Hi ,
Thanks for your support.
For the moment my computer is very slow (the reason can be that I have only 1 GB, the computer is 5 years old I presume). I also don't know if I can trust my computer completely (can i do homebanking again, or do payments with visa .... ?).
I find it also very annoying that on the right sight of the screen, I receive information of google, and I get different photo's (wich change all the time, foto's i took myself, not photo's i haven't seen yet. Thanks for your reply and thanks for everything !
I succeeded in doing what you asked for so here are the reports .
========= OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll moved successfully.
Folder C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\{00f12770-e60e-4dc6-9105-425bface7c73}\ not found.
Folder C:\Users\lucas\AppData\Roaming\mozilla\Firefox\Profiles\m1jku03x.default\extensions\
[email protected]\ not found.
File C:\Users\lucas\AppData\Roaming\Mozilla\Firefox\Profiles\m1jku03x.default\searchplugins\askcom.xml not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {EDFCB7CB-942C-4822-AF14-F0B687409848}
C:\Windows\Downloaded Program Files\ImageUploader4.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDFCB7CB-942C-4822-AF14-F0B687409848}\ not found.
C:\Users\lucas\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\lucas\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\lucas\AppData\Local\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
C:\Users\lucas\AppData\Roaming\Babylon folder moved successfully.
C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix folder moved successfully.
C:\ProgramData\Sun\Java\Java Update folder moved successfully.
C:\ProgramData\Sun\Java folder moved successfully.
C:\ProgramData\Sun folder moved successfully.
C:\Program Files\Common Files\Java\Java Update folder moved successfully.
C:\Program Files\Common Files\Java folder moved successfully.
C:\ProgramData\xyVnk1DM374bcg moved successfully.
C:\Windows\System32\PAV_FOG.OPC moved successfully.
C:\ProgramData\~xyVnk1DM374bcg moved successfully.
C:\ProgramData\~xyVnk1DM374bcgr moved successfully.
C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk moved successfully.
C:\ProgramData\XbjbnAJdxZhEWK moved successfully.
C:\ProgramData\~XbjbnAJdxZhEWK moved successfully.
C:\ProgramData\~XbjbnAJdxZhEWKr moved successfully.
C:\Users\lucas\Desktop\System Fix.lnk moved successfully.
File C:\ProgramData\xyVnk1DM374bcg not found.
File C:\ProgramData\XbjbnAJdxZhEWK not found.
Folder C:\Users\lucas\AppData\Roaming\Babylon\ not found.
========== FILES ==========
< ipconfig /flushdns /c >Windows IP-configuratie
De DNS-omzettingscache is leeggemaakt.
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >0 bestand(en) gekopieerd
c:\Users\lucas\Downloads\cmd.bat deleted successfully.
c:\Users\lucas\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: esther
->Flash cache emptied: 28729 bytes
User: florien
->Flash cache emptied: 35730 bytes
User: lucas
->Flash cache emptied: 1012 bytes
User: Public
User: sabine
->Flash cache emptied: 4845 bytes
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: esther
->Java cache emptied: 55405232 bytes
User: florien
->Java cache emptied: 53692579 bytes
User: lucas
->Java cache emptied: 31999236 bytes
User: Public
User: sabine
->Java cache emptied: 10678091 bytes
Total Java Files Cleaned = 145,00 mb
OTL by OldTimer - Version 3.2.31.0 log created on 01262012_202801
OTL logfile created on: 26/01/2012 20:50:21 - Run 3
OTL by OldTimer - Version 3.2.31.0 Folder = c:\Users\lucas\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000813 | Country: België | Language: NLB | Date Format: d/MM/yyyy
894,70 Mb Total Physical Memory | 186,96 Mb Available Physical Memory | 20,90% Memory free
2,00 Gb Paging File | 0,61 Gb Available in Paging File | 30,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 305,44 Gb Total Space | 238,14 Gb Free Space | 77,97% Space Free | Partition Type: NTFS
Drive D: | 29,89 Gb Total Space | 23,17 Gb Free Space | 77,49% Space Free | Partition Type: FAT32
Computer Name: PCTHUIS | User Name: lucas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2012/01/07 19:02:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- c:\Users\lucas\Downloads\OTL.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 17:50:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/11/14 20:37:44 | 000,247,968 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/09/02 01:42:06 | 024,183,152 | ---- | M] (Dropbox, Inc.) -- C:\Users\lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/09/02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe
PRC - [2011/04/13 16:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\ApVxdWin.exe
PRC - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe
PRC - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\psksvc.exe
PRC - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe
PRC - [2010/05/28 12:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\AVENGINE.EXE
PRC - [2010/04/22 17:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\WebProxy.exe
PRC - [2010/02/23 11:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavBckPT.exe
PRC - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\Program Files\Panda Security\Panda Internet Security 2012\FIREWALL\PSHost.exe
PRC - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrlS.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/06/27 12:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\SrvLoad.exe
PRC - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe
PRC - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Common Files\Panda Security\PavShld\PavPrSrv.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/07/06 10:06:52 | 004,669,440 | -H-- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/03/12 10:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
PRC - [2006/10/11 11:45:12 | 000,075,304 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
PRC - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe
========== Modules (No Company Name) ========== MOD - [2011/10/15 19:50:07 | 000,998,400 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll
MOD - [2011/10/15 19:47:50 | 000,771,584 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll
MOD - [2011/10/15 19:47:47 | 011,804,672 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll
MOD - [2011/10/15 19:47:05 | 000,971,264 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011/10/15 17:58:12 | 005,450,752 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011/10/15 17:50:45 | 012,430,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011/10/15 17:50:22 | 001,587,200 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011/10/15 17:48:48 | 007,950,848 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011/10/15 17:48:40 | 011,490,816 | -H-- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011/10/09 12:14:22 | 000,034,816 | ---- | M] () -- C:\Program Files\Google\Google Desktop Search\gzlib.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2009/03/31 19:04:19 | 000,446,464 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_nl_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009/03/31 19:04:18 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_nl_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007/08/15 15:30:38 | 000,233,472 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.2736.38325__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll
MOD - [2007/08/15 15:30:36 | 000,073,728 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.2736.38339__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,438,272 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.2736.38346__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:35 | 000,208,896 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.2736.38389__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.2700.34701__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.2700.34689__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.2700.34706__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll
MOD - [2007/08/15 15:30:34 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.2700.34739__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.2700.34728__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Shared\2.0.2700.34714__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,053,248 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.2700.34722__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.2700.34674__90ba9c70f846762e\CLI.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.2700.34697__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,049,152 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.2700.34727__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll
MOD - [2007/08/15 15:30:33 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.2705.19134__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.2700.34759__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.2700.34726__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.2700.34671__90ba9c70f846762e\LOG.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.2700.34808__90ba9c70f846762e\CLI.Foundation.XManifest.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.2700.34716__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,028,672 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.2700.34721__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.2700.34680__90ba9c70f846762e\NEWAEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Shared\2.0.2700.34739__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.2700.34758__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MultiVPU2.Graphics.Shared\2.0.2700.34723__90ba9c70f846762e\CLI.Aspect.MultiVPU2.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.2700.34724__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Foundation\2.0.2700.34672__90ba9c70f846762e\AEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.2700.34751__90ba9c70f846762e\DEM.OS.I0602.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.2700.34705__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.2700.34694__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.2700.34686__90ba9c70f846762e\CLI.Component.Client.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.2700.34717__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.AForce.Graphics.Shared\2.0.2700.34753__90ba9c70f846762e\CLI.Aspect.AForce.Graphics.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.2700.34704__90ba9c70f846762e\APM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.2700.34703__90ba9c70f846762e\MOM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.2700.34718__90ba9c70f846762e\DEM.OS.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.2700.34754__90ba9c70f846762e\DEM.Graphics.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.2700.34702__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.2700.34729__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll
MOD - [2007/08/15 15:30:33 | 000,016,384 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.2700.34697__90ba9c70f846762e\AEM.Server.Shared.dll
MOD - [2007/08/15 15:30:32 | 000,086,016 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray.resources\2.0.2736.38600_nl_90ba9c70f846762e\CLI.Component.Systemtray.resources.dll
MOD - [2007/08/15 15:30:32 | 000,036,864 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.2736.38653__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll
MOD - [2007/08/15 15:30:32 | 000,006,656 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.2736.38316__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll
MOD - [2007/08/15 15:30:31 | 001,503,232 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.2736.38333__90ba9c70f846762e\CLI.Component.Dashboard.dll
MOD - [2007/08/15 15:30:31 | 000,471,040 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.2736.38354__90ba9c70f846762e\CLI.Component.Wizard.dll
MOD - [2007/08/15 15:30:31 | 000,446,464 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.2736.38600__90ba9c70f846762e\CLI.Component.Systemtray.dll
MOD - [2007/08/15 15:30:31 | 000,102,400 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.2736.38608__90ba9c70f846762e\MOM.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,069,632 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.2736.38317__90ba9c70f846762e\CLI.Component.Runtime.dll
MOD - [2007/08/15 15:30:31 | 000,061,440 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.2736.38607__90ba9c70f846762e\LOG.Foundation.Implementation.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.2700.34690__90ba9c70f846762e\CLI.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.2700.34706__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,040,960 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.2700.34698__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.2700.34681__90ba9c70f846762e\LOG.Foundation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,024,576 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.2700.34752__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.2700.34708__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll
MOD - [2007/08/15 15:30:31 | 000,020,480 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.2700.34711__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll
MOD - [2007/08/15 15:30:30 | 000,065,536 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.2736.38318__90ba9c70f846762e\ATIDEMOS.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.2736.38317__90ba9c70f846762e\APM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,045,056 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.2736.38316__90ba9c70f846762e\AEM.Server.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.2736.38608__90ba9c70f846762e\CCC.Implementation.dll
MOD - [2007/08/15 15:30:30 | 000,032,768 | -H-- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll
MOD - [2007/06/27 02:51:00 | 000,159,744 | -H-- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2007/02/14 12:55:12 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\MiniCrypto.dll
MOD - [2004/05/19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files\Panda Security\Panda Internet Security 2012\LIBXML2.DLL
========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (SymAppCore)
SRV - File not found [Auto | Stopped] -- -- (Planner voor Automatische LiveUpdate)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/04/14 15:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\TPSrv.exe -- (TPSrv)
SRV - [2010/10/20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010/08/16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010/06/04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009/11/26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files\panda security\panda internet security 2012\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009/08/24 12:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009/08/10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2008/06/19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Internet Security 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008/02/04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/03/12 10:22:00 | 000,517,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe -- (LiveUpdate Notice Service)
SRV - [2001/11/12 12:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/06/07 21:37:24 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\COMFiltr.sys -- (ComFiltr)
DRV - [2011/02/21 13:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011/01/31 15:41:28 | 000,083,528 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2010/09/09 15:23:00 | 000,193,864 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2010/09/01 10:09:14 | 000,201,032 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\neti1644.sys -- (NETIMFLT01060044)
DRV - [2010/06/22 17:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010/05/21 12:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010/05/06 16:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2009/09/25 13:54:08 | 000,046,856 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2009/09/25 13:54:06 | 000,159,112 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | System | Running] -- C:\Windows\System32\drivers\NETFLTDI.SYS -- (NETFLTDI)
DRV - [2009/09/25 13:54:04 | 000,022,024 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2009/09/25 13:54:02 | 000,053,256 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2007/07/23 14:07:52 | 001,223,008 | -H-- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2007/06/27 03:00:42 | 002,770,432 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007/06/25 12:37:24 | 000,084,480 | -H-- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/05/14 09:10:02 | 000,135,400 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService)
DRV - [2006/11/17 09:31:04 | 000,013,976 | -H-- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006/10/30 16:23:12 | 000,007,680 | -H-- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2005/10/18 01:50:06 | 000,245,376 | -H-- | M] (Ralink Technology Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rt2500usb.sys -- (RT2500USB)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.aldi.com/IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.aldi.com/ IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.aldi.com/IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://www.nieuwsblad.be/IE - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Users\florien\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
[2012/01/26 20:28:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/16 22:14:50 | 000,002,067 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\blekkotb.xml
O1 HOSTS File: ([2012/01/26 20:29:20 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Help bij koppelingen) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Internet Security 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Internet Security 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" File not found
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\esther\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk = File not found
O4 - Startup: C:\Users\florien\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk = File not found
O4 - Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\lucas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\sabine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk = File not found
O8 - Extra context menu item: &Verzenden naar OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-2528648001-3019182305-1618475911-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.130.131.5 195.130.130.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2CE621A6-AD07-46A5-9937-A50BAA9CCD32}: DhcpNameServer = 195.130.131.5 195.130.130.133
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4719DAC7-5553-4158-A4E8-49B357D04C07}: DhcpNameServer = 195.130.130.5 195.130.131.5
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - avldr.dll (On-Access Anti-Malware Scanner Sync)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) -credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ========== [2012/01/26 18:33:18 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{4C816735-F175-4D3F-B641-D0B098C5810D}
[2012/01/26 18:32:42 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{87B82590-44D4-4C4E-B1F0-217B0F9564DE}
[2012/01/23 18:52:19 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{265CA8BE-EA8B-418A-923B-CCC9FA2F5AE8}
[2012/01/23 18:52:06 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{0563A40A-32D8-4FF7-9BD2-21AB1FA3C070}
[2012/01/19 20:34:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/01/19 20:04:11 | 000,000,000 | ---D | C] -- C:\Users\lucas\Desktop\RK_Quarantine
[2012/01/19 19:48:41 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{E175A91A-1914-47A3-BD4E-A826A6DC2465}
[2012/01/19 19:48:28 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{1386CF7D-AB4A-40EF-95E9-3EB7CAA0F499}
[2012/01/17 20:10:45 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{FE84CAC8-637C-4F77-BA37-6A01BA9B111B}
[2012/01/17 20:10:38 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{029936A4-39A1-4B83-9FAF-9CBA3F981190}
[2012/01/15 10:34:24 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{D7531E2B-F7BF-49B7-8CC8-84F8438ED35F}
[2012/01/15 10:34:04 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8672F35C-2C4E-4B29-AA00-46E473546CD6}
[2012/01/14 18:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2012/01/14 15:25:47 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Systweak
[2012/01/14 15:25:45 | 000,017,280 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\System32\roboot.exe
[2012/01/14 15:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[2012/01/14 15:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\DealPly
[2012/01/14 15:23:26 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab PDF Creator
[2012/01/14 15:23:17 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabPDFConverter
[2012/01/14 15:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/01/14 14:34:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/14 14:33:55 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/01/14 11:57:38 | 000,939,368 | ---- | C] (Macromedia, Inc.) -- C:\Windows\System32\flash.ocx
[2012/01/14 11:57:09 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\PackageAware
[2012/01/14 10:22:12 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{D8AC7B71-1904-4244-A1F6-125EC26AE539}
[2012/01/14 10:21:49 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{7B80337A-06D8-44EA-874C-A267EC38235A}
[2012/01/09 21:29:50 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{99216981-3F49-4EA5-B8F2-6E572689B22A}
[2012/01/09 21:28:53 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{1772A14D-8070-457D-BE49-DC887B3006C8}
[2012/01/08 15:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/08 15:33:14 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\TestApp
[2012/01/08 15:24:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012/01/08 15:16:26 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012/01/08 14:38:34 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{2E7D85CC-8E9B-424B-A067-921C920D0BCB}
[2012/01/08 14:38:02 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{AEE4F370-A519-4300-9D77-A3AB4416E226}
[2012/01/08 13:49:10 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2012/01/08 13:08:54 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{A01D0847-5B1D-4A97-809B-0B34F0E40F04}
[2012/01/07 11:07:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{B61184D8-A594-4B26-858E-D45FF1195C0D}
[2012/01/07 11:02:35 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{26ACF9BC-EEA2-49C3-BA3D-B2DC31816637}
[2012/01/07 06:54:06 | 000,000,000 | ---D | C] -- C:\NBRT
[2012/01/07 00:17:37 | 000,000,000 | ---D | C] -- C:\Program Files\Anti-Hijacker
[2012/01/07 00:17:34 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\blekkotb
[2012/01/07 00:17:26 | 000,000,000 | ---D | C] -- C:\Program Files\blekkotb
[2012/01/06 21:41:30 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\CrashDumps
[2012/01/06 19:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Internet Security
[2012/01/06 19:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2012/01/06 19:55:15 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2012/01/06 18:56:25 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{CA5D2AE9-0AE7-471C-9924-1811B2AE103B}
[2012/01/06 18:56:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{75750C5B-17A3-4805-AB86-E48EB8270F0E}
[2012/01/04 19:49:11 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware(87)
[2012/01/04 19:12:55 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\AMD
[2012/01/04 12:46:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Anti-phishing Domain Advisor
[2012/01/04 12:04:36 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{76208897-001C-4D7C-920D-BD6636BE50D3}
[2012/01/04 12:04:21 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{C6D2A597-5D31-448A-8264-4DE002100C4B}
[2012/01/03 19:52:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012/01/03 16:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/01/03 16:27:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD
[2012/01/03 16:17:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012/01/03 16:16:21 | 000,000,000 | ---D | C] -- C:\ATI
[2012/01/03 16:05:51 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2012/01/03 10:57:10 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{881E9B3A-284E-4595-A758-74E06C363FEA}
[2012/01/03 10:47:31 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{EFCDB3E5-383B-4D5A-8B8C-109D32787E38}
[2012/01/02 15:17:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/01/02 08:35:39 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{7F8AA3F9-569F-4E90-9AC3-A3C2681E2DE0}
[2012/01/02 08:35:32 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{417BFCC2-4016-4CFE-9C73-0B2102A78BBD}
[2012/01/01 12:29:48 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Roaming\Malwarebytes
[2012/01/01 12:28:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/01 12:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/01/01 12:24:03 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{0F0F0D63-AC5F-4C03-AF14-7E0FA4CD6741}
[2012/01/01 12:23:47 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{01B32FDB-4867-460A-BF6B-2A8808A68EEB}
[2011/12/29 14:22:37 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{F9D1B573-5EBC-41EC-9DC1-615EA22A6397}
[2011/12/29 14:22:32 | 000,000,000 | ---D | C] -- C:\Users\lucas\AppData\Local\{8DE3C406-A7B8-4B5B-BC2F-F19BDA806290}
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2012/01/26 20:40:53 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG.bck
[2012/01/26 20:40:53 | 000,001,132 | ---- | M] () -- C:\Windows\System32\drivers\APPFLTR.CFG
[2012/01/26 20:40:53 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,252 | ---- | M] () -- C:\Windows\System32\drivers\etc\IdsFlt.cfg
[2012/01/26 20:40:53 | 000,000,116 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt.bck
[2012/01/26 20:40:53 | 000,000,116 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetLoc.wlt
[2012/01/26 20:40:53 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetFlt.cfg
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\WnmFlt.cfg
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg.bck
[2012/01/26 20:40:53 | 000,000,056 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.cfg
[2012/01/26 20:40:44 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls.bck
[2012/01/26 20:40:44 | 000,303,044 | ---- | M] () -- C:\Windows\System32\drivers\etc\DsaFlt.rls
[2012/01/26 20:38:19 | 000,291,384 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2012/01/26 20:38:19 | 000,291,384 | ---- | M] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2012/01/26 20:35:02 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg
[2012/01/26 20:35:02 | 000,000,076 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt.bck
[2012/01/26 20:35:02 | 000,000,076 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAR.wlt
[2012/01/26 20:34:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 20:34:03 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 20:33:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/26 20:33:52 | 938,926,080 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/26 20:33:05 | 000,000,152 | ---- | M] () -- C:\Windows\System32\drivers\etc\NetAdapt.cfg.bck
[2012/01/26 20:29:20 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/19 20:59:21 | 000,000,512 | ---- | M] () -- C:\Users\lucas\Desktop\MBR.dat
[2012/01/19 20:56:52 | 000,001,105 | ---- | M] () -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
[2012/01/14 17:55:33 | 000,000,947 | ---- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/14 16:54:49 | 000,426,208 | -H-- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/01/14 15:37:38 | 000,357,766 | ---- | M] () -- C:\Users\lucas\Desktop\HostsXpert.zip
[2012/01/14 15:23:30 | 000,001,491 | ---- | M] () -- C:\user.js
[2012/01/14 15:00:07 | 001,402,880 | ---- | M] () -- C:\Users\lucas\Desktop\HijackThis.msi
[2012/01/14 14:40:17 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 16:25:42 | 000,001,347 | ---- | M] () -- C:\Users\lucas\Desktop\sdsetup.exe.lnk
[2012/01/08 13:24:51 | 000,001,356 | ---- | M] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2012/01/08 13:06:55 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmuth.wlt.bck
[2012/01/08 13:06:55 | 000,000,360 | ---- | M] () -- C:\Windows\System32\drivers\etc\wnmuth.wlt
[2012/01/07 11:17:33 | 000,000,940 | ---- | M] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
========== Files Created - No Company Name ========== [2012/01/19 20:59:21 | 000,000,512 | ---- | C] () -- C:\Users\lucas\Desktop\MBR.dat
[2012/01/19 20:56:52 | 000,001,105 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Schermopname en Snel starten.lnk
[2012/01/14 17:55:33 | 000,000,947 | ---- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/01/14 15:37:39 | 000,357,766 | ---- | C] () -- C:\Users\lucas\Desktop\HostsXpert.zip
[2012/01/14 15:23:26 | 000,098,304 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2012/01/14 15:23:22 | 000,001,491 | ---- | C] () -- C:\user.js
[2012/01/14 15:00:34 | 001,402,880 | ---- | C] () -- C:\Users\lucas\Desktop\HijackThis.msi
[2012/01/14 14:34:11 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/01/08 15:33:18 | 000,001,347 | ---- | C] () -- C:\Users\lucas\Desktop\sdsetup.exe.lnk
[2012/01/08 13:26:45 | 938,926,080 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/07 11:17:33 | 000,000,940 | ---- | C] () -- C:\Users\lucas\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2012/01/03 10:58:57 | 000,001,356 | ---- | C] () -- C:\Users\lucas\AppData\Local\d3d9caps.dat
[2011/06/07 21:37:24 | 000,013,880 | ---- | C] () -- C:\Windows\System32\drivers\COMFiltr.sys
[2011/06/07 21:36:49 | 000,000,262 | -H-- | C] () -- C:\Windows\System32\PavCPL.dat
[2011/06/07 21:36:38 | 000,291,384 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT.bck
[2011/06/07 21:36:38 | 000,291,384 | ---- | C] () -- C:\Windows\System32\drivers\APPFCONT.DAT
[2011/02/07 21:03:54 | 000,000,106 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\wklnhst.dat
[2009/09/19 19:44:00 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/19 19:43:59 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | -H-- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | -H-- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/06/14 12:24:44 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat
[2009/06/14 12:01:14 | 000,000,000 | ---- | C] () -- C:\ProgramData\Sounds
[2009/06/13 16:18:07 | 000,000,000 | ---- | C] () -- C:\Users\lucas\AppData\Roaming\Standard
[2009/06/13 16:18:07 | 000,000,000 | ---- | C] () -- C:\ProgramData\PKP_DLdu.DAT
[2009/06/09 20:54:48 | 000,055,296 | -H-- | C] () -- C:\Users\lucas\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/05/17 16:00:56 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/22 18:06:42 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/03/23 16:25:57 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLec.DAT
[2008/02/24 14:16:29 | 000,000,392 | -H-- | C] () -- C:\Windows\ODBC.INI
[2008/01/13 15:28:43 | 000,000,268 | R--- | C] () -- C:\ProgramData\StartupItems
[2008/01/13 15:28:43 | 000,000,268 | R--- | C] () -- C:\Users\lucas\AppData\Roaming\Speech Enhancer
[2008/01/13 15:28:43 | 000,000,012 | R--- | C] () -- C:\ProgramData\String Comparison
[2008/01/13 15:28:42 | 000,000,020 | ---- | C] () -- C:\ProgramData\PKP_DLds.DAT
[2008/01/03 21:05:56 | 000,015,377 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2007/10/07 19:37:07 | 000,000,416 | -H-- | C] () -- C:\Windows\MAXLINK.INI
[2007/08/13 13:57:52 | 000,127,184 | -H-- | C] () -- C:\Windows\Unwise.exe
[2007/08/10 13:20:57 | 003,107,788 | -H-- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/08/10 13:20:57 | 000,159,744 | -H-- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/08/10 13:20:56 | 000,144,773 | -H-- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/08/10 12:11:57 | 000,009,824 | -H-- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2006/11/02 17:11:51 | 000,679,906 | -H-- | C] () -- C:\Windows\System32\perfh013.dat
[2006/11/02 17:11:51 | 000,336,440 | -H-- | C] () -- C:\Windows\System32\perfi013.dat
[2006/11/02 17:11:51 | 000,131,026 | -H-- | C] () -- C:\Windows\System32\perfc013.dat
[2006/11/02 17:11:51 | 000,041,976 | -H-- | C] () -- C:\Windows\System32\perfd013.dat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,426,208 | -H-- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,598,702 | -H-- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | -H-- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,104,716 | -H-- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | -H-- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:23:21 | 000,215,943 | -H-- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | -H-- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | -H-- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | -H-- | C] () -- C:\Windows\System32\mlang.dat
========== LOP Check ========== [2007/10/11 20:43:27 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\BullGuard
[2010/11/29 19:51:48 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Canon
[2008/07/24 19:04:56 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Nikon
[2010/11/15 17:01:16 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Template
[2009/09/28 16:03:44 | 000,000,000 | ---D | M] -- C:\Users\esther\AppData\Roaming\Ulead Systems
[2007/10/14 17:03:34 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\BullGuard
[2011/04/08 15:14:50 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Canon
[2008/07/24 19:59:24 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Nikon
[2008/01/26 12:57:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\ScanSoft
[2012/01/23 07:50:52 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Spotify
[2011/02/08 21:32:18 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Template
[2011/06/30 19:57:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Windows Live Writer
[2009/10/04 14:52:49 | 000,000,000 | ---D | M] -- C:\Users\florien\AppData\Roaming\Zylom
[2007/10/10 06:53:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\BullGuard
[2010/07/27 20:16:25 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Canon
[2012/01/26 20:37:26 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Dropbox
[2009/06/13 16:22:19 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Nikon
[2011/06/07 21:30:26 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Panda Security
[2007/10/07 19:36:59 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\ScanSoft
[2012/01/14 18:00:18 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Systweak
[2011/02/07 21:04:01 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Template
[2012/01/08 15:33:14 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\TestApp
[2008/03/23 17:32:35 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\Ulead Systems
[2012/01/03 20:30:10 | 000,000,000 | ---D | M] -- C:\Users\lucas\AppData\Roaming\UpdateStar Drivers
[2011/06/07 11:30:55 | 000,000,000 | ---D | M] -- C:\Users\sabine\AppData\Roaming\Nikon
[2012/01/26 20:32:50 | 000,032,586 | -H-- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ========== ========== Custom Scans ========== < > < %SYSTEMDRIVE%\*.exe > < MD5 for: EXPLORER.EXE >[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/15 17:01:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/15 17:01:33 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
< MD5 for: SVCHOST.EXE >[2006/11/02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 08:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
< MD5 for: USERINIT.EXE >[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
< MD5 for: WINLOGON.EXE >[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/11 05:45:37 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{2CE621A6-AD07-46A5-9937-A50BAA9CCD32}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{4719DAC7-5553-4158-A4E8-49B357D04C07}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{7E2F66D5-1A92-4F23-9B25-A6A1E98C5118}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/19 06:55:45 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 08 01 00 01 02 01 07 01 06 01 09 01 04 01 05 01 01 01 03 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 9
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 10:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1
< C:\Windows\assembly\tmp\U\*.* /s > < %Temp%\smtmp\1\*.* > < %Temp%\smtmp\2\*.* > < %Temp%\smtmp\3\*.* > < %Temp%\smtmp\4\*.* > < > ========== Alternate Data Streams ========== @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
< End of report >