 2013-01-25 18:50:57 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-05-09 08:59:07 . 2013-03-21 06:04:54 65336 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys 2013-05-09 08:59:07 . 2013-01-25 14:35:27 72016 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys 2013-05-09 08:59:07 . 2013-01-25 14:35:27 64288 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2013-05-09 08:59:06 . 2013-01-25 17:39:20 131232 ----a-w- C:\Windows\system32\drivers\aswFW.sys 2013-05-09 08:59:06 . 2013-01-25 17:39:18 270824 ----a-w- C:\Windows\system32\drivers\aswNdis2.sys 2013-05-09 08:59:06 . 2013-01-25 17:39:18 22600 ----a-w- C:\Windows\system32\drivers\aswKbd.sys 2013-05-09 08:59:06 . 2013-01-25 14:35:27 80816 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2013-05-09 08:59:06 . 2013-01-25 14:35:27 33400 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2013-05-09 08:58:37 . 2013-01-25 14:35:17 41664 ----a-w- C:\Windows\avastSS.scr 2013-05-09 08:58:11 . 2013-01-25 14:35:27 287840 ----a-w- C:\Windows\system32\aswBoot.exe 2013-05-02 00:06:08 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe 2013-04-30 08:41:24 . 2013-05-05 08:45:51 840264 ----a-w- C:\Windows\SysWow64\pbsvc.exe 2013-04-26 16:08:14 . 2013-04-26 16:04:04 723230 ----a-w- C:\Windows\unins000.exe 2013-04-13 05:49:23 . 2013-05-16 05:36:47 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 . 2013-05-16 05:36:47 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 . 2013-05-16 05:36:47 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 . 2013-05-16 05:36:47 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 . 2013-05-16 05:36:47 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 . 2013-05-16 05:36:47 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 . 2013-04-24 05:48:59 1656680 ----a-w- C:\Windows\system32\drivers\ntfs.sys 2013-04-10 06:01:54 . 2013-05-16 05:36:48 265064 ----a-w- C:\Windows\system32\drivers\dxgmms1.sys 2013-04-10 06:01:53 . 2013-05-16 05:36:48 983400 ----a-w- C:\Windows\system32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 . 2013-05-16 05:36:40 3153920 ----a-w- C:\Windows\system32\win32k.sys 2013-04-08 07:58:14 . 2013-04-08 07:58:10 968 ----a-w- C:\Windows\system32\cc_20130408_095809.reg 2013-04-07 16:23:28 . 2013-03-23 14:21:14 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-03-23 11:02:17 220632 ----a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-03-23 11:02:17 220632 ----a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-03-23 11:02:17 220632 ----a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify Web Helper"="C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-27 12:23:57 1104384] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2013-05-09 08:58:30 4858968] "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 15:06:40 642728] "Philips Device Listener"="C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-02-08 09:49:16 380416] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 cpuz135;cpuz135;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys;C:\Windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvrs64.sys [x] R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x] R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys;C:\Windows\SYSNATIVE\drivers\CM10864.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys;C:\Windows\SYSNATIVE\drivers\amd_sata.sys [x] S0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys;C:\Windows\SYSNATIVE\drivers\amd_xata.sys [x] S0 aswKbd;aswKbd; [x] S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys;C:\Windows\SYSNATIVE\DRIVERS\aswNdis.sys [x] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x] S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x] S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe;C:\Program Files\AVAST Software\Avast\afwServ.exe [x] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x] S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\Drivers\EtronHub3.sys;C:\Windows\SYSNATIVE\Drivers\EtronHub3.sys [x] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\Drivers\EtronXHCI.sys;C:\Windows\SYSNATIVE\Drivers\EtronXHCI.sys [x] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x] --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - WS2IFSL [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-06-20 16:17:25 1165776 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe Inhoud van de 'Gedeelde Taken' map 2013-07-05 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 12:18:53 . 2013-06-21 11:53:35] 2013-07-04 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 14:18:50 . 2013-03-31 14:18:49] 2013-07-05 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 14:18:50 . 2013-03-31 14:18:49] 2013-07-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 03:29:10 . 2013-01-25 03:29:10] 2013-07-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 03:29:10 . 2013-01-25 03:29:10] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-03-23 11:02:16 244696 ----a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-03-23 11:02:16 244696 ----a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-03-23 11:02:16 244696 ----a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58:09 133840 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2013-06-06 21:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-06 21:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2013-06-06 21:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2013-06-06 21:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2013-06-06 21:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2013-06-06 21:57:26 778192 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Cm108Sound"="C:\Windows\Syswow64\cm108.dll" [2013-01-16 15:54:04 8757248] ------- Bijkomende Scan ------- uLocal Page = C:\Windows\system32\blank.htm uStart Page = hxxp://www.diesiedleronline.de/de/startseite mLocal Page = C:\Windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.google.com TCP: DhcpNameServer = 212.54.35.25 212.54.40.25 - - - - ORPHANS VERWIJDERD - - - - HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Quote Link naar reactie
0 anoniem Geplaatst: 6 juli 2013 Auteur Delen Geplaatst: 6 juli 2013 [b:80df2f02d9]Welk programma[/b:80df2f02d9]: sUbs [b:80df2f02d9]dds.scr[/b:80df2f02d9] [b:80df2f02d9]Waarvoor/waarom[/b:80df2f02d9]: DDS is een diagnosetool en maakt gebruik van scripts. [b:80df2f02d9]Moeilijkheidsgraad[/b:80df2f02d9]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed. [b:80df2f02d9]Downloadlokatie[/b:80df2f02d9]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen! [b:80df2f02d9]Download[/b:80df2f02d9] sUBs dds.scr [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b:80df2f02d9]hier[/b:80df2f02d9][/url] [img:80df2f02d9]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:80df2f02d9] [b:80df2f02d9]sUBs dds.scr gebruiken[/b:80df2f02d9]: [list:80df2f02d9][*:80df2f02d9][b:80df2f02d9][color=Red:80df2f02d9]Belangrijk[/color:80df2f02d9][/b:80df2f02d9]: deaktiveer eerst de antivirussoftware en de aktieve spywarescanners! [*:80df2f02d9] [b:80df2f02d9][color=Blue:80df2f02d9]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:80df2f02d9][/b:80df2f02d9] [*:80df2f02d9]Windows 2000 en Windows XP: start sUBs dds.scr middels dubbelklik op de snelkoppeling. [*:80df2f02d9]Windows Vista en Windows 7: start sUBs dds.scr rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren. [*:80df2f02d9] Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - post de inhoud van beide logs. [*:80df2f02d9][b:80df2f02d9][color=Red:80df2f02d9]Belangrijk[/color:80df2f02d9][/b:80df2f02d9]: heraktiveer weer de antivirussoftware en de aktieve spywarescanners![/list:u:80df2f02d9] Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 Wil het lukken? Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 25-1-2013 4:25:52 System Uptime: 7-7-2013 1:30:51 (10 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-990FXA-UD3 Processor: AMD FX(tm)-8350 Eight-Core Processor | Socket M2 | 4000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 224 GiB total, 108,063 GiB free. D: is FIXED (NTFS) - 1863 GiB total, 1649,253 GiB free. E: is CDROM () F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP143: 25-6-2013 8:03:16 - Windows Update RP144: 29-6-2013 7:17:48 - Windows Update RP145: 30-6-2013 19:00:07 - Windows Back-up RP146: 2-7-2013 8:17:04 - Windows Update RP147: 4-7-2013 18:57:21 - DirectX is geïnstalleerd. RP148: 6-7-2013 7:19:10 - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) AMD Accelerated Video Transcoding AMD APP CPU SDK Runtime AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD Steady Video Plug-In AMD VISION Engine Control Center µTorrent avast! Internet Security AVG PC TuneUp AVG PC TuneUp Language Pack (nl-NL) Battlefield 3™ Battlelog Web Plugins Call of Duty(R) 4 - Modern Warfare(TM) Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch Call of Duty: Modern Warfare 2 Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Cossacks: Back to War Crysis® 2 D3DX10 Dolby Home Theater v4 Downloader Epson Easy Photo Print 2 Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) Epson Print CD EPSON Scan EpsonNet Config V4 ESN Sonar Etron USB3.0 Host Controller Euro Truck Simulator 2 Facebook Messenger 2.1.4814.0 Fotogalerie Fraps Galerie de photos Google Chrome Google Drive Google Update Helper GRID 2 (c) Codemasters version 1 Java 7 Update 25 Java 7 Update 25 (64-bit) Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware versie 1.75.0.1300 ManiaPlanet Media converter Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft SkyDrive Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 Movie Maker MSVCRT MSVCRT_amd64 MSVCRT110 MSVCRT110_amd64 Opera 12.15 Origin Philips Media Converter Philips Songbird Photo Common Photo Gallery PowerISO Printer EPSON PX710W Series verwijderen Realtek Ethernet Controller Driver Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Skype™ 6.5 Spotify Steam System Requirements Lab CYRI TeamSpeak 3 Client Tixati Total Commander (Remove or Repair) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2836939) Uplay USB PnP Sound Device Windows-stuurprogrammapakket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002) Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Movie Maker 2.6 Xfire . ==== End Of File =========================== DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2 Run by Bert at 11:09:15 on 2013-07-07 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8173.6868 [GMT 2:00] . AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\atieclxx.exe C:\Program Files\AVAST Software\Avast\afwServ.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SysWOW64\rundll32.exe C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe C:\Windows\System32\WUDFHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.diesiedleronline.de/de/startseite uSearchAssistant = hxxp://www.google.com BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll uRun: [Spotify Web Helper] "C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll TCP: NameServer = 212.54.35.25 212.54.40.25 TCP: Interfaces\{3B629CB8-C6D6-4AE4-9638-DE27D7734B4B} : DHCPNameServer = 212.54.35.25 212.54.40.25 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-24 80000] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-24 40576] R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-1-25 22600] R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-1-25 12368] R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-1-25 270824] R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65336] R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 189936] R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-1-25 131232] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-25 1030952] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-25 378944] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-25 33400] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-25 80816] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-17 46808] R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-5-17 137960] R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-29 56960] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-29 79104] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-24 565352] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-23 57856] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 19456] S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-24 29696] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-24 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-24 30208] S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\System32\drivers\CM10864.sys [2013-4-5 1310720] S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-26 1255736] . =============== Created Last 30 ================ . 2013-07-06 05:19:18 9552976 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5392CCE1-7B04-487F-B1A5-E07CAA336437}\mpengine.dll 2013-07-05 14:03:44 -------- d-----w- C:\$RECYCLE.BIN 2013-07-05 13:58:46 98816 ----a-w- C:\Windows\sed.exe 2013-07-05 13:58:46 256000 ----a-w- C:\Windows\PEV.exe 2013-07-05 13:58:46 208896 ----a-w- C:\Windows\MBR.exe 2013-07-05 13:58:44 -------- d-----w- C:\ComboFix 2013-07-05 10:48:15 -------- d-----w- C:\Windows\ERUNT 2013-07-05 10:48:12 -------- d-----w- C:\JRT 2013-07-04 16:52:26 -------- d-----w- C:\Users\Bert\AppData\Local\Downloader 2013-07-04 16:52:11 -------- d-----w- C:\Program Files (x86)\Downloader 2013-07-02 08:38:20 -------- d-----w- C:\Users\Bert\matrixiicache1 2013-07-01 17:03:35 -------- d-----w- C:\ProgramData\SystemRequirementsLab 2013-06-30 15:05:55 -------- d-----w- C:\Program Files (x86)\EZDownloader 2013-06-30 09:38:53 -------- d-----w- C:\ProgramData\Hunter 2013-06-22 18:24:47 -------- d-----w- C:\Program Files (x86)\Euro Truck Simulator 2 2013-06-22 05:59:25 108968 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2013-06-21 13:00:34 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-06-20 18:25:51 -------- d-----w- C:\Users\Bert\AppData\Roaming\uTorrent 2013-06-15 11:43:02 279040 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-06-15 11:43:02 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-06-15 11:43:02 2706432 ----a-w- C:\Windows\System32\mshtml.tlb 2013-06-15 11:43:02 218112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2013-06-14 08:02:47 -------- d-----w- C:\ProgramData\ManiaPlanet 2013-06-14 08:02:47 -------- d-----w- C:\Program Files (x86)\ManiaPlanet 2013-06-12 15:31:55 751104 ----a-w- C:\Windows\System32\win32spl.dll 2013-06-08 12:17:54 -------- d-----w- C:\hitsplat 2013-06-07 11:14:45 -------- d-----w- C:\Users\Bert\matrixiicache . ==================== Find3M ==================== . 2013-06-27 20:48:27 189936 ----a-w- C:\Windows\System32\drivers\aswVmm.sys 2013-06-27 20:48:27 1030952 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2013-06-22 05:59:23 972712 ----a-w- C:\Windows\System32\deployJava1.dll 2013-06-22 05:59:23 1093032 ----a-w- C:\Windows\System32\npDeployJava1.dll 2013-06-21 11:53:34 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-21 11:53:34 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-06-12 19:48:23 867240 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-06-12 19:48:17 789416 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-06-12 19:47:57 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-06-03 07:14:45 38688 ----a-w- C:\Windows\System32\cc_20130603_091441.reg 2013-05-28 06:44:35 53248 ----a-w- C:\Windows\SysWow64\unrar.dll 2013-05-17 01:25:57 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-05-17 01:25:27 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-05-17 01:25:26 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll 2013-05-17 01:25:26 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2013-05-17 00:59:03 2241024 ----a-w- C:\Windows\System32\wininet.dll 2013-05-17 00:58:10 3958784 ----a-w- C:\Windows\System32\jscript9.dll 2013-05-17 00:58:08 67072 ----a-w- C:\Windows\System32\iesetup.dll 2013-05-17 00:58:08 136704 ----a-w- C:\Windows\System32\iesysprep.dll 2013-05-14 12:23:25 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-14 08:40:13 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll 2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll 2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll 2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll 2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe 2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe 2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll 2013-05-11 14:17:08 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll 2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll 2013-05-09 08:59:07 72016 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys 2013-05-09 08:59:07 65336 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys 2013-05-09 08:59:06 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2013-05-09 08:59:06 270824 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys 2013-05-09 08:59:06 22600 ----a-w- C:\Windows\System32\drivers\aswKbd.sys 2013-05-09 08:59:06 131232 ----a-w- C:\Windows\System32\drivers\aswFW.sys 2013-05-09 08:58:37 41664 ----a-w- C:\Windows\avastSS.scr 2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-30 08:41:24 840264 ----a-w- C:\Windows\SysWow64\pbsvc.exe 2013-04-26 16:08:14 723230 ----a-w- C:\Windows\unins000.exe 2013-04-26 04:55:21 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-04-25 23:30:32 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-04-17 07:02:06 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-04-17 06:24:46 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 06:01:54 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-04-10 06:01:53 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 11:09:24,58 =============== Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 Laat weten hoe jouw Windows inmiddels draait en doe ook onderstaande: [b:7b0bb5db3b]Welk programma[/b:7b0bb5db3b]: [color=#008000:7b0bb5db3b][b:7b0bb5db3b]OTL.exe[/b:7b0bb5db3b][/color:7b0bb5db3b] [b:7b0bb5db3b]Waarvoor/waarom[/b:7b0bb5db3b]: multifunktioneel tool - analyse en fix [b:7b0bb5db3b]Moeilijkheidsgraad[/b:7b0bb5db3b]: geen. [b:7b0bb5db3b]Download[/b:7b0bb5db3b]: [url=http://oldtimer.geekstogo.com/OTL.exe][b:7b0bb5db3b][color=red:7b0bb5db3b]OTL.exe[/color:7b0bb5db3b][/b:7b0bb5db3b][/url] en plaats het bestand op het bureaublad. [b:7b0bb5db3b]Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters![/b:7b0bb5db3b] [b:7b0bb5db3b]OTL.exe gebruiken[/b:7b0bb5db3b]: [list:7b0bb5db3b][list:7b0bb5db3b][*:7b0bb5db3b][b:7b0bb5db3b][color=#0000FF:7b0bb5db3b]Windows 2000[/color:7b0bb5db3b][/b:7b0bb5db3b] en [color=#0000FF:7b0bb5db3b][b:7b0bb5db3b]Windows XP[/b:7b0bb5db3b][/color:7b0bb5db3b]: dubbelklik op [color=#008000:7b0bb5db3b][b:7b0bb5db3b]OTL.exe[/b:7b0bb5db3b][/color:7b0bb5db3b]. [*:7b0bb5db3b][color=#0000FF:7b0bb5db3b][b:7b0bb5db3b]Windows Vista[/b:7b0bb5db3b][/color:7b0bb5db3b], [color=#0000FF:7b0bb5db3b][b:7b0bb5db3b]Windows 7[/b:7b0bb5db3b][/color:7b0bb5db3b] en [color=#0000FF:7b0bb5db3b][b:7b0bb5db3b]Windows 8[/b:7b0bb5db3b][/color:7b0bb5db3b]: via rechtsklik op [color=#008000:7b0bb5db3b][b:7b0bb5db3b]OTL.exe[/b:7b0bb5db3b][/color:7b0bb5db3b] en kies voor "Als Administrator uitvoeren".[/list:u:7b0bb5db3b][/list:u:7b0bb5db3b] [list:7b0bb5db3b][*:7b0bb5db3b]Zet een vinkje bij [b:7b0bb5db3b]Scan All Users[/b:7b0bb5db3b], [b:7b0bb5db3b]LOP Check[/b:7b0bb5db3b] en bij [b:7b0bb5db3b]PURITY Check[/b:7b0bb5db3b]. [*:7b0bb5db3b]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder [img:7b0bb5db3b]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:7b0bb5db3b] [code:1:7b0bb5db3b] services.* explorer.exe winlogon.exe Userinit.exe svchost.exe netsvcs BASESERVICES DRIVES msconfig %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %PROGRAMFILES%\* [/code:1:7b0bb5db3b] [*:7b0bb5db3b]Klik vervolgens op de knop [img:7b0bb5db3b]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:7b0bb5db3b]. [*:7b0bb5db3b]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef. [*:7b0bb5db3b]De scan zal niet heel erg lang duren. [list:7b0bb5db3b][*:7b0bb5db3b]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:7b0bb5db3b]OTL.Txt[/b:7b0bb5db3b] en [b:7b0bb5db3b]Extras.txt[/b:7b0bb5db3b]. [*:7b0bb5db3b]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:7b0bb5db3b][/list:u:7b0bb5db3b] [color=#008000:7b0bb5db3b][b:7b0bb5db3b]Notabene:[/b:7b0bb5db3b][/color:7b0bb5db3b] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten. Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 Ik heb de melding niet weer gehad. OTL logfile created on: 7-7-2013 11:34:44 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bert\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy 7,98 Gb Total Physical Memory | 6,52 Gb Available Physical Memory | 81,63% Memory free 15,96 Gb Paging File | 14,40 Gb Available in Paging File | 90,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 224,13 Gb Total Space | 107,98 Gb Free Space | 48,18% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1649,25 Gb Free Space | 88,53% Space Free | Partition Type: NTFS Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717:a552f7a2af]========== Processes (SafeList) ==========[/color:a552f7a2af] PRC - [2013-07-05 10:39:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bert\Downloads\OTL.exe PRC - [2013-06-27 14:23:57 | 001,104,384 | ---- | M] (Spotify Ltd) -- C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2013-05-09 10:58:30 | 004,858,968 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe PRC - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe PRC - [2013-05-09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\afwServ.exe PRC - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013-04-04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012-02-08 11:49:16 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe PRC - [2012-01-18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [color=#E56717:a552f7a2af]========== Modules (No Company Name) ==========[/color:a552f7a2af] MOD - [2012-02-08 11:49:16 | 000,380,416 | ---- | M] () -- C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe [color=#E56717:a552f7a2af]========== Services (SafeList) ==========[/color:a552f7a2af] SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:58:30 | 000,046,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:58:27 | 000,137,960 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-03-29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-12-19 17:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013-06-21 13:53:35 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013-06-07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013-06-03 16:34:46 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013-05-10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013-04-04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013-04-04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012-08-23 12:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc) SRV - [2012-01-18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2010-03-18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009-06-10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007-12-17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007-01-11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) [color=#E56717:a552f7a2af]========== Driver Services (SafeList) ==========[/color:a552f7a2af] DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-06-27 22:48:27 | 001,030,952 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-06-27 22:48:27 | 000,378,944 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-06-27 22:48:27 | 000,189,936 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswVmm.sys -- (aswVmm) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:07 | 000,072,016 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:07 | 000,065,336 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswRvrt.sys -- (aswRvrt) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:07 | 000,064,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,270,824 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,131,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,080,816 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,033,400 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,022,600 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-03-29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-03-29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-02-14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-16 17:54:04 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-12-09 11:51:20 | 000,126,944 | ---- | M] (Power Software Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\scdemu.sys -- (SCDEmu) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-09-21 11:26:08 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-09-12 16:20:04 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-04-09 11:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-03-01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-01-18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-01-18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-10-09 17:29:28 | 000,040,576 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-10-09 17:29:26 | 000,080,000 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-08-23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-07-29 05:40:00 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-07-29 05:40:00 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-07-06 12:12:50 | 000,367,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-03-11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-03-11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2012-07-04 16:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv) DRV - [2011-07-15 13:35:20 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009-07-14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717:a552f7a2af]========== Standard Registry (SafeList) ==========[/color:a552f7a2af] [color=#E56717:a552f7a2af]========== Internet Explorer ==========[/color:a552f7a2af] IE:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\SearchScopes,DefaultScope = IE:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.diesiedleronline.de/de/startseite IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 8E CF E6 AB FA CD 01 [binary data] IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717:a552f7a2af]========== FireFox ==========[/color:a552f7a2af] FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Bert\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () [2013-03-27 13:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bert\AppData\Roaming\mozilla\Extensions [2013-03-27 13:21:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bert\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com [color=#E56717:a552f7a2af]========== Chrome ==========[/color:a552f7a2af] CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: http://www.diesiedleronline.de/de/startseite CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader\npdd.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Bert\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - Extension: YouTube = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google Zoeken = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: avast! Online Security = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\ CHR - Extension: Aurora Borealis = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhgabjnegoagblmhfaapeobckmchihci\1_0\ CHR - Extension: Image Search by Cooliris = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllgofbnhaihnfbokejhcndhoogagdmk\1.0.3_0\ CHR - Extension: Gmail = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2013-07-05 16:03:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002..\Run: [Spotify Web Helper] C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 212.54.40.25 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B629CB8-C6D6-4AE4-9638-DE27D7734B4B}: DhcpNameServer = 212.54.35.25 212.54.40.25 O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\livecall - No CLSID value found O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\msnim - No CLSID value found O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\skype4com - No CLSID value found O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\wlmailhtml - No CLSID value found O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\livecall - No CLSID value found O18 - Protocol\Handler\msnim - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:[b:a552f7a2af]64bit:[/b:a552f7a2af] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..comfile [open] -- "%1" %* O35:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\...com [@ = ComFile] -- "%1" %* O37:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^Users^Bert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - C:\Users\Bert\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE - (Facebook) MsConfig:64bit - StartUpReg: [b:a552f7a2af]Adobe ARM[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: [b:a552f7a2af]BlueStacks Agent[/b:a552f7a2af] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:a552f7a2af]boincmgr[/b:a552f7a2af] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:a552f7a2af]boinctray[/b:a552f7a2af] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:a552f7a2af]Dolby Home Theater v4[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) MsConfig:64bit - StartUpReg: [b:a552f7a2af]EADM[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) MsConfig:64bit - StartUpReg: [b:a552f7a2af]EPSON PX710W Series[/b:a552f7a2af] - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFSE.EXE (SEIKO EPSON CORPORATION) MsConfig:64bit - StartUpReg: [b:a552f7a2af]Facebook Update[/b:a552f7a2af] - hkey= - key= - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) MsConfig:64bit - StartUpReg: [b:a552f7a2af]msnmsgr[/b:a552f7a2af] - hkey= - key= - File not found MsConfig:64bit - StartUpReg: [b:a552f7a2af]PWRISOVM.EXE[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd) MsConfig:64bit - StartUpReg: [b:a552f7a2af]RtHDVBg_Dolby[/b:a552f7a2af] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: [b:a552f7a2af]RTHDVCPL[/b:a552f7a2af] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: [b:a552f7a2af]Spotify[/b:a552f7a2af] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: [b:a552f7a2af]Spotify Web Helper[/b:a552f7a2af] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) MsConfig:64bit - StartUpReg: [b:a552f7a2af]Steam[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - State: "startup" - Reg Error: Key error. [color=#E56717:a552f7a2af]========== Files/Folders - Created Within 30 Days ==========[/color:a552f7a2af] [2013-07-07 10:57:07 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Bert\Desktop\dds.com [2013-07-05 16:03:44 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN [2013-07-05 16:02:35 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013-07-05 15:58:46 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013-07-05 15:58:46 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013-07-05 15:58:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013-07-05 15:58:44 | 000,000,000 | ---D | C] -- C:\ComboFix [2013-07-05 15:58:43 | 000,000,000 | ---D | C] -- C:\Qoobox [2013-07-05 15:58:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013-07-05 12:48:15 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013-07-05 12:48:12 | 000,000,000 | ---D | C] -- C:\JRT [2013-07-04 18:52:26 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Local\Downloader [2013-07-04 18:52:11 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader [2013-07-04 18:52:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Downloader [2013-07-02 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Bert\matrixiicache1 [2013-07-01 19:03:35 | 000,000,000 | ---D | C] -- C:\ProgramData\SystemRequirementsLab [2013-06-30 17:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EZDownloader [2013-06-30 11:53:54 | 000,000,000 | ---D | C] -- C:\Users\Bert\Documents\theHunter [2013-06-30 11:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter [2013-06-24 21:18:20 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Epson [2013-06-24 19:59:07 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs [2013-06-22 20:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2 [2013-06-22 20:24:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Euro Truck Simulator 2 [2013-06-22 07:59:28 | 000,312,232 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013-06-22 07:59:25 | 000,189,352 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013-06-22 07:59:25 | 000,188,840 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013-06-22 07:59:25 | 000,108,968 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013-06-22 07:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013-06-21 15:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013-06-21 15:00:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013-06-21 15:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2013-06-20 20:25:51 | 000,000,000 | ---D | C] -- C:\Users\Bert\AppData\Roaming\uTorrent [2013-06-19 18:33:01 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-06-15 13:43:01 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-06-15 13:43:01 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013-06-14 20:42:09 | 000,000,000 | ---D | C] -- C:\Users\Bert\Documents\Rockstar Games [2013-06-14 10:03:27 | 000,000,000 | ---D | C] -- C:\Users\Bert\Documents\ManiaPlanet [2013-06-14 10:03:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet [2013-06-14 10:02:47 | 000,000,000 | ---D | C] -- C:\ProgramData\ManiaPlanet [2013-06-14 10:02:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManiaPlanet [2013-06-13 03:00:47 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013-06-13 03:00:47 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013-06-13 03:00:47 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe [2013-06-13 03:00:47 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe [2013-06-13 03:00:47 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll [2013-06-13 03:00:47 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013-06-13 03:00:47 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013-06-13 03:00:47 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll [2013-06-13 03:00:47 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013-06-13 03:00:46 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013-06-13 03:00:45 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013-06-13 03:00:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013-06-13 03:00:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013-06-12 17:31:55 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013-06-12 17:31:55 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013-06-12 17:31:54 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll [2013-06-12 17:31:54 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll [2013-06-12 17:31:52 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013-06-12 17:31:51 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll [2013-06-12 17:31:51 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe [2013-06-12 17:31:51 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe [2013-06-12 17:31:50 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll [2013-06-12 17:31:50 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll [2013-06-12 17:31:50 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll [2013-06-12 17:31:48 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll [2013-06-12 17:31:48 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll [2013-06-10 21:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013-06-08 14:17:54 | 000,000,000 | ---D | C] -- C:\hitsplat [2013-06-07 13:14:45 | 000,000,000 | ---D | C] -- C:\Users\Bert\matrixiicache [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717:a552f7a2af]========== Files - Modified Within 30 Days ==========[/color:a552f7a2af] [2013-07-07 11:22:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013-07-07 11:19:24 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013-07-07 11:19:24 | 000,025,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013-07-07 11:17:53 | 001,663,048 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013-07-07 11:17:53 | 000,743,092 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2013-07-07 11:17:53 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013-07-07 11:17:53 | 000,152,208 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2013-07-07 11:17:53 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013-07-07 11:17:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013-07-07 11:12:27 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013-07-07 11:12:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013-07-07 11:12:22 | 2132,709,375 | -HS- | M] () -- C:\hiberfil.sys [2013-07-07 10:57:12 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Bert\Desktop\dds.com [2013-07-07 10:23:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job [2013-07-06 14:53:49 | 000,000,024 | ---- | M] () -- C:\Users\Bert\random.dat [2013-07-06 14:46:26 | 000,000,043 | ---- | M] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE.dat [2013-07-05 16:23:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job [2013-07-05 16:03:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013-07-05 15:58:20 | 000,001,457 | ---- | M] () -- C:\Users\Bert\Desktop\ComboFix - Snelkoppeling.lnk [2013-07-05 12:41:14 | 000,001,180 | ---- | M] () -- C:\Users\Bert\Desktop\adwcleaner.lnk [2013-07-05 12:38:45 | 000,001,216 | ---- | M] () -- C:\Users\Bert\Desktop\RogueKillerX64.lnk [2013-07-05 12:38:39 | 000,001,107 | ---- | M] () -- C:\Users\Bert\Desktop\JRT.lnk [2013-07-05 10:40:39 | 000,001,418 | ---- | M] () -- C:\Users\Bert\Desktop\OTL.lnk [2013-07-04 18:57:20 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk [2013-07-02 11:02:33 | 000,000,044 | ---- | M] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat [2013-07-02 10:38:03 | 000,089,659 | ---- | M] () -- C:\Users\Bert\Documents\CXMXLauncher.jar [2013-06-27 22:48:27 | 001,030,952 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys [2013-06-27 22:48:27 | 000,378,944 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys [2013-06-27 22:48:27 | 000,189,936 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys [2013-06-27 22:48:27 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013-06-27 22:48:27 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013-06-27 22:48:27 | 000,000,175 | ---- | M] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013-06-24 21:17:19 | 000,000,858 | ---- | M] () -- C:\Users\Public\Desktop\Print CD.lnk [2013-06-22 20:25:47 | 000,001,343 | ---- | M] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk [2013-06-22 07:59:23 | 001,093,032 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll [2013-06-22 07:59:23 | 000,972,712 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll [2013-06-22 07:59:23 | 000,312,232 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe [2013-06-22 07:59:23 | 000,189,352 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2013-06-22 07:59:23 | 000,188,840 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2013-06-22 07:59:23 | 000,108,968 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll [2013-06-21 13:53:34 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013-06-21 13:53:34 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013-06-20 20:26:52 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013-06-20 20:26:52 | 000,000,866 | ---- | M] () -- C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2013-06-20 18:19:04 | 000,002,190 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013-06-18 15:28:11 | 000,002,764 | ---- | M] () -- C:\Users\Bert\Documents\FinalSetList.rtf [2013-06-14 10:15:49 | 000,000,312 | ---- | M] () -- C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf [2013-06-14 03:01:51 | 001,640,272 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013-06-12 21:48:23 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013-06-12 21:48:17 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013-06-12 21:47:57 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013-06-12 21:43:48 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013-06-12 21:43:44 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013-06-12 21:43:25 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013-06-10 21:29:53 | 000,000,517 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013-06-08 16:08:18 | 000,000,043 | ---- | M] () -- C:\Users\Bert\jagex_cl_runescape_LIVE.dat [2013-06-08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013-06-08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [color=#E56717:a552f7a2af]========== Files Created - No Company Name ==========[/color:a552f7a2af] [2013-07-05 15:58:46 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013-07-05 15:58:46 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013-07-05 15:58:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013-07-05 15:58:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013-07-05 15:58:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013-07-05 15:58:20 | 000,001,457 | ---- | C] () -- C:\Users\Bert\Desktop\ComboFix - Snelkoppeling.lnk [2013-07-05 12:41:14 | 000,001,180 | ---- | C] () -- C:\Users\Bert\Desktop\adwcleaner.lnk [2013-07-05 12:38:45 | 000,001,216 | ---- | C] () -- C:\Users\Bert\Desktop\RogueKillerX64.lnk [2013-07-05 12:38:39 | 000,001,107 | ---- | C] () -- C:\Users\Bert\Desktop\JRT.lnk [2013-07-05 10:40:20 | 000,001,418 | ---- | C] () -- C:\Users\Bert\Desktop\OTL.lnk [2013-07-02 10:38:20 | 000,000,044 | ---- | C] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat [2013-07-02 10:38:01 | 000,089,659 | ---- | C] () -- C:\Users\Bert\Documents\CXMXLauncher.jar [2013-06-27 22:48:27 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys.sum [2013-06-26 22:49:40 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSnx.sys.sum [2013-06-26 22:49:39 | 000,000,175 | ---- | C] () -- C:\Windows\SysNative\drivers\aswSP.sys.sum [2013-06-24 21:17:19 | 000,000,858 | ---- | C] () -- C:\Users\Public\Desktop\Print CD.lnk [2013-06-22 20:25:47 | 000,001,343 | ---- | C] () -- C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk [2013-06-20 20:26:52 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk [2013-06-20 20:26:52 | 000,000,866 | ---- | C] () -- C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [2013-06-16 13:22:55 | 000,002,764 | ---- | C] () -- C:\Users\Bert\Documents\FinalSetList.rtf [2013-06-14 10:15:49 | 000,000,312 | ---- | C] () -- C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf [2013-06-14 10:03:08 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\ManiaPlanet.lnk [2013-06-10 21:29:53 | 000,000,517 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013-06-08 16:08:18 | 000,000,043 | ---- | C] () -- C:\Users\Bert\jagex_cl_runescape_LIVE.dat [2013-06-07 13:14:45 | 000,000,043 | ---- | C] () -- C:\Users\Bert\matrixii_cl_matrix_LIVE.dat [2013-05-28 08:44:35 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013-05-05 10:45:51 | 000,840,264 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2013-05-03 13:37:34 | 000,000,527 | ---- | C] () -- C:\Windows\eReg.dat [2013-04-26 18:04:04 | 000,723,230 | ---- | C] () -- C:\Windows\unins000.exe [2013-04-26 18:04:04 | 000,143,173 | ---- | C] () -- C:\Windows\unins000.dat [2013-04-13 18:52:09 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2013-04-05 11:07:22 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll [2013-04-05 11:07:22 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl [2013-04-05 11:07:14 | 000,001,459 | ---- | C] () -- C:\Windows\Cm108.ini.cfg [2013-04-05 11:07:14 | 000,000,237 | ---- | C] () -- C:\Windows\Cm108.ini.imi [2013-04-05 11:07:13 | 000,001,353 | ---- | C] () -- C:\Windows\cm108.ini [2013-04-01 13:45:57 | 000,000,043 | ---- | C] () -- C:\Users\Bert\jagex_cl_oldschool_LIVE.dat [2013-04-01 13:45:57 | 000,000,024 | ---- | C] () -- C:\Users\Bert\random.dat [2013-03-29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe [2013-03-29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe [2013-03-23 13:15:18 | 000,003,584 | ---- | C] () -- C:\Users\Bert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013-03-23 11:39:06 | 000,015,405 | ---- | C] () -- C:\Users\Bert\.TransferManager.db [2013-03-21 06:10:18 | 000,042,880 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2013-01-28 09:33:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013-01-26 20:41:36 | 000,582,656 | ---- | C] () -- C:\Users\Bert\AppData\Local\file__0.localstorage [2013-01-25 20:50:55 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini [2013-01-24 19:47:30 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012-11-27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012-09-28 03:29:54 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012-09-28 03:29:54 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012-06-22 13:19:01 | 001,640,272 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012-01-18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012-01-18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012-01-18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011-09-28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011-09-13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [color=#E56717:a552f7a2af]========== ZeroAccess Check ==========[/color:a552f7a2af] [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013-02-27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013-02-27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009-07-14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010-11-21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009-07-14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] [color=#E56717:a552f7a2af]========== LOP Check ==========[/color:a552f7a2af] [2013-01-25 17:25:52 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\AVG [2013-03-21 20:28:43 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Belastingdienst [2013-06-27 09:21:35 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Epson [2013-03-23 12:39:05 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\GetRightToGo [2013-01-25 16:42:43 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\GHISLER [2013-01-25 17:38:54 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Opera [2013-06-11 08:31:26 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Origin [2013-03-27 13:22:20 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Philips [2013-03-27 13:21:29 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Philips-Songbird [2013-03-23 14:26:35 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\PowerISO [2013-06-27 14:27:38 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Spotify [2013-01-28 21:46:56 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\SystemRequirementsLab [2013-07-05 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\tixati [2013-04-08 09:57:55 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\TS3Client [2013-06-24 20:01:41 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\uTorrent [2013-03-28 15:17:55 | 000,000,000 | ---D | M] -- C:\Users\Bert\AppData\Roaming\Windows Live Writer [color=#E56717:a552f7a2af]========== Purity Check ==========[/color:a552f7a2af] [color=#E56717:a552f7a2af]========== Custom Scans ==========[/color:a552f7a2af] [color=#A23BEC:a552f7a2af]< services.* >[/color:a552f7a2af] [2009-07-14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009-07-14 07:08:49 | 000,024,220 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2013-01-25 05:29:10 | 000,001,048 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2013-01-25 05:29:10 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013-03-21 14:18:53 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013-03-31 16:18:51 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job [2013-03-31 16:18:51 | 000,000,924 | ---- | C] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job [color=#A23BEC:a552f7a2af]< explorer.exe >[/color:a552f7a2af] [color=#A23BEC:a552f7a2af]< winlogon.exe >[/color:a552f7a2af] [color=#A23BEC:a552f7a2af]< Userinit.exe >[/color:a552f7a2af] [color=#A23BEC:a552f7a2af]< svchost.exe >[/color:a552f7a2af] [color=#E56717:a552f7a2af]========== Base Services ==========[/color:a552f7a2af] SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:40:01 | 000,072,192 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\aelupsvc.dll -- (AeLookupSvc) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-02-27 07:47:10 | 000,070,144 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appinfo.dll -- (Appinfo) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:38:55 | 000,079,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\alg.exe -- (ALG) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:51 | 000,849,920 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\qmgr.dll -- (BITS) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:00 | 000,705,024 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\BFE.DLL -- (BFE) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\lsass.exe -- (KeyIso) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:40:50 | 000,402,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\es.dll -- (EventSystem) SRV - [2009-07-14 03:15:19 | 000,271,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\es.dll -- (EventSystem) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:38:23 | 000,136,704 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\browser.dll -- (Browser) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-13 07:51:01 | 000,184,320 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cryptsvc.dll -- (CryptSvc) SRV - [2013-05-13 06:45:55 | 000,140,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\cryptsvc.dll -- (CryptSvc) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (DcomLaunch) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:00 | 000,317,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp) SRV - [2010-11-21 05:24:09 | 000,254,464 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-03-03 08:24:16 | 000,183,296 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dnsrslvr.dll -- (Dnscache) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:40:35 | 000,111,104 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\eapsvc.dll -- (EapHost) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:00 | 000,038,912 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\hidserv.dll -- (hidserv) SRV - [2009-07-14 03:15:24 | 000,049,152 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\hidserv.dll -- (hidserv) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:10 | 000,359,424 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\ipnathlp.dll -- (SharedAccess) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:48 | 000,501,248 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\IPSECSVC.DLL -- (PolicyAgent) No service found with a name of MsMpSvc No service found with a name of NisSrv SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:54 | 000,524,288 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\swprv.dll -- (swprv) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:26 | 000,067,584 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\mmcss.dll -- (MMCSS) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:52 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netman.dll -- (Netman) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:52 | 000,459,776 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofm.dll -- (netprofm) SRV - [2009-07-14 03:16:03 | 000,360,448 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\netprofm.dll -- (netprofm) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:40:40 | 000,303,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nlasvc.dll -- (NlaSvc) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:53 | 000,025,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\nsisvc.dll -- (nsi) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-05-24 13:42:55 | 000,404,480 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpnpmgr.dll -- (PlugPlay) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-02-11 08:36:02 | 000,559,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\spoolsv.exe -- (Spooler) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\lsass.exe -- (ProtectedStorage) No service found with a name of EMDMgmt SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:53 | 000,099,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\rasauto.dll -- (RasAuto) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:17 | 000,344,064 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\rasmans.dll -- (RasMan) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:01 | 000,512,000 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\rpcss.dll -- (RpcSs) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\seclogon.dll -- (seclogon) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-11-17 08:33:55 | 000,031,232 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsass.exe -- (SamSs) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:58 | 000,097,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wscsvc.dll -- (wscsvc) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:48 | 000,236,032 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\srvsvc.dll -- (LanmanServer) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:55 | 000,370,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\shsvcs.dll -- (ShellHWDetection) SRV - [2010-11-21 05:24:03 | 000,328,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\shsvcs.dll -- (ShellHWDetection) No service found with a name of slsvc SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:16 | 001,110,016 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\schedsvc.dll -- (Schedule) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:32 | 000,316,928 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\tapisrv.dll -- (TapiSrv) SRV - [2010-11-21 05:24:00 | 000,242,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\tapisrv.dll -- (TapiSrv) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-05-01 07:40:20 | 000,209,920 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\profsvc.dll -- (ProfSvc) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:55 | 001,600,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\VSSVC.exe -- (VSS) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:32 | 000,679,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\audiosrv.dll -- (AudioSrv) SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [201 Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 [b:266ebc1982]Sluit voordat [color=#008000:266ebc1982]OTL[/color:266ebc1982] de fix gaat doen, eerst alle andere openstaande vensters![/b:266ebc1982] [list:266ebc1982][*:266ebc1982][b:266ebc1982][color=#0000FF:266ebc1982]Windows 2000[/color:266ebc1982][/b:266ebc1982] en [color=#0000FF:266ebc1982][b:266ebc1982]Windows XP[/b:266ebc1982][/color:266ebc1982]: dubbelklik op [b:266ebc1982]OTL.exe[/b:266ebc1982]. [*:266ebc1982][color=#0000FF:266ebc1982][b:266ebc1982]Windows Vista[/b:266ebc1982][/color:266ebc1982], [color=#0000FF:266ebc1982][b:266ebc1982]Windows 7[/b:266ebc1982][/color:266ebc1982] en [color=#0000FF:266ebc1982][b:266ebc1982]Windows 8[/b:266ebc1982][/color:266ebc1982]: via rechtsklik op [b:266ebc1982]OTL.exe[/b:266ebc1982] en kies voor "Als Administrator uitvoeren". [b:266ebc1982][*:266ebc1982]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het venster onder [img:266ebc1982]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:266ebc1982][/b:266ebc1982][/list:u:266ebc1982] [code:1:266ebc1982] :OTL O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. MsConfig:64bit - StartUpReg: BlueStacks Agent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: boincmgr - hkey= - key= - File not found MsConfig:64bit - StartUpReg: boinctray - hkey= - key= - File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - File not found :Services :Reg :Files ipconfig /flushdns /c :Commands [purity] [emptytemp] [resethosts] [emptyjava] [emptyflash] [createrestorepoint] [reboot][/code:1:266ebc1982] [list:266ebc1982][*:266ebc1982]Klik daarna bovenaan op [img:266ebc1982]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:266ebc1982] [*:266ebc1982]Laat het programma ongestoord zijn werk doen. [*:266ebc1982][color=#FF0000:266ebc1982][b:266ebc1982]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:266ebc1982][/color:266ebc1982] [*:266ebc1982]Klik op [b:266ebc1982]OK[/b:266ebc1982] [*:266ebc1982]Na het opnieuw opstarten wordt enkel een nieuw log geopend. [*:266ebc1982]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:266ebc1982] Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 All processes killed ========== OTL ========== 64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BlueStacks Agent\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\boincmgr\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\boinctray\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\msnmsgr\ not found. ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== [color=#A23BEC:b41adcda50]< ipconfig /flushdns /c >[/color:b41adcda50] Windows IP-configuratie De DNS-omzettingscache is leeggemaakt. C:\Users\Bert\Downloads\cmd.bat deleted successfully. C:\Users\Bert\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Bert ->Temp folder emptied: 59856621 bytes ->Temporary Internet Files folder emptied: 228750664 bytes ->Java cache emptied: 9279617 bytes ->Google Chrome cache emptied: 379633318 bytes ->Opera cache emptied: 52344329 bytes ->Flash cache emptied: 2783 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 16930 bytes %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37392 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78335 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 696,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYJAVA] User: All Users User: Bert ->Java cache emptied: 0 bytes User: Default User: Default User User: Public Total Java Files Cleaned = 0,00 mb [EMPTYFLASH] User: All Users User: Bert ->Flash cache emptied: 0 bytes User: Default User: Default User User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 07072013_195621 Files\Folders moved on Reboot... C:\Users\Bert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\Bert\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot. File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot. PendingFileRenameOperations files... Registry entries deleted on Reboot... Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 Alles naar wens inmiddels? Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 Ja nu is alles weer normaal. Mijn dank is groot. Quote Link naar reactie
0 anoniem Geplaatst: 7 juli 2013 Auteur Delen Geplaatst: 7 juli 2013 Dan mag je gaan opruimen. Start OTL en klik dan op de knop [b:781dfe82b0]CleanUp[/b:781dfe82b0]. [list:781dfe82b0][*:781dfe82b0]OTL zal onderzoeken welke tools en/of logs opgeruimd kunnen worden. [*:781dfe82b0]Na een reboot is dan OTL ook opgeruimd.[/list:u:781dfe82b0] Wat er eventueel niet verwijderd is, mag je daarna handmatig verwijderen. SurfSafe. Quote Link naar reactie
Vraag
anoniem
Link naar reactie
18 antwoorden op deze vraag
Aanbevolen berichten
Om een reactie te plaatsen, moet je eerst inloggen