Volledige versie bekijken : hijackthis log egraag eens bekijken pc traag
bike devil 13 March 2012, 07:40 is het mogelijk om deze log eens te bekijken aub
pc is traag geworden
pc=aspire z5761,6 gb, intelI7,
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:39:07, on 13/03/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16912)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\nend software\Weerstation Online\Weerstation Online.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\TouchMovieService.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Telenet Security Pack\Common\FSM32.EXE
C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
D:\...hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/?nieuwsblad=home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Telenet Security Pack\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Telenet Security Pack\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\Acer\Acer Touch Suite\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer\Acer Touch Suite\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\3.0"
O4 - HKLM\..\Run: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIS tartMenu.exe" "C:\Program Files (x86)\Acer\clear.fi\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.1"
O4 - HKLM\..\Run: [TouchSuiteMovieService] "C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\TouchMovieService.exe"
O4 - HKLM\..\Run: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\Telenet Security Pack\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files (x86)\Telenet Security Pack\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\computer\AppData\Local\Facebook\Update\Fa cebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3686709067-1708269120-2177690567-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3686709067-1708269120-2177690567-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: Weerstation Online.lnk = C:\Program Files (x86)\nend software\Weerstation Online\Weerstation Online.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} (SNRet Control) - http://acer-nl.custhelp.com/euf/assets/activex/snret.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe
O23 - Service: CyberLink Product - 2010/01/01 16:42:36 (CLKMSVC10_34E30CCC) - CyberLink - C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe
O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe
O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS Server.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\fsgk32st.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\Telenet Security Pack\ORSP Client\fsorsp.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MyWinLocker Service (MWLService) - Egis Technology Inc. - C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Updater Service - Acer Group - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: USBS3S4Detection - Unknown owner - C:\OEM\USBDECTION\USBS3S4Detection.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15079 bytes
bike devil 13 March 2012, 07:50 Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org (http://www.malwarebytes.org)
Databaseversie: v2012.03.12.07
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
computer :: COMPUTER-PC [administrator]
13/03/2012 6:43:56
mbam-log-2012-03-13 (06-43-56).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 225196
Verstreken tijd: 4 minuut/minuten, 5 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
Juisterr 13 March 2012, 13:59 Download OTL (http://oldtimer.geekstogo.com/OTL.com) naar je Bureaublad
Dubbelklik op OTL.com om het programma te openen. Zorg ervoor dat all andere vensters gesloten zijn, en laat het programma ongestoord zijn werk doen.
Zet een vinkje bij Scan All Users.
Klik op de knop Quick Scan. Verander de instellingen van OTL niet, tenzij ik je hiervoor specifiek instructies geef. De scan zal niet heel erg lang duren.
Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is. OTL.Txt en Extras.Txt. Deze bestanden zijn opgeslagen in dezelfde locatie als OTL.
Kopieer (Bewerken->Alles selecteren, Bewerken->Kopiëren) en plak (Bewerken->Alles selecteren, Bewerken->Plakken) de inhoud van deze twee bestanden één voor één in je volgende bericht.
bike devil 13 March 2012, 22:33 OTL logfile created on: 3/13/2012 9:25:29 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\computer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy
5.98 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 64.38% Memory free
11.96 Gb Paging File | 10.04 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689.79 Gb Total Space | 249.12 Gb Free Space | 36.11% Space Free | Partition Type: NTFS
Drive D: | 689.79 Gb Total Space | 140.08 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Computer Name: COMPUTER-PC | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/03/13 21:25:15 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.com
PRC - [2012/02/22 14:52:58 | 000,978,720 | ---- | M] () -- C:\Program Files (x86)\nend software\Weerstation Online\Weerstation Online.exe
PRC - [2011/11/08 09:30:17 | 000,488,104 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\fsav32.exe
PRC - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/11/03 12:06:56 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/09/08 12:13:58 | 001,008,296 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\fssm32.exe
PRC - [2011/09/08 12:13:58 | 000,512,680 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\fsgk32.exe
PRC - [2011/06/28 19:11:09 | 000,061,088 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\ORSP Client\fsorsp.exe
PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/19 04:00:48 | 000,234,792 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe
PRC - [2011/05/19 04:00:20 | 000,083,240 | ---- | M] () -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe
PRC - [2011/05/12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS Server.exe
PRC - [2011/05/12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe
PRC - [2011/01/20 10:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/12/23 23:46:44 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2010/12/23 23:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2010/12/10 07:25:22 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2010/11/10 03:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/11/06 08:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/10/30 02:59:12 | 000,124,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\TouchMovieService.exe
PRC - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/09/23 13:13:06 | 000,751,432 | ---- | M] (AVG) -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
PRC - [2010/07/08 18:52:28 | 000,436,256 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe
PRC - [2010/05/27 04:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
PRC - [2010/05/06 20:08:52 | 000,153,416 | ---- | M] (Acer Corp.) -- C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe
PRC - [2010/03/11 07:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2010/03/11 07:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe
PRC - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\Common\FSMA32.EXE
PRC - [2009/08/05 16:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\Common\FSM32.EXE
PRC - [2009/08/05 16:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\Common\FSHDLL32.EXE
PRC - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\fsgk32st.exe
========== Modules (No Company Name) ==========
MOD - [2012/02/22 14:52:58 | 000,978,720 | ---- | M] () -- C:\Program Files (x86)\nend software\Weerstation Online\Weerstation Online.exe
MOD - [2012/02/08 14:56:00 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torUtil\5146ed6dcbec6f5cafc972c011e13663\IAStorUti l.ni.dll
MOD - [2012/02/08 14:56:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAS torCommon\9cdcbab4b98eff0399edc83e8728c516\IAStorC ommon.ni.dll
MOD - [2012/02/08 14:29:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Runtime.Remo#\442eed762e21796e8e497fcd14f1295a \System.Runtime.Remoting.ni.dll
MOD - [2012/02/08 14:28:43 | 012,431,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Windows.Forms\d76221993c2fdfb991b8c12ae50a30eb \System.Windows.Forms.ni.dll
MOD - [2012/02/08 14:28:38 | 001,586,688 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Drawing\0e245eb9c1067cabd5673fe832d28613\Syste m.Drawing.ni.dll
MOD - [2012/02/08 14:28:17 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Win dowsBase\3136e12cfb8809d39813e76c766c782c\WindowsB ase.ni.dll
MOD - [2012/02/08 14:28:04 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xm l.ni.dll
MOD - [2012/02/08 14:28:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c \System.Configuration.ni.dll
MOD - [2012/02/08 14:27:51 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Sys tem\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2012/02/08 14:26:55 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\msc orlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni .dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/12/23 23:46:40 | 000,181,632 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2010/12/23 23:46:38 | 000,210,312 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.d ll
MOD - [2010/11/10 03:51:28 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2010/11/10 03:50:50 | 000,613,992 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010/09/23 13:13:36 | 000,350,024 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madExcept_.bpl
MOD - [2010/09/23 13:13:36 | 000,050,504 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madDisAsm_.bpl
MOD - [2010/09/23 13:13:34 | 000,184,136 | ---- | M] () -- C:\Program Files (x86)\AVG\AVG PC Tuneup 2011\madBasic_.bpl
MOD - [2010/03/12 06:14:24 | 000,014,368 | ---- | M] () -- C:\Program Files (x86)\Acer\Acer TouchPortal\LanguageDll\TouchPortalLauncher-nl.dll
MOD - [2010/01/02 01:22:01 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2. 0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/01/02 01:21:58 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoti ng.resources\2.0.0.0_nl_b77a5c561934e089\System.Ru ntime.Remoting.resources.dll
MOD - [2009/08/05 16:57:04 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Telenet Security Pack\FSGUI\strres.eng
MOD - [2009/08/05 16:56:56 | 000,920,160 | ---- | M] () -- C:\Program Files (x86)\Telenet Security Pack\FSGUI\gres.dll
MOD - [2009/08/05 16:56:50 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Telenet Security Pack\FSGUI\flyerres.eng
MOD - [2009/08/05 16:56:50 | 000,045,056 | ---- | M] () -- C:\Program Files (x86)\Telenet Security Pack\FSGUI\fsavures.eng
MOD - [2009/08/05 16:56:32 | 000,838,240 | ---- | M] () -- C:\Program Files (x86)\Telenet Security Pack\FSGUI\about.dll
MOD - [2009/08/05 16:56:32 | 000,088,672 | ---- | M] () -- C:\Program Files (x86)\Telenet Security Pack\FSGUI\aboutres.dll
========== Win32 Services (SafeList) ==========
SRV:[b]64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/01/29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/11/03 12:06:56 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/28 19:21:14 | 000,844,384 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Telenet Security Pack\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2011/06/28 19:11:09 | 000,061,088 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Telenet Security Pack\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/05/19 04:00:20 | 000,083,240 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe -- (CLHNServiceForPowerDVD)
SRV - [2011/05/12 09:09:36 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS Server.exe -- (CyberLink PowerDVD 11.0 Service)
SRV - [2011/05/12 09:09:34 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe -- (CyberLink PowerDVD 11.0 Monitor Service)
SRV - [2010/11/26 07:14:22 | 000,254,448 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe -- (CLKMSVC10_34E30CCC)
SRV - [2010/11/06 08:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010/10/05 14:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/10/05 14:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/05/27 04:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/12/09 10:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection)
SRV - [2009/08/05 16:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Telenet Security Pack\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 16:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2011/11/03 12:06:56 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/07/29 13:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 13:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/06/28 19:21:59 | 000,094,280 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fsdfw.sys -- (FSFW)
DRV:64bit: - [2011/06/28 19:21:26 | 000,045,624 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\fses.sys -- (FSES)
DRV:64bit: - [2011/06/23 09:34:08 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 16:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011/01/15 17:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 23:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/11/25 05:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010/11/06 08:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/09/21 07:34:18 | 000,313,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress) Intel(R)
DRV:64bit: - [2010/09/21 02:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010/06/21 23:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/03 04:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009/06/03 04:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009/06/03 04:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2005/09/23 21:18:34 | 000,261,120 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MarvinBus64.sys -- (MarvinBus)
DRV - [2011/12/01 16:13:42 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2011/09/08 12:14:58 | 000,198,808 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2011/07/29 13:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 13:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2011/05/20 14:31:06 | 000,148,976 | ---- | M] (CyberLink Corp.) [2011/07/09 18:19:25] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\NavFilter\000.fc l -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/05/19 04:00:21 | 000,075,248 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD _64.sys -- (ntk_PowerDVD)
DRV - [2010/10/26 23:19:38 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/01/01 16:39:23] [Kernel | Auto | Running] -- C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\000.fcl -- ({31E9B156-F8C3-4B9A-BB45-D41BAA6B4400})
DRV - [2009/08/05 16:58:30 | 000,057,920 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Telenet Security Pack\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 16:56:12 | 000,014,904 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\Telenet Security Pack\Anti-Virus\minifilter\fsvista.sys -- (fsvista)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVer sion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.nieuwsblad.be/?nieuwsblad=home
IE - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000\..\SearchScopes,DefaultScope = {7862C6B8-FE9B-4700-89FB-1BEA954FD52C}
IE - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000\..\SearchScopes\{7862C6B8-FE9B-4700-89FB-1BEA954FD52C}: "URL" = http://www.google.be/search?hl=nl&q={searchTerms}&sourceid=ie8&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.be/"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_10 2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/12/02 16:45:04 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files (x86)\Virtual Earth 3D\ [2010/12/02 16:45:04 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\computer\AppData\Local\Facebook\Video\Sky pe\npFacebookVideoCalling.dll (Skype Limited)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extens ions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Telenet Security Pack\NRS\litmus-ff@f-secure.com [2012/03/09 04:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/11/17 04:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/11/12 15:47:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011/11/12 15:47:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\computer\AppData\Roaming\mozilla\Extensio ns
[2011/11/17 04:16:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/05 08:30:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/05 04:29:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/05 05:05:54 | 000,001,892 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bolcom-nl.xml
[2011/11/05 05:05:54 | 000,004,558 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\marktplaats-nl.xml
[2011/11/05 05:05:54 | 000,001,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-nl.xml
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Telenet Security Pack\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Telenet Security Pack\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4:64bit: - HKLM..\Run: [TouchPortal] C:\Program Files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe (Acer Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Telenet Security Pack\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Telenet Security Pack\FSGUI\TNBUtil.exe (F-Secure Corporation)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIS tartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\Cyberlink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [TouchSuiteMovieService] C:\Program Files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\TouchMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Acer\Acer Touch Suite\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3686709067-1708269120-2177690567-1000..\Run: [Facebook Update] C:\Users\computer\AppData\Local\Facebook\Update\Fa cebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3686709067-1708269120-2177690567-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3686709067-1708269120-2177690567-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3686709067-1708269120-2177690567-1001..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\fslsp_x64.dll (F-Secure Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL (F-Secure Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://www.pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} http://acer-nl.custhelp.com/euf/assets/activex/snret.cab (SNRet Control)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.5 195.130.130.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfac es\{D8F7A684-DC0D-4AAC-8743-34FB7765E9A8}: DhcpNameServer = 195.130.131.5 195.130.130.133
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2012/03/13 21:24:54 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.com
[2012/03/13 10:17:35 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{0E391C53-922F-4FDC-93CA-17847076C60A}
[2012/03/13 10:17:25 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{90327EE1-6997-471E-A508-215DFD0E5B97}
[2012/03/13 06:50:30 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\computer\Desktop\TFC.exe
[2012/03/13 06:43:04 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\Malwarebytes
[2012/03/13 06:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/13 06:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/13 06:42:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/03/13 06:42:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/03/13 06:41:57 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\computer\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/13 06:30:17 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\HiJackThis
[2012/03/12 21:51:20 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{F3CDCE6E-DD16-45D0-AA11-FD158013F71A}
[2012/03/12 21:51:10 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{41F76743-E7BC-4274-9DC9-16E54A29F3D7}
[2012/03/12 09:50:47 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{E14112E0-5237-4B73-BAA6-A5750CE6F7BD}
[2012/03/12 09:50:37 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{26E13C53-D9C5-4F2F-A340-EB346B66C083}
[2012/03/11 21:50:10 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{47AEB982-DD37-4EFA-9B4E-1428BCAB2712}
[2012/03/11 21:50:01 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BE5BCB3D-954D-4CE3-98D2-73FA323C7A0E}
[2012/03/11 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\WinAVI
[2012/03/11 16:33:04 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\WinAVI
[2012/03/11 16:33:02 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\WinAVI All in One Converter
[2012/03/11 16:32:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinAVI
[2012/03/11 08:47:11 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{ED576220-926C-496A-B5AA-852C39846C47}
[2012/03/11 08:47:00 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C330B8A9-B372-44D1-966A-DBF670765504}
[2012/03/10 18:26:54 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{1B0ECD2F-2274-4AF4-9F21-0989E5A08CAE}
[2012/03/10 18:26:43 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BA354FE6-1321-494E-A56C-81E4FA38E4F7}
[2012/03/10 05:40:23 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{206D250C-9C99-4F53-9287-CBECDEAC8ABA}
[2012/03/10 05:40:12 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{38DA8726-D8B1-4540-A7EA-29FC7D8F923B}
[2012/03/09 16:11:52 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{3B131894-8A62-4DC2-B9E3-F3A552EE2555}
[2012/03/09 16:11:42 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C51738CD-F923-4917-99BC-5B68112775F6}
[2012/03/09 04:11:08 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{B52D1727-5E82-435B-9338-EFFBFCFD8987}
[2012/03/09 04:10:57 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{077A7C40-845F-45BA-B8C3-130107531126}
[2012/03/08 12:23:33 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{0AB258EE-BC3A-4039-A520-632E6A05D5CC}
[2012/03/08 12:23:22 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{D997EC66-CB14-4AF6-962F-732F10B88811}
[2012/03/07 20:11:43 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{F1EB850F-D345-4EC8-A8E7-4352EFEC9A62}
[2012/03/07 20:11:33 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{8D9340B8-1699-4D00-B5EF-E2C18A1AF2A5}
[2012/03/07 08:11:10 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{5DD429B3-3150-4BCF-A725-157956D467E9}
[2012/03/07 08:11:00 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{1B3F8163-3755-4AB1-897F-523A1EC7ED98}
[2012/03/06 19:43:45 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{9A36D47B-1C27-45D7-BE6E-4591ED7D2618}
[2012/03/06 19:43:35 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C07BD46F-4232-4777-A53A-2822965EE0AD}
[2012/03/06 04:12:43 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{35FF5542-C0C9-45B0-A4D9-6BC0B575B7EA}
[2012/03/06 04:12:32 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{1CB4AD7B-5EEF-48AA-BBBF-C310890931E8}
[2012/03/05 12:17:48 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{E08D2E97-2F4C-4CA6-8B9C-BA3AFF252782}
[2012/03/05 12:17:38 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C9C96EE0-4551-4E60-B927-7A704CB57D5D}
[2012/03/04 20:37:08 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{CAFDC183-4B44-483A-9281-526842A81731}
[2012/03/04 20:36:58 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{F0F037C4-F7B9-483C-8FB2-81512E229205}
[2012/03/04 08:36:33 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{73652CFD-E48E-4E56-8721-A994EE6362CE}
[2012/03/04 08:36:22 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{5EEA60C1-4F67-44C4-AEAB-7C5296574B54}
[2012/03/03 18:21:54 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{559EC8FA-83C5-4E97-85C1-47AD3BB12F58}
[2012/03/03 18:21:44 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{09747EB3-1DB6-4AAE-9C3A-B529750AE52D}
[2012/03/03 06:21:05 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{369E551B-3E5D-4C1C-9F6F-EEBDCCB95D0A}
[2012/03/03 06:20:55 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{64CB8B6B-6D76-4F61-B7A4-111D64DCCB4B}
[2012/03/02 17:31:44 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BE9F97B5-889E-48D6-8A2D-3C99BB961F34}
[2012/03/02 17:31:33 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C806B3B8-00FF-4FF1-B348-EC96388295CD}
[2012/03/02 13:54:29 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{7B736C69-E6C8-4ACD-973F-E3F5BAA20126}
[2012/03/02 09:58:35 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{33BBB08D-837B-4589-BE3A-11A879CD03AC}
[2012/03/01 21:36:16 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{CA934FDE-5113-4E36-A5A9-5FE5E973F04F}
[2012/03/01 21:36:05 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{FA010C77-DAE9-45A6-9DE4-FE93AA77862D}
[2012/02/29 22:26:37 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C7C0AD17-D67F-4E2C-9EE8-12F30EC52F05}
[2012/02/29 22:26:26 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{8EE32FAF-5F3D-4394-9BC8-64A6D245F20C}
[2012/02/29 07:42:52 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{32640CF8-3A6E-4214-AD2F-041642DF3A6C}
[2012/02/29 07:42:42 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{96F8A533-91DF-4FBD-A86C-72B5900C0B05}
[2012/02/27 22:20:35 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{0C40D3CC-750E-4B96-918D-9FC78EBB9517}
[2012/02/27 22:20:25 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{94DABDF5-8A72-4CBD-9EF0-BF695D506B6D}
[2012/02/27 07:52:15 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{E9282DDB-2206-4C41-BF68-BD8849E0C209}
[2012/02/27 07:52:04 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{5A1A989B-63AF-47F2-81F5-6FAEFEE2162C}
[2012/02/26 08:42:28 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{435BD68B-9C3C-4284-BF9C-B1CFB86EBEB3}
[2012/02/26 08:42:10 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{32CEA621-030A-45EF-BF81-1C0660549B14}
[2012/02/25 15:31:43 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{D4E40C04-D446-40CE-970F-93E20204F293}
[2012/02/25 15:31:33 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{A41BA17B-50E2-4808-A349-8903FEE3069A}
[2012/02/25 15:30:19 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{9435947C-FA78-4BE1-B8FF-ABA9F0C618D4}
[2012/02/25 15:28:52 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BBDF0C6F-4B4B-4C39-82CF-21BBDA2222FF}
[2012/02/25 15:28:43 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{984F0A45-DE14-459D-ABB5-FAC18BA4F873}
[2012/02/24 20:42:50 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{DD78490F-8FB3-44E6-B719-A5FFCCD295D2}
[2012/02/24 20:42:40 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{F3066A5A-9373-4EE6-96E7-B478B1461E6D}
[2012/02/24 08:42:16 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BA46B652-50F9-4350-A3C1-45C7DC7FED28}
[2012/02/24 08:42:07 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{0A79FEFD-7BC7-4733-AD85-5BFDDEED3142}
[2012/02/23 19:51:02 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C97B03DD-BBA2-4C1C-9B32-550FB237A7AC}
[2012/02/23 19:50:52 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{7CF07574-7954-43BA-BEA5-DE7D1B702A88}
[2012/02/23 04:25:13 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{1E2AEFD4-20E7-4F85-AE62-27A8D2F45B4D}
[2012/02/23 04:25:03 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{ED685A2B-4333-401C-940F-25BC6505D442}
[2012/02/22 04:18:36 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{B05D42E9-E90A-4F69-BF2B-42DD4BD595ED}
[2012/02/22 04:18:25 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BC31ABC3-3F52-427F-ACBC-FC9EFF9D44D0}
[2012/02/21 09:35:58 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{17CCC98B-4393-4F59-B866-58A7CBC3329B}
[2012/02/21 09:35:47 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{F06EB5BB-A0EC-4E46-9CB5-E7C24F828A4F}
[2012/02/20 17:41:59 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{791E1733-28E6-426F-83FC-48629D6E66E3}
[2012/02/20 17:41:49 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BAED06C8-CC39-4E16-A892-DD7BB01517A4}
[2012/02/20 04:18:33 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{4FB79939-23DC-4F5D-A97B-0E320B188A9B}
[2012/02/20 04:18:11 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BC44EA7C-35DB-4D7B-8547-397E220AD700}
[2012/02/19 09:43:25 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{41580175-4696-4D40-AE55-FB20896E540D}
[2012/02/19 09:43:06 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{6BAADAD0-FC81-4AA3-8284-14FA61A0F5C1}
[2012/02/18 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{17CF411A-D129-4492-B18E-75B6B80DD091}
[2012/02/18 19:17:32 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{3694D958-97F4-4AF6-B57F-AB0CADD779D4}
[2012/02/18 06:47:33 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{D885B9C4-1DB2-4323-BD1E-620A4D3B8638}
[2012/02/18 06:47:23 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{69565734-BD59-4EF3-A357-704D90B01B5A}
[2012/02/17 17:25:12 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{FF62C948-620D-4ACC-8C4D-BBE6554465A8}
[2012/02/17 17:25:03 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BE5ED8BB-852C-42FF-ADCE-3DD1FF86966D}
[2012/02/17 16:28:34 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{AB4B7CF7-FF36-4E5B-B8D0-2934113B68C6}
[2012/02/17 16:28:24 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{04A7E7FA-A03A-4313-A736-71CADCD3FA37}
[2012/02/16 23:06:18 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{38B7569F-DBD3-4F9D-8A7E-2B9538FED7F0}
[2012/02/16 23:06:07 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{D89628BF-7DE5-4706-8D50-AFEBD5B94655}
[2012/02/16 11:04:12 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{D296C7FC-0072-46E6-890C-C5E260E21F75}
[2012/02/16 11:04:02 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{A3395745-54AD-4AE2-B0B4-390676CC2766}
[2012/02/15 21:49:57 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{108FEF41-AEA5-4FD8-A738-1E0E72B906B8}
[2012/02/15 21:49:42 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{0D585E0C-BEB3-409A-9604-F9DDF704A9C4}
[2012/02/15 09:49:15 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{17803389-C61D-4B35-9D6F-62CCFA54D800}
[2012/02/15 09:49:05 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{FCD50232-3C65-40E4-8972-9176A8C62C50}
[2012/02/14 21:48:42 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{D5977D20-9B86-4EAA-AF09-C334B07E65B2}
[2012/02/14 21:48:32 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{A4B9B680-9F4E-492F-B82F-0743F6620F23}
[2012/02/14 09:48:08 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{BFA1E5A1-AA2D-4F0B-B5FA-94B786426921}
[2012/02/14 09:47:59 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{4EF47344-B5D7-464D-A8DE-6CCBC90BC8E1}
[2012/02/13 21:47:19 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{E4DF758B-A4F2-4646-B521-6238B2E59A92}
[2012/02/13 21:47:06 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{DDC3B145-2EA2-41FE-8D39-22A8FCEF1FBE}
[2012/02/13 08:47:09 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C38A9C48-1A51-41DB-8CA1-0E71EC6E3AC4}
[2012/02/13 08:46:59 | 000,000,000 | ---D | C] -- C:\Users\computer\AppData\Local\{C23DAEBB-D5D9-43C4-92CF-E32828CBACBC}
========== Files - Modified Within 30 Days ==========
[2012/03/13 21:30:10 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 21:30:10 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/13 21:25:15 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\OTL.com
[2012/03/13 21:21:59 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/13 21:21:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/13 21:21:31 | 523,153,407 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/13 10:11:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3686709067-1708269120-2177690567-1000UA.job
[2012/03/13 06:56:50 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job
[2012/03/13 06:50:49 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\computer\Desktop\TFC.exe
[2012/03/13 06:42:32 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 06:42:00 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\computer\Desktop\mbam--setup-1.60.1.1000.exe
[2012/03/13 06:30:17 | 000,002,979 | ---- | M] () -- C:\Users\computer\Desktop\HiJackThis.lnk
[2012/03/12 21:57:26 | 001,571,010 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/12 21:57:26 | 000,708,454 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat
[2012/03/12 21:57:26 | 000,622,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/12 21:57:26 | 000,136,602 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat
[2012/03/12 21:57:26 | 000,109,434 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/11 16:33:02 | 000,001,202 | ---- | M] () -- C:\Users\computer\Desktop\WinAVI All in One Converter.lnk
[2012/03/11 16:13:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/11 16:13:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/03/08 13:11:00 | 000,000,918 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3686709067-1708269120-2177690567-1000Core.job
[2012/02/18 07:18:10 | 000,001,011 | ---- | M] () -- C:\Users\computer\Desktop\Spotnet IL.lnk
========== Files Created - No Company Name ==========
[2012/03/13 10:07:14 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012/03/13 06:42:32 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/13 06:30:17 | 000,002,979 | ---- | C] () -- C:\Users\computer\Desktop\HiJackThis.lnk
[2012/03/11 16:33:02 | 000,001,202 | ---- | C] () -- C:\Users\computer\Desktop\WinAVI All in One Converter.lnk
[2012/02/18 07:18:10 | 000,001,011 | ---- | C] () -- C:\Users\computer\Desktop\Spotnet IL.lnk
[2012/01/22 19:30:42 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2012/01/08 10:10:14 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/01/08 10:10:14 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/01/08 10:10:14 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/01/08 10:10:14 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/01/08 10:10:14 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/12/04 16:56:21 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/12/04 16:56:21 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/08/05 13:54:36 | 000,017,408 | ---- | C] () -- C:\Users\computer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 08:58:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/06/28 18:36:35 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/06/28 18:35:44 | 001,593,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/12/02 16:50:23 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/12/02 16:43:32 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
========== LOP Check ==========
[2011/09/29 05:46:19 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\aliasworlds
[2012/01/08 10:21:46 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\AVG
[2011/06/16 10:50:59 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\AVG10
[2011/06/23 09:35:18 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\DAEMON Tools Lite
[2012/01/22 18:07:40 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\eSobi
[2012/03/06 20:12:06 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\GrabIt
[2012/01/19 10:37:40 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\NAVIGON Fresh
[2011/06/15 13:53:35 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\OEM
[2011/06/15 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\PowerCinema
[2012/01/02 10:10:30 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Spotify
[2011/10/25 09:40:31 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\TeamViewer
[2011/11/12 15:47:09 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Thunderbird
[2012/02/17 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\TouchGadget
[2011/06/15 15:16:30 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\TouchSuite
[2012/03/11 16:33:04 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\WinAVI
[2011/06/17 16:00:51 | 000,000,000 | ---D | M] -- C:\Users\computer\AppData\Roaming\Windows Live Writer
[2012/03/13 21:21:59 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012/03/08 13:11:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3686709067-1708269120-2177690567-1000Core.job
[2012/03/13 10:11:01 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3686709067-1708269120-2177690567-1000UA.job
[2012/01/24 04:07:42 | 000,032,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012/03/13 06:56:50 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 151 bytes -> C:\ProgramData\Temp:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E36F5B57
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
< End of report >
bike devil 13 March 2012, 22:35 OTL Extras logfile created on: 3/13/2012 9:25:29 PM - Run 1
OTL by OldTimer - Version 3.2.36.3 Folder = C:\Users\computer\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: België | Language: NLB | Date Format: d/MM/yyyy
5.98 Gb Total Physical Memory | 3.85 Gb Available Physical Memory | 64.38% Memory free
11.96 Gb Paging File | 10.04 Gb Available in Paging File | 83.91% Paging File free
Paging file location(s): ?:\pagefile.sys
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 689.79 Gb Total Space | 249.12 Gb Free Space | 36.11% Space Free | Partition Type: NTFS
Drive D: | 689.79 Gb Total Space | 140.08 Gb Free Space | 20.31% Space Free | Partition Type: NTFS
Computer Name: COMPUTER-PC | User Name: computer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[b]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{4567EA14-6BCA-3EF9-859B-92CE48B1D704}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Virtual Earth 3D (Beta)
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle videodriver
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0413-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Dutch) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{A8EC0CC0-AD8D-4244-B080-424EDF7A7634}" = Native Instruments Traktor 2
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA-configuratiescherm 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafisch stuurprogramma 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR 4.01 (64-bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{01C246F5-D7EE-4C87-AF61-04814C78319C}" = Acer TouchPortal
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer TouchCam
"{0332483b-2f7e-49f7-8cd5-cae634cb5011}" = Nero 9 Essentials
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{12947715-B6F0-4597-816F-5E13FB647921}_is1" = Spotnet
"{1362E602-9625-42D3-B57F-CDA9D26F9DA8}" = Pinnacle Studio 15
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{41E0DF1D-F433-41D2-8668-5A20C28385F0}" = Acer TouchPortal
"{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaEspresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A814B53-01A3-49D1-B2B8-06BFEAC792CA}" = MediaShow Espresso
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1" = Acer GameZone Console
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{75880CD4-9436-4EDD-B7E7-400EBFD60B2C}" = TouchSettings
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82BEEB3F-D0BF-42EE-8739-F4827C4805B7}" = VirtualDJ PRO Full
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}" = Spin & Win
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}" = Poker Pop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116564400}" = Dreamsdwell Stories
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117449150}" = Bato Treasures of Tibet
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0015-0413-0000-0000000FF1CE}" = Microsoft Office Access MUI (Dutch) 2007
"{90120000-0015-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0413-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Dutch) 2007
"{90120000-0016-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0413-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Dutch) 2007
"{90120000-0018-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0413-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Dutch) 2007
"{90120000-0019-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0413-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Dutch) 2007
"{90120000-001A-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0413-0000-0000000FF1CE}" = Microsoft Office Word MUI (Dutch) 2007
"{90120000-001B-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_ENTERPRISE_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0413-1000-0000000FF1CE}_ENTERPRISE_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0413-0000-0000000FF1CE}" = Microsoft Office Proofing (Dutch) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0413-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Dutch) 2007
"{90120000-0044-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0413-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Dutch) 2007
"{90120000-006E-0413-0000-0000000FF1CE}_ENTERPRISE_{89C8E56A-90D8-4598-B0E6-EB28F6270E07}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0413-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Dutch) 2007
"{90120000-00A1-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0413-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Dutch) 2007
"{90120000-00BA-0413-0000-0000000FF1CE}_ENTERPRISE_{DC387AA5-94A6-4920-B004-D59846526D81}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932D0FC7-6DF1-4136-A2EC-166E8DEFD6A4}" = Ad-Aware
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C652F86F-348A-4A65-8BE8-A3F7A6370D98}" = Acer TouchPortal
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"CanonMyPrinter" = Canon My Printer
"DAEMON Tools Lite" = DAEMON Tools Lite
"EASEUS Partition Master Server Edition_is1" = EASEUS Partition Master 9.1.0 Server Edition
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FIFA 12 (c) EA_is1" = FIFA 12 (c) EA version 1
"F-Secure Product 444" = Telenet Security Pack
"GFWL_{434D0FA1-3E0C-4D03-A5D4-5E1000008100}" = F1 2011
"Goofy Skateboarding_is1" = Extremely Goofy Skateboarding
"GrabIt_is1" = GrabIt 1.7.2 Beta 6 (build 1008)
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.60.1.1000
"Mozilla Firefox 8.0 (x86 nl)" = Mozilla Firefox 8.0 (x86 nl)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Native Instruments Traktor 2" = Native Instruments Traktor 2
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"OpenAL" = OpenAL
"OziExplorer 3.95_is1" = OziExplorer 3.95
"QuickPar" = QuickPar 0.9
"Radio Online_is1" = Radio Online V7.5.0
"Spotnet Improver Local_is1" = Spotnet Improver Local v1.8a
"Switch" = Switch Sound File Converter
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"Weerstation Online_is1" = Weerstation Online 2.6.0
"WinAVI All in One Converter" = WinAVI All in One Converter
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite" = Windows Live Essentials
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3686709067-1708269120-2177690567-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall]
"Spotify" = Spotify
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
Juisterr 13 March 2012, 22:52 Download ComboFix van één van deze locaties:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)
* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op.
>>Hier<< (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden) kunt u lezen hoe u Combofix dient te gebruiken.
http://www.imgdumper.nl/uploads4/4de6eab686b90/4de6eab6867f3-Combofix.JPG
1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix.
* (hier (http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32608) of hier (http://www.hijackthis.nl/forum/viewtopic.php?f=86&t=32607) 2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.
* Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion." herstart dan de computer.
5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
bike devil 13 March 2012, 23:44 ComboFix 12-03-13.01 - computer 13/03/2012 22:37:40.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.6127.4501 [GMT 1:00]
Gestart vanuit: c:\users\computer\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: Telenet Security Pack 9.01 *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
FW: Telenet Security Pack 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Telenet Security Pack 9.01 *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\computer\AppData\Local\assembly\tmp
c:\users\computer\AppData\Local\Temp\ppcrlui_4100_ 2
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-13 to 2012-03-13 ))))))))))))))))))))))))))))))
.
.
2012-03-13 21:41 . 2012-03-13 21:41 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-13 21:41 . 2012-03-13 21:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-13 05:43 . 2012-03-13 05:43 -------- d-----w- c:\users\computer\AppData\Roaming\Malwarebytes
2012-03-13 05:42 . 2012-03-13 05:42 -------- d-----w- c:\programdata\Malwarebytes
2012-03-13 05:42 . 2012-03-13 05:42 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-13 05:42 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-13 05:30 . 2012-03-13 05:30 388096 ----a-r- c:\users\computer\AppData\Roaming\Microsoft\Instal ler\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-11 15:33 . 2012-03-11 15:33 -------- d-----w- c:\users\computer\AppData\Roaming\WinAVI
2012-03-11 15:33 . 2012-03-11 15:33 -------- d-----w- c:\users\computer\AppData\Local\WinAVI
2012-03-11 15:32 . 2012-03-11 15:32 -------- d-----w- c:\program files (x86)\WinAVI
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2012-02-20 03:17 . 2011-06-22 20:31 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2011-06-16 09:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-06 05:15 . 2012-02-08 03:18 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C46C5A6D-09ED-4529-BBF8-531B41AAAD03}\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows\currentversion\explorer\shelliconoverlayid entifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Facebook Update"="c:\users\computer\AppData\Local\Facebook\Update\Fa cebookUpdate.exe" [2012-02-04 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"UCam_Menu"="c:\program files (x86)\Acer\Acer Touch Suite\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"MDS_Menu"="c:\program files (x86)\Acer\clear.fi\MediaEspresso\MUITransfer\MUIS tartMenu.exe" [2009-05-20 222504]
"TouchSuiteMovieService"="c:\program files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\TouchMovieService.exe" [2010-10-30 124136]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2010-12-10 177448]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-11-10 613992]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"F-Secure Manager"="c:\program files (x86)\Telenet Security Pack\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files (x86)\Telenet Security Pack\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"RemoteControl11"="c:\program files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe" [2011-05-19 234792]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Weerstation Online.lnk - c:\program files (x86)\nend software\Weerstation Online\Weerstation Online.exe [2012-1-5 978720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\ windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""
.
R2 CLKMSVC10_34E30CCC;CyberLink Product - 2010/01/01 16:42;c:\program files (x86)\Acer\clear.fi\Movie\NavFilter\kmsvc.exe [2010-11-26 254448]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\ v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework6 4\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-11-03 2152152]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Telenet Security Pack\HIPS\drivers\fshs.sys [2009-08-05 57920]
S1 FSES;F-Secure Email Scanning Driver;c:\windows\system32\drivers\fses.sys [x]
S1 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Telenet Security Pack\Anti-Virus\minifilter\fsvista.sys [2009-08-05 14904]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIV ERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVER S\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVER S\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {31E9B156-F8C3-4B9A-BB45-D41BAA6B4400};Power Control [2010/01/01 16:39];c:\program files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\000.fcl [2010-10-26 22:19 146928]
S2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/07/09 18:19];c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fc l [2011-05-20 13:31 148976]
S2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\p rogram files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceF orPowerDVD.exe [2011-05-19 83240]
S2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS MonitorService.exe [2011-05-12 70952]
S2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMS Server.exe [2011-05-12 312616]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 ntk_PowerDVD;ntk_PowerDVD;c:\program files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\ntk_PowerDVD _64.sys [2011-05-19 75248]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-05 2655768]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-29 243232]
S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTIO N\USBS3S4Detection.exe [2009-12-09 76320]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Telenet Security Pack\Anti-Virus\minifilter\fsgk.sys [2011-09-08 198808]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Telenet Security Pack\ORSP Client\fsorsp.exe [2011-06-28 61088]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - CLKMDRV10_34E30CCC
*Deregistered* - Lavasoft Kernexplorer
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-11-03 11:06]
.
2012-03-08 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3686709067-1708269120-2177690567-1000Core.job
- c:\users\computer\AppData\Local\Facebook\Update\Fa cebookUpdate.exe [2012-02-04 12:06]
.
2012-03-13 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3686709067-1708269120-2177690567-1000UA.job
- c:\users\computer\AppData\Local\Facebook\Update\Fa cebookUpdate.exe [2012-02-04 12:06]
.
2012-03-13 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~2\TELENE~1\ANTI-V~1\fsav.exe [2011-06-28 15:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 03:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"TouchORB"="c:\program files (x86)\TouchSettings\TouchPortalOBR.exe" [2010-05-06 153416]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-12 11485800]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-10-12 2168424]
"TouchPortal"="c:\program files (x86)\Acer\Acer TouchPortal\TouchPortalLauncher.exe" [2010-07-08 436256]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nieuwsblad.be/?nieuwsblad=home
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Telenet Security Pack\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 195.130.131.5 195.130.130.133
DPF: {9C65AB3E-C9A8-4789-AE24-B365A1C4A6F9} - hxxp://acer-nl.custhelp.com/euf/assets/activex/snret.cab
FF - ProfilePath - c:\users\computer\AppData\Roaming\Mozilla\Firefox\ Profiles\fpclyt7w.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{ 31E9B156-F8C3-4B9A-BB45-D41BAA6B4400}]
"ImagePath"="\??\c:\program files (x86)\Acer\Acer TouchPortal\Acer Touch Movie\000.fcl"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{ 329F96B6-DF1E-4328-BFDA-39EA953C1312}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fc l"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3686709067-1708269120-2177690567-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3686709067-1708269120-2177690567-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3686709067-1708269120-2177690567-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3686709067-1708269120-2177690567-1000)
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil 11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil1 1f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.o cx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.o cx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.o cx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CL SID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\In terface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-03-13 22:43:36
ComboFix-quarantined-files.txt 2012-03-13 21:43
.
Pre-Run: 266.794.516.480 bytes beschikbaar
Post-Run: 266.703.597.568 bytes beschikbaar
.
- - End Of File - - 98D7903C7D0573AE63F5D3810F7CC901
Juisterr 14 March 2012, 14:00 ok niet verkeerd zo, hoe gaat het nu ?
bike devil 14 March 2012, 22:36 ja ziet er terug goed uit nu ,opstarten gaat sneller en internet pagina's ook
bedankt voor de hulp
Juisterr 17 March 2012, 20:02 Verwijder ComboFix, kopiëer het onderstaande commando met (Ctrl + C):
Combofix /Uninstall (let op!!! de spatie voor /Uninstall)
Klik Start -> Uitvoeren, en plak (Ctrl + V) het commando, toets vervolgens Ctrl + Shift + Enter.
Dit verwijdert zowel ComboFix, als je oude systeemherstelpunten (met eventuele restanten van malware), en maakt een nieuw systeemherstelpunt aan.
http://www.imgdumper.nl/uploads4/4e4e40e012008/4e4e40e01106d-cfu.jpg
Ccleaner
Download CCleaner Slim (http://www.filehippo.com/download_ccleaner/)
Installeer CCleaner en start CCleaner op.
Klik in de linkse kolom op Cleaner.
Klik achtereenvolgens op Analyseren en Opschonen.
Klik vervolgens in de linkse kolom op Register en klik op Scan naar problemen.
Als er fouten gevonden worden klik je op Herstel geselecteerde problemen en OK.
Dan krijg je de vraag om een back-up te maken, klik op JA. en kies dan Herstel alle geselecteerde fouten.
Sluit hierna CCleaner af.
Om herbesmetting te vermijden, kan je deze tips eens nalezen:
Hoe voorkom ik een nieuwe infectie? (http://users.telenet.be/marcvn/spyware/1564073.htm)
|
|