Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

spyware / malware problem


  • This topic is locked This topic is locked
4 replies to this topic

#1 dnf-style

dnf-style

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 February 2013 - 05:45 AM

[Problem Solved]

 

 

 

Since yesterday i have some serious issues.

 

windows deffender is off (i can't put it on)

spyboy search and destroy is not able to launch (missing a file)

Browser have no longer acces to the network. (err: network_acces_denied)

 

operating system: windows 7

tried: scan anti malwarebytes pro version, superantispyware, 

 

I have already made some logs:

 

AdwCleaner[R1]

AdwCleaner[S1]

 

OTL Extras

OTL

 

Unhide

 

Combofix Log

 

Can someone please help?

 

Greats,

Danielle


Edited by dnf-style, 23 February 2013 - 07:21 AM.


BC AdBot (Login to Remove)

 


#2 dnf-style

dnf-style
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 February 2013 - 06:23 AM

AdwCleaner[R1]
 
 
# AdwCleaner v2.112 - Verslag gemaakt op 23/02/2013 om 10:56:15
# Geactualiseerd op 10/02/2013 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruiker : Gebruiker - GEBRUIK-QQLK2OY
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : \\DNFSTORAGE\Gedeeld\AdwCleaner.exe
# Optie [Zoeken]
 
 
***** [Diensten] *****
 
 
***** [Files / Mappen] *****
 
File Aanwezig : C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\22xqilzi.default\searchplugins\Askcom.xml
Map Aanwezig : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Map Aanwezig : C:\Users\Gebruiker\AppData\Local\APN
 
***** [Register] *****
 
Sleutel Aanwezig : HKCU\Software\APN PIP
Sleutel Aanwezig : HKCU\Software\PIP
Sleutel Aanwezig : HKCU\Software\Softonic
Sleutel Aanwezig : HKLM\Software\PIP
 
***** [Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
[OK] Het register bevat geen enkele ongeoorloofde invoer.
 
-\\ Mozilla Firefox v16.0.2 (nl)
 
File : C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\22xqilzi.default\prefs.js
 
Aanwezig : user_pref("browser.search.order.1", "Ask.com");
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Aanwezig [l.20] : urls_to_restore_on_startup = [ "hxxps://www.facebook.com/Puinmaker/posts/392130300832645?notif_t=feed_comment_reply", "hxxps://www.google.com/calendar/render?gsessionid=OK", "hxxps://mail.google.com/mail/u/0/?shva=1#search/120606/136c45b233761375", "hxxps://twitter.com/#!/", "hxxp://www.lesardentes.be/2012/nl/#", "hxxps://www.emesa-auctions.com/cms/vouchers/highest-bids", "hxxp://pinterest.com/", "hxxps://mail.google.com/mail/?shva=1#inbox", "hxxp://www.dnf-style.com:2095/3rdparty/squirrelmail/src/webmail.php", "hxxp://www.dnf-style.com/", "hxxp://www.dnf-style.com/recent/displayimage.php?album=270&pos=2", "hxxps://pera.asmallorange.com:2096/3rdparty/squirrelmail/src/webmail.php", "hxxps://www.facebook.com/", "hxxp://www.nu.nl/", "hxxp://www.google.com" ]
Aanwezig [l.3098] : urls_to_restore_on_startup = [ "hxxps://www.facebook.com/Puinmaker/posts/392130300832645?notif_t=feed_comment_reply", "hxxps://www.google.com/calendar/render?gsessionid=OK", "hxxps://mail.google.com/mail/u/0/?shva=1#search/120606/136c45b233761375", "hxxps://twitter.com/#!/", "hxxp://www.lesardentes.be/2012/nl/#", "hxxps://www.emesa-auctions.com/cms/vouchers/highest-bids", "hxxp://pinterest.com/", "hxxps://mail.google.com/mail/?shva=1#inbox", "hxxp://www.dnf-style.com:2095/3rdparty/squirrelmail/src/webmail.php", "hxxp://www.dnf-style.com/", "hxxp://www.dnf-style.com/recent/displayimage.php?album=270&pos=2", "hxxps://pera.asmallorange.com:2096/3rdparty/squirrelmail/src/webmail.php", "hxxps://www.facebook.com/", "hxxp://www.nu.nl/", "hxxp://www.google.com" ]
 
File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Aanwezig [l.842] : urls_to_restore_on_startup = [ "hxxps://www.google.com/calendar/render?gsessionid=OK", "hxxps://mail.google.com/mail/?shva=1#inbox", "hxxp://www.dnf-style.com:2095/3rdparty/squirrelmail/src/webmail.php" ]
 
*************************
 
AdwCleaner[R1].txt - [3189 octets] - [23/02/2013 10:56:15]
 
########## EOF - C:\AdwCleaner[R1].txt - [3249 octets] ##########

AdwCleaner[S1]

 

 

# AdwCleaner v2.112 - Verslag gemaakt op 23/02/2013 om 10:57:03
# Geactualiseerd op 10/02/2013 door Xplode
# Besturingssysteem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Gebruiker : Gebruiker - GEBRUIK-QQLK2OY
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : \\DNFSTORAGE\Gedeeld\AdwCleaner.exe
# Optie [Verwijderen]
 
 
***** [Diensten] *****
 
 
***** [Files / Mappen] *****
 
File Verwijdert : C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\22xqilzi.default\searchplugins\Askcom.xml
Map Verwijdert : C:\Users\Administrator\AppData\LocalLow\AskToolbar
Map Verwijdert : C:\Users\Gebruiker\AppData\Local\APN
 
***** [Register] *****
 
Sleutel Verwijdert : HKCU\Software\APN PIP
Sleutel Verwijdert : HKCU\Software\PIP
Sleutel Verwijdert : HKCU\Software\Softonic
Sleutel Verwijdert : HKLM\Software\PIP
 
***** [Browsers] *****
 
-\\ Internet Explorer v9.0.8112.16421
 
[OK] Het register bevat geen enkele ongeoorloofde invoer.
 
-\\ Mozilla Firefox v16.0.2 (nl)
 
File : C:\Users\Gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\22xqilzi.default\prefs.js
 
Verwijdert : user_pref("browser.search.order.1", "Ask.com");
 
-\\ Google Chrome v24.0.1312.57
 
File : C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Verwijdert [l.20] : urls_to_restore_on_startup = [ "hxxps://www.facebook.com/Puinmaker/posts/392130300832645?n[...]
Verwijdert [l.3098] : urls_to_restore_on_startup = [ "hxxps://www.facebook.com/Puinmaker/posts/392130300832645?noti[...]
 
File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
Verwijdert [l.842] : urls_to_restore_on_startup = [ "hxxps://www.google.com/calendar/render?gsessionid=OK", "hxxps[...]
 
*************************
 
AdwCleaner[R1].txt - [3318 octets] - [23/02/2013 10:56:15]
AdwCleaner[S1].txt - [1833 octets] - [23/02/2013 10:57:03]
 
########## EOF - C:\AdwCleaner[S1].txt - [1893 octets] ##########

OTL Extras:

 

 

OTL Extras logfile created on: 2/23/2013 11:12:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gebruiker\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Verenigde Staten | Language: ENU | Date Format: M/d/yyyy
 
7.92 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 59.93% Memory free
15.84 Gb Paging File | 12.82 Gb Available in Paging File | 80.93% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 52.82 Gb Free Space | 44.33% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 840.84 Gb Free Space | 90.27% Space Free | Partition Type: NTFS
Drive F: | 87.31 Gb Total Space | 82.75 Gb Free Space | 94.78% Space Free | Partition Type: NTFS
Drive G: | 80.13 Gb Total Space | 41.02 Gb Free Space | 51.19% Space Free | Partition Type: NTFS
Drive P: | 1863.01 Gb Total Space | 862.87 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
 
Computer Name: GEBRUIK-QQLK2OY | User Name: Gebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DreamScene Selecteren] -- C:\Windows\OPENDREAM.EXE
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open Command Prompt Here] -- cmd.exe /T:4F /K cd %1  (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Prullenbak Legen] -- C:\Windows\EMPTYRB.EXE
Directory [Prullenbak Openen] -- C:\Windows\OPENRB.EXE
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Show All Drives Space] -- C:\Windows\ShowDriveSpace.exe ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDSee Pro 5.Manage] -- "C:\Program Files (x86)\ACD Systems\ACDSee Pro\5.0\ACDSeeQVPro5.exe" "%1" (ACD Systems International Inc.)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [DreamScene Selecteren] -- C:\Windows\OPENDREAM.EXE
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Open Command Prompt Here] -- cmd.exe /T:4F /K cd %1  (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Prullenbak Legen] -- C:\Windows\EMPTYRB.EXE
Directory [Prullenbak Openen] -- C:\Windows\OPENRB.EXE
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [Show All Drives Space] -- C:\Windows\ShowDriveSpace.exe ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07B5474E-D6EB-470A-BFD2-A523E1EBB1F9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0AEB64F4-E65B-43DB-8CB0-1F80E68FE324}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{12D135FF-E37C-4A07-B881-844E35217DFD}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{12FAFEB3-4C4C-4A59-81EC-A62214CB56B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1EB1DF3E-75E1-4E73-8AD7-A6631A6B26AA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{395308AE-58C4-4283-BC5A-256567E6581E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3B4A6F63-4FAD-4585-A8A3-54D64CF480AB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{4C161213-2599-41BB-9939-F1D70E88CCD0}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{6F6BD37E-A513-4E76-B3E7-1EBE8C2730F2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{96CF53CA-625A-49B4-9E49-DD23C9E13184}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B127D643-C20D-432E-B401-6F19AC920206}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B49FC5C0-4A0C-4DF3-9266-D8A6833FA427}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C20E5C23-E1DF-45ED-A473-5066CA2B6E03}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CD74B5AE-AE58-4E71-9311-BD5E80EB22AA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{D71FFD96-63CF-46BF-886C-B53F0A9C13A5}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E5CF1704-E42B-4F18-A4E4-61B17CF1282E}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D033BB3-83A4-427A-94D3-2C5DEA6E6434}" = dir=in | app=c:\users\gebruiker\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{14ED6123-34BE-4488-BF97-B14D6B0E3A3D}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{1A76410B-F511-4663-A51E-B9C25AAB0876}" = protocol=17 | dir=in | app=c:\users\gebruiker\appdata\roaming\spotify\spotify.exe | 
"{2F133165-7CE4-4BBC-BB28-1A787E5A1553}" = protocol=6 | dir=in | app=c:\users\gebruiker\appdata\roaming\spotify\spotify.exe | 
"{3E2E0AB0-FC9F-4C6D-B1ED-A29A7B5F4166}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{49AA2607-3F2E-41BF-8D32-A01FDFE50920}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{50F89989-82EC-4F20-876B-4CC26B48FA66}" = protocol=17 | dir=in | app=c:\users\gebruiker\appdata\local\google\chrome\application\chrome.exe | 
"{53A7B09F-F4EE-42B0-B01F-A35025633AD4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{56784B69-D130-432B-A226-BF176FFCD147}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{62AA4A58-3B5E-4D99-85B6-4B7DEDA553DE}" = protocol=6 | dir=in | app=c:\users\gebruiker\appdata\local\google\chrome\application\chrome.exe | 
"{8361E3E4-77DD-474D-8867-F14DCF78782C}" = dir=in | app=c:\program files (x86)\apowersoft\youtube downloader suite\youtube-downloader-suite.exe | 
"{86DC85AF-70EA-41B1-9EC9-88DC1F83186A}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{925C733F-5996-4592-995B-EA256DF70CF7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{9354A2E0-BCEB-4BE4-B0AE-D93B4FFC55A3}" = dir=in | app=c:\program files (x86)\apowersoft\youtube downloader suite\apowersoftsrv.dll | 
"{977829D1-2915-400F-92FD-2FF88CCAE71E}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9BD479B4-FE33-4FC5-B2C2-5094DDC0AA51}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{A00ABE55-2EFA-4BD4-B8B8-927635C7F1CE}" = dir=in | app=c:\program files (x86)\apowersoft\youtube downloader suite\apowersoftdump.dll | 
"{B893B332-0D3A-45B2-8D7B-0BC692CD02D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BB9FB13D-C51A-497E-B619-F31BFFC8BFAA}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{D0025328-3CCE-41E5-BC33-2EE1D0F58AC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{D3797728-4137-401B-BC3A-2FA1004A4F75}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{FFA62AD1-B428-4AB8-B658-1D1AD0EDE5C2}" = dir=in | app=c:\program files (x86)\apowersoft\youtube downloader suite\youtubedownloadersuite.exe | 
"TCP Query User{3AC79B79-C130-4049-B57F-BD4F5B435583}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=6 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe | 
"TCP Query User{A83F0CBC-B84B-4062-A17B-CAB30C2B557C}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{6A3E1A00-775C-4EB9-BE2D-3BAAB08F7D08}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{D27099A1-398B-492E-B076-2E0CAC9725D0}C:\program files (x86)\spybot - search & destroy 2\sdfiles.exe" = protocol=17 | dir=in | app=c:\program files (x86)\spybot - search & destroy 2\sdfiles.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{129C5584-DB98-4A98-B28F-299C45E1E355}" = Microsoft Camera Codec Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{57019733-78E6-43DE-8E6D-55349F0FDE6F}" = inSSIDer 2.0
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Bullzip PDF Printer_is1" = Bullzip PDF Printer 9.3.0.1516
"CCleaner" = CCleaner
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.0 Plug-in (build 2006)
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"Wacom Tablet Driver" = Wacom-tablet
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12947715-B6F0-4597-816F-5E13FB647921}_is1" = Spotnet
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{35E0BA9D-3AFE-402A-99CA-D94FE1E73D18}" = ACDSee Pro 5
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B11.0512.1
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{55BF7E3E-F00A-4A3D-BB76-09228B35FFD6}" = ABN AMRO e.dentifier2 software
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{675F86A8-E093-4002-87D5-915CC2C45571}" = DES 2.0
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{91EBCCB9-A539-4306-AC5A-F372E0D6092B}" = OpenOffice.org 3.3
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A725C340-77EE-11D6-BBC2-0000CB591583}" = A.F.5 Rename your files 1.1
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{CAA4CAEC-C67E-4395-BCD0-83326F911CFD}" = Portrait Professional Studio v10.8.2
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BE}" = WinZip 15.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}" = Adobe Creative Suite 6 Master Collection
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"avast" = avast! Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"DYMO Label v.8" = DYMO Label v.8
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.6.0.2
"FormatFactory" = FormatFactory 2.90
"Foxit Reader_is1" = Foxit Reader
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8C8224B7-AA9B-4807-97CD-55899BAC83FE}" = YouSendIt Express
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"MailWasher Pro_is1" = MailWasher Pro
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.70.0.1100
"Mozilla Firefox 16.0.2 (x86 nl)" = Mozilla Firefox 16.0.2 (x86 nl)
"Mozilla Thunderbird 17.0.3 (x86 nl)" = Mozilla Thunderbird 17.0.3 (x86 nl)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Micro 8.3.2.1
"Picasa 3" = Picasa 3
"Portrait Professional Max 6_is1" = Portrait Professional Max 6.5
"PortraitProfessionalStudio10Trial_is1" = Portrait Professional Studio 10.8 Trial
"RadioPack" = Mediacenter Radiopack voor Windows7
"Recover My Files_is1" = Recover My Files
"Registry Mechanic_is1" = PC Tools Registry Mechanic 11.1
"SABnzbd" = SABnzbd 0.6.15
"Spyder2" = Spyder2
"SSC Service Utility_is1" = SSC Service Utility v4.30
"TeamViewer 8" = TeamViewer 8
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 1/17/2013 08:33:54 AM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567,
 tijdstempel: 0x4d672ee4  Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725,
 tijdstempel: 0x4ec4aa8e  Uitzonderingscode: 0xc0000005  Foutoffset: 0x000000000004e4b4
Id
 van proces met fout: 0x76c  Starttijd van toepassing met fout: 0x01cdf49d1e478aae
Pad
 naar toepassing met fout: C:\Windows\Explorer.EXE  Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
Rapport-id:
 2789a547-60a2-11e2-88ba-50e549b649a6
 
Error - 1/21/2013 06:29:27 AM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567,
 tijdstempel: 0x4d672ee4  Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725,
 tijdstempel: 0x4ec4aa8e  Uitzonderingscode: 0xc0000005  Foutoffset: 0x000000000004e4b4
Id
 van proces met fout: 0x77c  Starttijd van toepassing met fout: 0x01cdf7b2948aadf1
Pad
 naar toepassing met fout: C:\Windows\Explorer.EXE  Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
Rapport-id:
 6e24a6ad-63b5-11e2-a368-50e549b649a6
 
Error - 1/24/2013 06:04:29 AM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567,
 tijdstempel: 0x4d672ee4  Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725,
 tijdstempel: 0x4ec4aa8e  Uitzonderingscode: 0xc0000005  Foutoffset: 0x000000000004e4b4
Id
 van proces met fout: 0x778  Starttijd van toepassing met fout: 0x01cdfa0aeb23e7e8
Pad
 naar toepassing met fout: C:\Windows\Explorer.EXE  Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
Rapport-id:
 70b1a70a-660d-11e2-9824-50e549b649a6
 
Error - 2/1/2013 12:33:55 PM | Computer Name = GEBRUIK-QQLK2OY | Source = SideBySide | ID = 16842832
Description = Kan activeringscontext voor E:\Downloads\SoftonicDownloader_voor_freez-flv-to-mp3-converter.exe
 niet maken. Fout in manifest of beleidsbestand  op regel .  Een onderdeelversie die
 nodig is voor de toepassing conflicteert met een andere onderdeelversie die reeds
 actief is.  Conflicterende onderdelen zijn:  Onderdeel 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Onderdeel
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 2/2/2013 10:07:33 AM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567,
 tijdstempel: 0x4d672ee4  Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725,
 tijdstempel: 0x4ec4aa8e  Uitzonderingscode: 0xc0000005  Foutoffset: 0x000000000004e4b4
Id
 van proces met fout: 0x784  Starttijd van toepassing met fout: 0x01ce011c7a3480a4
Pad
 naar toepassing met fout: C:\Windows\Explorer.EXE  Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
Rapport-id:
 e3563d32-6d41-11e2-8ea1-50e549b649a6
 
Error - 2/4/2013 01:52:44 PM | Computer Name = GEBRUIK-QQLK2OY | Source = Windows Search Service | ID = 1019
Description = 
 
Error - 2/14/2013 05:47:06 PM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567,
 tijdstempel: 0x4d672ee4  Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725,
 tijdstempel: 0x4ec4aa8e  Uitzonderingscode: 0xc0000005  Foutoffset: 0x000000000004e4b4
Id
 van proces met fout: 0x78c  Starttijd van toepassing met fout: 0x01ce0a8c1e4173cd
Pad
 naar toepassing met fout: C:\Windows\Explorer.EXE  Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
Rapport-id:
 12b75cd0-76f0-11e2-87bf-50e549b649a6
 
Error - 2/15/2013 08:18:13 AM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: Explorer.EXE, versie: 6.1.7601.17567,
 tijdstempel: 0x4d672ee4  Naam van module met fout: ntdll.dll, versie: 6.1.7601.17725,
 tijdstempel: 0x4ec4aa8e  Uitzonderingscode: 0xc0000005  Foutoffset: 0x000000000004e4b4
Id
 van proces met fout: 0xdb4  Starttijd van toepassing met fout: 0x01ce0b4b88ae005f
Pad
 naar toepassing met fout: C:\Windows\Explorer.EXE  Pad naar module met fout: C:\Windows\SYSTEM32\ntdll.dll
Rapport-id:
 c4a5d418-7769-11e2-bb28-50e549b649a6
 
Error - 2/22/2013 12:23:39 PM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Description = Naam van toepassing met fout: DllHost.exe, versie: 6.1.7600.16385,
 tijdstempel: 0x4a5bca54  Naam van module met fout: igdumd64.dll, versie: 8.15.10.2653,
 tijdstempel: 0x4f3aac44  Uitzonderingscode: 0xc0000005  Foutoffset: 0x000000000030eb06
Id
 van proces met fout: 0x1cd4  Starttijd van toepassing met fout: 0x01ce1118f78b69c7
Pad
 naar toepassing met fout: C:\Windows\system32\DllHost.exe  Pad naar module met fout:
 C:\Windows\system32\igdumd64.dll  Rapport-id: 36891a4f-7d0c-11e2-8cf5-50e549b649a6
 
Error - 2/22/2013 12:35:27 PM | Computer Name = GEBRUIK-QQLK2OY | Source = Application Error | ID = 1000
Error - 2/22/2013 01:13:14 PM | Computer Name = GEBRUIK-QQLK2OY | Source = Application
 Error | ID = 1000
 
Description = Naam van toepassing met fout: DVDCreator.exe, versie: 2.6.5.34, tijdstempel: 0x505c14e2
Naam van module met fout: DVDCreator.exe, versie: 2.6.5.34, tijdstempel: 0x505c14e2
Uitzonderingscode: 0xc0000005
Foutoffset: 0x00003fbd
Id van proces met fout: 0x2164
Starttijd van toepassing met fout: 0x01ce111fe4426eb3
Pad naar toepassing met fout: C:\Program Files (x86)\Wondershare\DVD Creator\DVDCreator.exe
Pad naar module met fout: C:\Program Files (x86)\Wondershare\DVD Creator\DVDCreator.exe
Rapport-id: 23c5a4e0-7d13-11e2-8cf5-50e549b649a6
 
Error encountered while reading event logs.
 
< End of report >

OTL:

 

 

OTL logfile created on: 2/23/2013 11:12:32 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Gebruiker\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Verenigde Staten | Language: ENU | Date Format: M/d/yyyy
 
7.92 Gb Total Physical Memory | 4.75 Gb Available Physical Memory | 59.93% Memory free
15.84 Gb Paging File | 12.82 Gb Available in Paging File | 80.93% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119.14 Gb Total Space | 52.82 Gb Free Space | 44.33% Space Free | Partition Type: NTFS
Drive E: | 931.51 Gb Total Space | 840.84 Gb Free Space | 90.27% Space Free | Partition Type: NTFS
Drive F: | 87.31 Gb Total Space | 82.75 Gb Free Space | 94.78% Space Free | Partition Type: NTFS
Drive G: | 80.13 Gb Total Space | 41.02 Gb Free Space | 51.19% Space Free | Partition Type: NTFS
Drive P: | 1863.01 Gb Total Space | 862.87 Gb Free Space | 46.32% Space Free | Partition Type: NTFS
 
Computer Name: GEBRUIK-QQLK2OY | User Name: Gebruiker | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gebruiker\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\AlarmClock.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe ()
PRC - C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\GIGABYTE\smart6\dbios\SDBMSG.exe ()
MOD - C:\Program Files (x86)\GIGABYTE\smart6\dbios\DBIOS.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV:64bit: - (TabletServiceWacom) -- C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (c2wts) -- C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe (Microsoft Corporation)
SRV:64bit: - (EPSON_EB_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (EPSON_PM_RPCV4_04) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation)
SRV - (DymoPnpService) -- C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe (Sanford, L.P.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Smart TimeLock) -- C:\Program Files (x86)\GIGABYTE\smart6\timelock\TimeMgmtDaemon.exe (Gigabyte Technology CO., LTD.)
SRV - (DES2 Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe ()
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc)
DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology)
DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology)
DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel® Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (e.dentifier2) -- C:\Windows\SysNative\drivers\aabed2.sys (Todos Data System AB)
DRV:64bit: - (Spyder2) -- C:\Windows\SysNative\drivers\Spyder2.sys ()
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys ()
DRV - (etdrv) -- C:\Windows\etdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.nl
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.nl
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\{F9DAA020-7B79-4435-9E8C-9F65BA58170D}: "URL" = http://nl.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\DEVIANTART_SEARCH: "URL" = http://search.deviantart.com/?qh=boost%3Apopular&q={searchTerms}
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\Event_ID_SEARCH: "URL" = http://www.eventid.net/display.asp?eventid={searchTerms}&source=
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\GOOGLE_SEARCH: "URL" = http://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\MSDN_ENHANCED_SEARCH: "URL" = http://search.msdn.microsoft.com/search/default.aspx?siteId=0&tab=0&query={searchTerms}
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\MSDOWNLOADCENTER: "URL" = http://www.microsoft.com/downloads/results.aspx?pocId=&freetext={SearchTerms}&DisplayLang=nl
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\MSHELP: "URL" = http://support.microsoft.com/?kbid={SearchTerms}
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\MSTECHNET: "URL" = http://social.technet.microsoft.com/Search/nl-NL?query={SearchTerms}
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\NEOWIN_FORUM: "URL" = http://www.neowin.net/forum/index.php?act=Search&CODE=01&keywords={searchTerms}&forums=all
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\WIKIPEDIA_SEARCH: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\..\SearchScopes\YOUTUBE_SEARCH: "URL" = http://www.youtube.com/results?search_query={searchTerms}&search=Search
IE - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader@huangho.net76.net:1.6.5
FF - prefs.js..extensions.enabledAddons: {ce7e73df-6a44-4028-8079-5927a588c948}:1.1.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@ABNAMRO/BECON,version=1.00: C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll (ABN AMRO)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@dymo.com/DymoLabelFramework: C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Gebruiker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2013/02/23 08:55:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/11/24 12:46:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/02/20 12:21:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011/12/05 20:05:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Extensions
[2013/02/23 09:00:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\Firefox\Profiles\22xqilzi.default\extensions
[2012/09/24 07:01:17 | 000,083,705 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\22xqilzi.default\extensions\multifox@hultmann.xpi
[2013/02/22 17:54:47 | 000,015,583 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\22xqilzi.default\extensions\YoutubeDownloader@huangho.net76.net.xpi
[2012/05/09 08:53:01 | 000,075,799 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\22xqilzi.default\extensions\{455D905A-D37C-4643-A9E2-F6FEFAA0424A}.xpi
[2013/02/23 09:00:51 | 000,073,612 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\22xqilzi.default\extensions\{ce7e73df-6a44-4028-8079-5927a588c948}.xpi
[2013/02/10 18:24:51 | 000,242,136 | ---- | M] () (No name found) -- C:\Users\Gebruiker\AppData\Roaming\mozilla\firefox\profiles\22xqilzi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012/11/24 12:46:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/11/24 12:46:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/11/24 12:46:43 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/09/23 08:07:42 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/12/21 06:33:16 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/12/21 06:33:16 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/12/21 06:33:16 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\PepperFlash\11.6.602.167\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll
CHR - plugin: ABN AMRO e.dentifier2 Plug-in (Enabled) = C:\Program Files (x86)\ABN AMRO e.dentifier2\Mozilla\npBECON.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DYMO Label Framework (Enabled) = C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Java™ Platform SE 7 U13 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin:  Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Gebruiker\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Gebruiker\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - plugin: Java Deployment Toolkit 7.0.130.20 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Spybot - Search & Destroy = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmcccagmbagkpbdgpammblejlmiempb\2.0.6.819_0\
CHR - Extension: avast! WebRep = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Skype Click to Call = C:\Users\Gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\
 
O1 HOSTS File: ([2012/08/16 09:30:22 | 000,442,730 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    activate.adobe.com
O1 - Hosts: 127.0.0.1    acdid.acdsystems.com
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 15210 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000..\Run: [Facebook Update] C:\Users\Gebruiker\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Program Files\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [SDBOK] C:\Program Files (x86)\GIGABYTE\smart6\dbios\Run.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-21-1269911792-286688044-4042740465-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DCD2F0C-5730-41A9-8584-31BE7073304B}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6DCD2F0C-5730-41A9-8584-31BE7073304B}: NameServer = 193.74.208.65
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/12/05 14:40:46 | 000,000,048 | -H-- | M] () - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/05 14:40:47 | 000,000,048 | -H-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/12/05 14:40:47 | 000,000,048 | -H-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/02/23 11:01:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/02/23 10:49:04 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\LavasoftStatistics
[2013/02/23 10:48:26 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/02/23 10:48:26 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/23 10:48:24 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Ad-Aware Antivirus
[2013/02/23 10:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/02/23 10:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013/02/23 09:21:16 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2013/02/23 09:10:42 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\SUPERAntiSpyware.com
[2013/02/23 09:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013/02/23 09:10:41 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2013/02/23 09:10:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013/02/23 09:10:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013/02/23 08:41:47 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{FD78866D-316D-43F1-B92A-14FDD0211399}
[2013/02/22 18:10:37 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Wondershare
[2013/02/22 18:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wondershare
[2013/02/22 18:10:29 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\Wondershare DVD Creator
[2013/02/22 17:39:27 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoft
[2013/02/22 17:34:53 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\My Streaming Media
[2013/02/22 17:34:52 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Jaksta_Technologies_Pty_L
[2013/02/22 17:34:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jaksta
[2013/02/22 17:34:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jaksta Technologies
[2013/02/22 17:34:10 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Jaksta Streaming Media Recorder
[2013/02/22 17:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Applian
[2013/02/22 17:31:58 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\AnyVideoStudio
[2013/02/22 17:25:54 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\Documents\YouTube Downloader Suite
[2013/02/22 17:22:35 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Roaming\Apowersoft
[2013/02/22 17:22:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apowersoft
[2013/02/22 09:37:15 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{4D8C2C63-C228-49B8-BF4A-BFFE6C64C36A}
[2013/02/21 19:53:13 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{498FC614-219D-49F6-BE20-7BDF099069BC}
[2013/02/21 07:52:50 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{EA833E4B-B60C-4D63-8E87-8F09A3CD8DEC}
[2013/02/20 12:21:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2013/02/20 08:06:14 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{39F3D0B3-83D6-4A88-894D-ADF2BD6CFE0F}
[2013/02/19 17:02:04 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\Facebook
[2013/02/19 09:28:50 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{1D90F5ED-2003-4CDE-AC39-5A58FBED399B}
[2013/02/18 10:37:48 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{8694D17C-97FD-44B9-9982-B4863A8ACE75}
[2013/02/17 22:37:26 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{DD00C3C1-9C86-4104-8B10-8A860C117D2D}
[2013/02/17 10:37:15 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{48AE77E9-71F9-4D33-A594-49C3A123BB31}
[2013/02/16 09:23:33 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{FAA265BC-F918-417D-BFE2-20C0D209B183}
[2013/02/15 09:21:46 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{1FF91232-AB14-4F01-BD86-317EC8A4FBEE}
[2013/02/14 21:21:12 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{F36C8F0B-ACC0-49D8-B831-B97184162547}
[2013/02/14 09:21:01 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{35CF8EB8-60D8-4084-9B8C-EFE93C21EE3B}
[2013/02/13 09:07:39 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{AC3A6E28-F733-4AF0-8C95-1B4EA25CF2E9}
[2013/02/12 11:48:57 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{27724463-7C7F-430E-8D86-C352DC857B0E}
[2013/02/10 09:08:17 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{895C8938-177D-4213-AD3B-093953B5B284}
[2013/02/09 08:57:47 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{EB35C1F4-0550-4377-9BCF-9CCF94397FBC}
[2013/02/08 09:08:24 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{294FD5FC-E646-4847-94F1-3557B57DFF29}
[2013/02/07 09:39:25 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{07092135-9203-460F-BC18-DC5532277420}
[2013/02/06 10:16:58 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{4039C2D4-B856-4321-A01C-3F2A8298C078}
[2013/02/05 10:55:31 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{7CF1A343-36CD-45F8-98DA-532E30516A26}
[2013/02/04 22:45:01 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{BCE4833B-E1DA-405A-9825-FABF2363129C}
[2013/02/04 10:44:38 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{55D3A002-4FF1-4D51-A611-1620175B6A4A}
[2013/02/03 09:09:54 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{AEDDFA11-FF57-4DC4-99FD-0F316A25E529}
[2013/02/02 09:09:04 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{F2DF90CB-718E-463B-BECA-ED31B5913453}
[2013/02/01 16:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013/02/01 16:46:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/02/01 08:35:19 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{E5424292-8C51-406B-9DE7-243DA64C61FE}
[2013/01/31 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{B2E739E7-ACEE-46AC-A61D-CFAF873FC1FE}
[2013/01/30 11:13:42 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{BA1F7AB0-4FA9-4F54-9C1B-CB7B64C66DE1}
[2013/01/29 10:35:08 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{27C9B509-8D96-4849-8389-E0F71CA5A2FF}
[2013/01/28 08:39:18 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{09D0EB4B-9D25-4EA6-A920-0044AAA28975}
[2013/01/27 14:24:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013/01/27 10:20:22 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{CC7E63DD-5DEA-408F-A54B-365EBC98A72A}
[2013/01/26 09:12:30 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{326B72D2-4338-40CB-9EDE-E7288C540ACF}
[2013/01/25 09:20:55 | 000,000,000 | ---D | C] -- C:\Users\Gebruiker\AppData\Local\{64B5AD7B-7CFB-423D-855B-AB7B469EE255}
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/02/23 11:07:05 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-1000UA.job
[2013/02/23 11:06:09 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/23 11:06:09 | 000,013,040 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/23 11:05:59 | 001,744,456 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/02/23 11:05:59 | 000,771,928 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2013/02/23 11:05:59 | 000,680,774 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/02/23 11:05:59 | 000,163,314 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2013/02/23 11:05:59 | 000,131,976 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/02/23 11:00:36 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Gebruiker\Desktop\OTL.exe
[2013/02/23 10:59:17 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\RMAutoUpdate.job
[2013/02/23 10:59:01 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/02/23 10:58:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/23 10:49:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/23 10:48:25 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe
[2013/02/23 10:48:25 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys
[2013/02/23 10:38:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-1000UA.job
[2013/02/23 10:33:55 | 000,002,112 | ---- | M] () -- C:\Users\Gebruiker\Desktop\HijackThis.lnk
[2013/02/23 10:21:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-500UA.job
[2013/02/23 09:10:41 | 000,001,837 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/23 08:55:58 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013/02/22 17:07:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-1000Core.job
[2013/02/22 14:38:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-1000Core.job
[2013/02/22 10:23:14 | 000,001,456 | ---- | M] () -- C:\Users\Gebruiker\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/02/21 19:21:00 | 000,001,046 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-500Core.job
[2013/02/21 10:30:00 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/02/21 08:05:29 | 000,002,123 | ---- | M] () -- C:\Users\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/02/19 12:56:04 | 000,021,699 | ---- | M] () -- C:\Users\Gebruiker\Desktop\betaalbewijs.JPG
[2013/02/15 13:29:40 | 000,104,269 | ---- | M] () -- C:\Users\Gebruiker\Desktop\FB_Ban.jpg
[2013/02/15 13:17:32 | 000,049,140 | ---- | M] () -- C:\Users\Gebruiker\Desktop\Knipsel.JPG
[2013/02/15 08:10:23 | 004,926,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/02/12 13:05:26 | 000,016,893 | ---- | M] () -- C:\Users\Gebruiker\Desktop\bank_feb.JPG
[2013/02/12 12:27:48 | 000,069,952 | ---- | M] () -- C:\Users\Gebruiker\Desktop\PSCR_emesa.JPG
[2013/02/10 12:06:29 | 000,769,757 | ---- | M] () -- C:\Users\Gebruiker\Desktop\Bouwbesluit19122002.pdf
[2013/02/10 12:06:23 | 000,359,874 | ---- | M] () -- C:\Users\Gebruiker\Desktop\bouwbesluit.pdf
[2013/02/10 12:04:16 | 000,426,753 | ---- | M] () -- C:\Users\Gebruiker\Desktop\Folder-Brandweer-zwijdrecht.pdf
[2013/02/10 11:16:00 | 000,372,585 | ---- | M] () -- C:\Users\Gebruiker\Desktop\ISOduct_install_Voorschrift_NL.pdf
[2013/02/01 11:00:00 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/01/28 09:39:55 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/01/27 14:24:58 | 000,001,167 | ---- | M] () -- C:\Users\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/02/23 10:33:55 | 000,002,112 | ---- | C] () -- C:\Users\Gebruiker\Desktop\HijackThis.lnk
[2013/02/23 09:10:41 | 000,001,837 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013/02/19 17:02:08 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-1000UA.job
[2013/02/19 17:02:07 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1269911792-286688044-4042740465-1000Core.job
[2013/02/19 12:56:04 | 000,021,699 | ---- | C] () -- C:\Users\Gebruiker\Desktop\betaalbewijs.JPG
[2013/02/15 13:29:33 | 000,104,269 | ---- | C] () -- C:\Users\Gebruiker\Desktop\FB_Ban.jpg
[2013/02/15 13:17:31 | 000,049,140 | ---- | C] () -- C:\Users\Gebruiker\Desktop\Knipsel.JPG
[2013/02/12 13:05:25 | 000,016,893 | ---- | C] () -- C:\Users\Gebruiker\Desktop\bank_feb.JPG
[2013/02/12 12:27:48 | 000,069,952 | ---- | C] () -- C:\Users\Gebruiker\Desktop\PSCR_emesa.JPG
[2013/02/10 12:06:29 | 000,769,757 | ---- | C] () -- C:\Users\Gebruiker\Desktop\Bouwbesluit19122002.pdf
[2013/02/10 12:06:23 | 000,359,874 | ---- | C] () -- C:\Users\Gebruiker\Desktop\bouwbesluit.pdf
[2013/02/10 12:04:16 | 000,426,753 | ---- | C] () -- C:\Users\Gebruiker\Desktop\Folder-Brandweer-zwijdrecht.pdf
[2013/02/10 11:15:59 | 000,372,585 | ---- | C] () -- C:\Users\Gebruiker\Desktop\ISOduct_install_Voorschrift_NL.pdf
[2013/02/05 10:54:45 | 004,926,376 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/01/28 09:39:55 | 000,001,117 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
[2013/01/28 09:39:55 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013/01/27 14:24:58 | 000,001,167 | ---- | C] () -- C:\Users\Gebruiker\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
[2012/09/22 09:52:41 | 008,676,883 | ---- | C] () -- C:\Windows\SysWow64\mp3Media2.dll
[2012/09/11 11:11:08 | 000,001,456 | ---- | C] () -- C:\Users\Gebruiker\AppData\Local\Adobe Save for Web 13.0 Prefs
[2012/06/01 10:13:41 | 000,000,082 | ---- | C] () -- C:\Windows\wininit.ini
[2012/04/27 13:52:50 | 000,000,132 | ---- | C] () -- C:\Users\Gebruiker\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/02/14 17:47:06 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012/02/14 17:47:06 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012/02/14 17:44:24 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012/02/14 16:59:56 | 013,209,600 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012/02/04 09:51:48 | 000,012,288 | ---- | C] () -- C:\Users\Gebruiker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/03 00:46:05 | 001,721,680 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/26 14:58:12 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/12/10 19:55:30 | 000,000,025 | ---- | C] () -- C:\Windows\CDE SX400DEFGIPS.ini
[2011/12/10 18:03:35 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/12/06 11:44:53 | 000,001,456 | ---- | C] () -- C:\Users\Gebruiker\AppData\Local\Adobe Save for Web 12.0 Prefs
[2011/12/05 19:05:33 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/12/05 19:03:11 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011/12/05 19:00:22 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011/12/05 18:58:14 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/12/06 19:35:25 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\ACD Systems
[2013/02/23 10:48:24 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Ad-Aware Antivirus
[2012/12/04 13:05:00 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Anthropics
[2013/02/22 17:22:35 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Apowersoft
[2012/02/18 14:25:59 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2013/02/22 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\DVDVideoSoft
[2012/04/05 13:29:05 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\EPSON
[2013/02/20 14:03:53 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\FileZilla
[2012/11/30 12:40:10 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Foxit Software
[2011/12/05 14:33:22 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Imagenomic
[2013/02/22 17:34:53 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Jaksta Streaming Media Recorder
[2011/12/26 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Leawo
[2011/12/08 12:37:04 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\LockHunter
[2013/02/22 09:44:41 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\MailWasherPro
[2011/12/13 09:24:41 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\OpenOffice.org
[2012/04/07 08:18:23 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Orbit
[2012/09/11 10:41:29 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\PDAppFlex
[2012/12/14 10:34:08 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\PDF Writer
[2012/10/31 15:03:49 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Product_RM
[2012/03/05 12:47:59 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\ProgSense
[2012/10/31 15:06:15 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Registry Mechanic
[2011/12/27 11:32:34 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Splashtop
[2013/01/11 14:46:56 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Spotify
[2011/12/05 21:04:27 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013/02/23 09:27:28 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\TeamViewer
[2011/12/05 20:05:08 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Thunderbird
[2011/12/26 14:59:57 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\tiger-k
[2012/10/31 14:39:24 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\Uniblue
[2012/06/11 10:40:00 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\uTorrent
[2011/12/07 11:02:35 | 000,000,000 | ---D | M] -- C:\Users\Gebruiker\AppData\Roaming\YouSendIt
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< MD5 for: EXPLORER.EXE  >
[2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011/10/05 15:46:38 | 003,167,656 | ---- | M] (Safer-Networking Ltd.) MD5=0AB68BFCE1579A61C36B79CAAFDCE992 -- C:\Program Files (x86)\Spybot - Search & Destroy 2\explorer.exe
[2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010/02/02 21:03:12 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=22F7FA1FD0223AE08AE4070534B96CF9 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_b88db036e0e839ae\explorer.exe
[2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2010/02/02 20:58:09 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010/02/02 20:41:32 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010/02/02 21:03:12 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=90BD96C123F672C49CB5E1C7854FDFC0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20570_none_ae3905e4ac8777b3\explorer.exe
[2010/02/02 20:58:09 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010/02/02 20:41:32 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2010/02/02 20:58:08 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010/02/02 20:41:33 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2010/02/02 20:58:08 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010/02/02 21:03:12 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=C9B74657CF24E4297C94D5F6BE62E915 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_b820b549c7b41363\explorer.exe
[2010/02/02 21:03:12 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E0ABC4E94E734604A2244273784FD4CB -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16457_none_adcc0af793535168\explorer.exe
[2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2010/02/02 20:41:33 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: SVCHOST.EXE  >
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009/07/14 02:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/12/14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/02/02 20:52:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=9ED521C0B287D4A396E1456B3D1556C9 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16440_none_cbde32e1ee86914c\winlogon.exe
[2010/02/02 20:58:09 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/02/02 20:58:09 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
[2010/02/02 20:52:11 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=FEFF314FF78051201309E47D90554BE8 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20548_none_cc6fd1fd079cfbce\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:D1B5B4F1
 
< End of report >


#3 dnf-style

dnf-style
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 February 2013 - 06:24 AM

unhide:

 

 

Unhide by Lawrence Abrams (Grinler)
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
 
Program started at: 02/23/2013 11:38:16 AM
Windows Version: Windows 7
 
Please be patient while your files are made visible again.
 
Processing the C:\ drive
Finished processing the C:\ drive. 277766 files processed.
 
Processing the E:\ drive
Finished processing the E:\ drive. 17123 files processed.
 
Processing the F:\ drive
Finished processing the F:\ drive. 13 files processed.
 
Processing the G:\ drive
Finished processing the G:\ drive. 38681 files processed.
 
Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.
 
Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.
 
Processing the J:\ drive
Finished processing the J:\ drive. 0 files processed.
 
Processing the K:\ drive
Finished processing the K:\ drive. 0 files processed.
 
Processing the P:\ drive
Finished processing the P:\ drive. 97590 files processed.
 
The C:\Users\GEBRUI~1\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
 
Searching for Windows Registry changes made by FakeHDD rogues.
 - Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
 - Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
 - Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
  * Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
  * Start_ShowRecentDocs was set to 0! It was set back to 2!
  * Start_TrackDocs was set to 0! It was set back to 1!
  * Start_TrackProgs was set to 0! It was set back to 1!
  * Start_ShowMyGames was set to 0! It was set back to 1!
 
Restarting Explorer.exe in order to apply changes.
 
Program finished at: 02/23/2013 11:41:05 AM
Execution time: 0 hours(s), 2 minute(s), and 48 seconds(s)


#4 dnf-style

dnf-style
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:09:44 AM

Posted 23 February 2013 - 07:09 AM

problem solved. system restore function was available and restored.



#5 hamluis

hamluis

    Moderator


  • Moderator
  • 55,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:09:44 AM

Posted 23 February 2013 - 07:21 AM

Thanks for letting us know of your successful restoration.

 

Happy computing smile.png.

 

Louis

 

To avoid confusion, this topic is now closed and moved to Malware Removal Logs forum.


Edited by hamluis, 23 February 2013 - 07:23 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users