HOi,
Heb bovenstaande ook gedaan en log hieronder geplaatst.
Alvast bedankt.
[hjt]
otl logfile created on: 18-4-2012 0:38:42 - run 1
otl by oldtimer - version 3.2.40.0 folder = c:\users\alexander\downloads
ultimate edition service pack 1 (version = 6.1.7601) - type = ntworkstation
internet explorer (version = 9.0.8112.16421)
locale: 00000413 | country: nederland | language: nld | date format: d-m-yyyy
2,91 gb total physical memory | 1,69 gb available physical memory | 57,97% memory free
5,83 gb paging file | 4,40 gb available in paging file | 75,51% paging file free
paging file location(s): ?:\pagefile.sys
[binary data]
%systemdrive% = c: | %systemroot% = c:\windows | %programfiles% = c:\program files
drive c: | 465,66 gb total space | 222,84 gb free space | 47,85% space free | partition type: ntfs
drive d: | 100,00 mb total space | 78,71 mb free space | 78,71% space free | partition type: ntfs
computer name: win732 | user name: alexander | logged in as administrator.
boot mode: normal | scan mode: all users | quick scan
company name whitelist: on | skip microsoft files: on | no company name whitelist: on | file age = 30 days
========== processes (safelist) ==========
prc -
[2012-04-18 00:37:52 | 000,595,968 | ---- | m] (oldtimer tools) -- c:\users\alexander\downloads\otl.com
prc -
[2012-04-15 14:31:03 | 000,353,440 | ---- | m] (adobe systems incorporated) --
c:\windows\system32\macromed\flash\flashutil32_11_2_202_233_activex.exe
prc -
[2012-04-04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) --
c:\program files\malwarebytes' anti-malware\mbamservice.exe
prc -
[2012-04-04 15:56:38 | 000,462,408 | ---- | m] (malwarebytes corporation) --
c:\program files\malwarebytes' anti-malware\mbamgui.exe
prc -
[2011-09-23 19:37:42 | 000,641,832 | ---- | m] (nero ag) --
c:\program files\nero\update\nasvc.exe
prc -
[2011-08-11 20:57:28 | 000,348,672 | ---- | m] () --
c:\program files\sabnzbd\sabnzbd.exe
prc -
[2011-06-24 06:22:20 | 000,271,360 | ---- | m] (microsoft corporation) --
c:\windows\system32\conhost.exe
prc -
[2011-06-15 15:16:48 | 000,997,920 | ---- | m] (microsoft corporation) --
c:\program files\microsoft security client\msseces.exe
prc -
[2011-04-27 15:39:26 | 000,208,944 | ---- | m] (microsoft corporation) --
c:\program files\microsoft security client\antimalware\nissrv.exe
prc -
[2011-04-27 15:39:26 | 000,011,736 | ---- | m] (microsoft corporation) --
c:\program files\microsoft security client\antimalware\msmpeng.exe
prc -
[2011-02-25 07:30:54 | 002,616,320 | ---- | m] (microsoft corporation) --
c:\windows\explorer.exe
prc -
[2010-11-20 23:29:19 | 000,049,152 | ---- | m] (microsoft corporation) --
c:\windows\system32\taskhost.exe
prc -
[2010-11-20 23:29:12 | 000,302,592 | ---- | m] (microsoft corporation) --
c:\windows\system32\cmd.exe
prc -
[2010-11-17 10:53:16 | 000,113,288 | ---- | m] (renesas electronics corporation) --
c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe
prc -
[2010-03-13 13:58:58 | 000,075,048 | ---- | m] (cyberlink) --
c:\program files\cyberlink\shared files\brs.exe
prc -
[2010-02-03 01:08:56 | 000,087,336 | ---- | m] (cyberlink corp.) --
c:\program files\cyberlink\powerdvd10\pdvd10serv.exe
prc -
[2010-01-24 18:50:08 | 000,089,600 | ---- | m] (ivosoft) --
c:\program files\classic shell\classicstartmenu.exe
========== modules (no company name) ==========
mod -
[2011-08-31 19:13:52 | 000,094,208 | ---- | m] () --
c:\windows\system32\icclibdll.dll
mod -
[2011-08-11 20:57:28 | 000,348,672 | ---- | m] () --
c:\program files\sabnzbd\sabnzbd.exe
mod -
[2011-03-17 00:11:16 | 004,297,568 | ---- | m] () -- c:\program files\common files\microsoft shared\office14\cultures\office.odf
mod -
[2010-11-01 18:52:28 | 000,057,344 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.crypto.pyd
mod -
[2010-11-01 18:52:28 | 000,037,888 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.ssl.pyd
mod -
[2010-11-01 18:52:28 | 000,007,168 | ---- | m] () -- c:\program files\sabnzbd\lib\openssl.rand.pyd
mod -
[2010-10-08 04:37:34 | 000,546,205 | ---- | m] () --
c:\program files\sabnzbd\lib\sqlite3.dll
mod -
[2010-01-31 17:14:32 | 000,118,784 | ---- | m] () --
c:\program files\sabnzbd\lib\pywintypes25.dll
mod -
[2010-01-31 17:11:56 | 000,671,744 | ---- | m] () -- c:\program files\sabnzbd\lib\_ssl.pyd
mod -
[2010-01-31 17:11:52 | 000,294,912 | ---- | m] () -- c:\program files\sabnzbd\lib\_hashlib.pyd
mod -
[2010-01-31 17:11:52 | 000,135,168 | ---- | m] () -- c:\program files\sabnzbd\lib\pyexpat.pyd
mod -
[2010-01-31 17:11:52 | 000,086,016 | ---- | m] () -- c:\program files\sabnzbd\lib\_ctypes.pyd
mod -
[2010-01-31 17:11:52 | 000,053,248 | ---- | m] () -- c:\program files\sabnzbd\lib\_socket.pyd
mod -
[2010-01-31 17:11:52 | 000,049,152 | ---- | m] () -- c:\program files\sabnzbd\lib\_sqlite3.pyd
mod -
[2010-01-31 17:11:52 | 000,008,192 | ---- | m] () -- c:\program files\sabnzbd\lib\select.pyd
mod -
[2010-01-31 16:56:20 | 000,024,576 | ---- | m] () -- c:\program files\sabnzbd\lib\servicemanager.pyd
mod -
[2010-01-31 16:56:12 | 000,102,400 | ---- | m] () -- c:\program files\sabnzbd\lib\win32api.pyd
mod -
[2010-01-31 16:56:04 | 000,036,864 | ---- | m] () -- c:\program files\sabnzbd\lib\win32service.pyd
mod -
[2010-01-31 16:54:18 | 000,040,960 | ---- | m] () -- c:\program files\sabnzbd\lib\win32process.pyd
mod -
[2010-01-31 16:54:16 | 000,019,968 | ---- | m] () -- c:\program files\sabnzbd\lib\win32pipe.pyd
mod -
[2010-01-31 16:54:06 | 000,014,848 | ---- | m] () -- c:\program files\sabnzbd\lib\win32evtlog.pyd
mod -
[2010-01-31 16:54:04 | 000,110,592 | ---- | m] () -- c:\program files\sabnzbd\lib\win32file.pyd
mod -
[2010-01-31 16:54:04 | 000,013,824 | ---- | m] () -- c:\program files\sabnzbd\lib\win32event.pyd
mod -
[2009-03-03 19:21:18 | 000,012,288 | ---- | m] () -- c:\program files\sabnzbd\lib\cheetah._namemapper.pyd
mod -
[2006-08-12 17:47:52 | 000,009,728 | ---- | m] () -- c:\program files\sabnzbd\lib\_yenc.pyd
========== win32 services (safelist) ==========
srv -
[2012-04-15 14:31:03 | 000,253,088 | ---- | m] (adobe systems incorporated) [on_demand | stopped] --
c:\windows\system32\macromed\flash\flashplayerupdateservice.exe -- (adobeflashplayerupdatesvc)
srv -
[2012-04-04 19:05:26 | 000,008,192 | ---- | m] () [auto | stopped] --
c:\windows\system32\srvany.exe -- (kmservice)
srv -
[2012-04-04 15:56:40 | 000,654,408 | ---- | m] (malwarebytes corporation) [auto | running] --
c:\program files\malwarebytes' anti-malware\mbamservice.exe -- (mbamservice)
srv -
[2012-03-11 21:41:49 | 000,655,624 | ---- | m] (acresso software inc.) [on_demand | stopped] --
c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe -- (flexnet licensing service)
srv -
[2011-09-23 19:37:42 | 000,641,832 | ---- | m] (nero ag) [auto | running] --
c:\program files\nero\update\nasvc.exe -- (naupdate)
srv -
[2011-06-12 11:15:00 | 031,125,880 | ---- | m] (microsoft corporation) [on_demand | stopped] --
c:\program files\microsoft office\office14\groove.exe -- (microsoft sharepoint workspace audit service)
srv -
[2011-05-08 00:13:56 | 001,343,400 | ---- | m] (microsoft corporation) [on_demand | stopped] --
c:\windows\system32\wat\watadminsvc.exe -- (watadminsvc)
srv -
[2011-04-27 15:39:26 | 000,208,944 | ---- | m] (microsoft corporation) [on_demand | running] --
c:\program files\microsoft security client\antimalware\nissrv.exe -- (nissrv)
srv -
[2011-04-27 15:39:26 | 000,011,736 | ---- | m] (microsoft corporation) [auto | running] --
c:\program files\microsoft security client\antimalware\msmpeng.exe -- (msmpsvc)
srv -
[2010-08-08 12:45:26 | 000,013,080 | ---- | m] (microsoft corporation) [on_demand | stopped] --
c:\program files\windows identity foundation\v3.5\c2wtshost.exe -- (c2wts)
srv -
[2009-07-14 03:16:13 | 000,025,088 | ---- | m] (microsoft corporation) [on_demand | stopped] --
c:\windows\system32\sensrsvc.dll -- (sensrsvc)
srv -
[2009-07-14 03:16:12 | 001,004,544 | ---- | m] (microsoft corporation) [on_demand | stopped] --
c:\windows\system32\peerdistsvc.dll -- (peerdistsvc)
========== driver services (safelist) ==========
drv - file not found
[kernel | on_demand | stopped] -- system32\drivers\rdvgkmd.sys -- (vgpu)
drv -
[2012-04-18 00:26:04 | 000,054,016 | ---- | m] () [kernel | boot | unknown] --
c:\windows\system32\drivers\kjwswvst.sys -- (cyfv)
drv -
[2012-04-04 15:56:40 | 000,022,344 | ---- | m] (malwarebytes corporation) [file_system | on_demand | running] --
c:\windows\system32\drivers\mbam.sys -- (mbamprotector)
drv -
[2011-05-27 20:50:47 | 000,443,448 | ---- | m] () [kernel | boot | running] --
c:\windows\system32\drivers\sptd.sys -- (sptd)
drv -
[2011-04-27 15:25:24 | 000,065,024 | ---- | m] (microsoft corporation) [kernel | on_demand | running] --
c:\windows\system32\drivers\nisdrvwfp.sys -- (nisdrv)
drv -
[2011-04-18 13:18:50 | 000,043,392 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\mpnwmon.sys -- (mpnwmon)
drv -
[2011-03-07 11:01:32 | 000,274,736 | r--- | m] (marvell semiconductor, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\mvs91xx.sys -- (mvs91xx)
drv -
[2011-03-04 17:00:16 | 000,309,224 | ---- | m] (asmedia technology inc) [kernel | on_demand | running] --
c:\windows\system32\drivers\asmtxhci.sys -- (asmtxhci)
drv -
[2011-03-04 17:00:14 | 000,100,328 | ---- | m] (asmedia technology inc) [kernel | on_demand | running] --
c:\windows\system32\drivers\asmthub3.sys -- (asmthub3)
drv -
[2011-03-04 13:46:18 | 000,032,896 | r--- | m] (advanced micro devices) [kernel | boot | running] --
c:\windows\system32\drivers\amd_xata.sys -- (amd_xata)
drv -
[2011-03-04 13:46:16 | 000,065,664 | r--- | m] (advanced micro devices) [kernel | boot | running] --
c:\windows\system32\drivers\amd_sata.sys -- (amd_sata)
drv -
[2011-02-17 12:41:00 | 000,317,216 | ---- | m] (marvell) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\yk62x86.sys -- (yukonw7)
drv -
[2011-02-14 08:07:54 | 000,021,808 | r--- | m] (marvell semiconductor inc.) [kernel | boot | running] --
c:\windows\system32\drivers\mv91cons.sys -- (mv91cons)
drv -
[2011-02-14 08:07:52 | 000,273,200 | r--- | m] (marvell semiconductor, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\mv91xx.sys -- (mv91xx)
drv -
[2011-02-10 14:52:10 | 000,141,952 | ---- | m] (renesas electronics corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\nusb3xhc.sys -- (nusb3xhc)
drv -
[2011-02-10 14:52:10 | 000,063,872 | ---- | m] (renesas electronics corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\nusb3hub.sys -- (nusb3hub)
drv -
[2011-02-09 15:26:44 | 000,023,640 | r--- | m] (jmicron technology corp.) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\johci.sys -- (johci)
drv -
[2010-11-25 13:27:30 | 000,103,000 | r--- | m] (jmicron technology corp.) [kernel | boot | running] --
c:\windows\system32\drivers\jraid.sys -- (jraid)
drv -
[2010-11-20 23:29:34 | 000,015,872 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\rdpvideominiport.sys -- (rdpvideominiport)
drv -
[2010-11-20 23:29:24 | 000,052,224 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\tsusbflt.sys -- (tsusbflt)
drv -
[2010-11-20 23:29:03 | 000,175,360 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\vmbus.sys -- (vmbus)
drv -
[2010-11-20 23:29:03 | 000,112,640 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\tsusbhub.sys -- (tsusbhub)
drv -
[2010-11-20 23:29:03 | 000,077,184 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\synth3dvsc.sys -- (synth3dvsc)
drv -
[2010-11-20 23:29:03 | 000,062,464 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\dmvsc.sys -- (dmvsc)
drv -
[2010-11-20 23:29:03 | 000,040,704 | ---- | m] (microsoft corporation) [kernel | boot | running] --
c:\windows\system32\drivers\vmstorfl.sys -- (storflt)
drv -
[2010-11-20 23:29:03 | 000,035,968 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\winusb.sys -- (winusb)
drv -
[2010-11-20 23:29:03 | 000,028,032 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\storvsc.sys -- (storvsc)
drv -
[2010-11-20 23:29:03 | 000,027,264 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\tsusbgd.sys -- (tsusbgd)
drv -
[2010-11-20 23:29:03 | 000,025,600 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\terminpt.sys -- (terminpt)
drv -
[2010-11-20 23:29:03 | 000,017,920 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\vmbushid.sys -- (vmbushid)
drv -
[2010-11-20 23:29:03 | 000,005,632 | ---- | m] (microsoft corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\vms3cap.sys -- (s3cap)
drv -
[2010-09-29 03:14:30 | 000,228,352 | ---- | m] (advanced micro devices, inc.) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\atikmpag.sys -- (amdkmdap)
drv -
[2010-09-23 17:47:20 | 000,214,096 | r--- | m] (advanced micro devices, inc) [kernel | boot | running] --
c:\windows\system32\drivers\ahcix86.sys -- (ahcix86)
drv -
[2010-07-21 07:30:26 | 000,031,256 | ---- | m] (initio corp.) [kernel | boot | running] --
c:\windows\system32\drivers\inic1620.sys -- (inic1620)
drv -
[2010-07-13 11:57:16 | 000,040,560 | ---- | m] (paragon software group) [kernel | boot | running] --
c:\windows\system32\drivers\hotcore3.sys -- (hotcore3)
drv -
[2010-06-15 02:09:30 | 000,407,120 | r--- | m] (lsi corporation, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\megasr1.sys -- (megasr1)
drv -
[2010-03-31 00:00:00 | 000,027,760 | ---- | m] () [kernel | on_demand | stopped] -- c:\tools\lavalys\everest ultimate edition\kerneld.wnt -- (everestdriver)
drv -
[2010-03-29 12:15:36 | 000,055,848 | ---- | m] (atheros communications, inc.) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\l1e62x86.sys -- (l1e)
drv -
[2010-03-13 13:58:52 | 000,087,536 | ---- | m] (cyberlink corp.) [2012/01/01 09:44:38] [kernel | auto | running] -- c:\program files\cyberlink\powerdvd10\navfilter\000.fcl -- (
{1ba31e5a-c098-42d8-8f88-3c9f78a2fddc})
drv -
[2010-02-11 11:59:48 | 000,023,192 | ---- | m] (via technologies, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\xfilt.sys -- (xfilt)
drv -
[2010-02-11 11:59:18 | 000,013,976 | ---- | m] (via technologies, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\videx32.sys -- (videx32)
drv -
[2010-01-07 00:26:34 | 000,190,768 | r--- | m] (advanced micro devices, inc) [kernel | boot | running] --
c:\windows\system32\drivers\ahcix86s.sys -- (ahcix86s)
drv -
[2009-11-09 04:11:22 | 000,043,552 | r--- | m] (areca technology corporation) [kernel | boot | running] --
c:\windows\system32\drivers\arcm_x86.sys -- (arcm_x86)
drv -
[2009-11-06 09:37:20 | 000,699,896 | ---- | m] (broadcom corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\bcmwlhigh6.sys -- (bcmh43xx)
drv -
[2009-10-11 15:58:10 | 000,016,512 | ---- | m] (adaptec) [kernel | auto | running] --
c:\windows\system32\drivers\aspi32.sys -- (aspi32)
drv -
[2009-09-14 16:24:12 | 000,155,688 | r--- | m] (marvell semiconductor, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\mv61xx.sys -- (mv61xx)
drv -
[2009-08-24 10:14:30 | 000,044,544 | ---- | m] (azurewave technologies, inc.) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\azvusb.sys -- (azvusb)
drv -
[2009-08-04 19:44:12 | 000,139,296 | r--- | m] (nvidia corporation) [kernel | boot | running] --
c:\windows\system32\drivers\nvrd32.sys -- (nvrd32)
drv -
[2009-07-17 02:51:52 | 000,024,608 | ---- | m] (nvidia corporation) [kernel | boot | running] --
c:\windows\system32\drivers\nvamacpi.sys -- (nvamacpi)
drv -
[2009-07-16 12:36:30 | 000,013,216 | ---- | m] () [kernel | on_demand | stopped] --
c:\windows\system32\drivers\asacpi.sys -- (mtsensor)
drv -
[2009-07-14 00:02:53 | 000,044,032 | ---- | m] (via technologies, inc. ) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\fetnd6.sys -- (fetndis)
drv -
[2009-07-14 00:02:52 | 000,347,264 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\nvm62x32.sys -- (nvenetfd)
drv -
[2009-06-15 17:01:00 | 000,273,920 | ---- | m] (creative technology ltd.) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\v0540vid.sys -- (v0540dev)
drv -
[2009-06-10 23:19:48 | 009,853,248 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\nvlddmkm.sys -- (nvlddmkm)
drv -
[2009-04-28 17:14:12 | 000,015,008 | r--- | m] (highpoint technologies, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\hptiop.sys -- (hptiop)
drv -
[2009-02-05 12:38:24 | 000,212,520 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\si3531.sys -- (si3531)
drv -
[2008-10-30 11:56:04 | 000,217,128 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\si3132r5.sys -- (si3132r5)
drv -
[2008-10-30 11:56:04 | 000,012,200 | r--- | m] (silicon image, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\siremfil.sys -- (siremfil)
drv -
[2008-09-22 03:20:42 | 000,043,520 | ---- | m] (via technologies, inc. ) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\fetnd6v.sys -- (fetnd6v)
drv -
[2008-08-18 18:58:16 | 000,145,952 | ---- | m] (nvidia corporation) [kernel | boot | running] --
c:\windows\system32\drivers\nvstor32.sys -- (nvstor32)
drv -
[2007-10-03 16:55:08 | 000,080,424 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\si3132.sys -- (si3132)
drv -
[2007-08-29 18:04:04 | 000,116,264 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\si3112r.sys -- (si3112r)
drv -
[2007-08-29 18:04:04 | 000,019,240 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\siwinacc.sys -- (sifilter)
drv -
[2007-06-19 14:48:26 | 000,075,672 | r--- | m] (intel corporation) [kernel | boot | running] --
c:\windows\system32\drivers\issetup.sys -- (issetup) intel(r)
drv -
[2007-04-11 14:32:48 | 000,110,384 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\si3114r.sys -- (si3114r)
drv -
[2007-02-07 11:30:06 | 000,209,200 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\si3114r5.sys -- (si3114r5)
drv -
[2007-01-26 13:55:08 | 000,069,168 | r--- | m] (silicon image, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\si3112.sys -- (si3112)
drv -
[2006-11-10 12:45:54 | 000,068,912 | r--- | m] (silicon image, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\si3114.sys -- (si3114)
drv -
[2006-11-02 16:20:30 | 000,076,208 | r--- | m] (silicon image, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\si3124.sys -- (si3124)
drv -
[2006-09-27 14:36:50 | 000,071,968 | r--- | m] (highpoint technologies, inc.) [kernel | boot | running] --
c:\windows\system32\drivers\hptmv.sys -- (hptmv)
drv -
[2006-09-20 11:38:26 | 000,207,152 | r--- | m] (silicon image, inc) [kernel | boot | running] --
c:\windows\system32\drivers\si3124r5.sys -- (si3124r5)
drv -
[2006-07-20 20:47:12 | 000,104,320 | r--- | m] (uli electronics inc.) [kernel | boot | running] --
c:\windows\system32\drivers\m5287.sys -- (m5287)
drv -
[2006-07-19 19:48:14 | 000,211,072 | r--- | m] (uli electronics inc.) [kernel | boot | running] --
c:\windows\system32\drivers\m5288.sys -- (m5288)
drv -
[2006-02-26 17:22:48 | 000,010,240 | ---- | m] (nvidia corporation) [kernel | on_demand | stopped] --
c:\windows\system32\drivers\nvmpu401.sys -- (nvmpu401) service for nvidia(r) nforce(tm)
drv -
[2005-07-04 15:21:00 | 000,052,480 | r--- | m] (uli electronics inc.) [kernel | boot | running] --
c:\windows\system32\drivers\m5289.sys -- (m5289)
========== standard registry (safelist) ==========
========== internet explorer ==========
ie - hklm\..\searchscopes,defaultscope =
{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ie - hklm\..\searchscopes\
{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" =
[noparse]http://www.bing.com/search?q={searchterms}&form=ie8src[/noparse]
ie - hku\.default\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-18\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,secondary start pages =
[noparse]http://facebook.com/[/noparse] [binary data]
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page =
[noparse]http://www.google.nl/[/noparse]
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page redirect cache =
[noparse]http://nl.msn.com/?ocid=iehp[/noparse]
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page redirect cache acceptlangs = nl
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\internet explorer\main,start page redirect cache_timestamp = f0 ad c1 14 ec 47 cc 01
[binary data]
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\..\searchscopes,defaultscope =
{0633ee93-d776-472f-a0ff-e1416b8b2e3a}
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\..\searchscopes\
{0633ee93-d776-472f-a0ff-e1416b8b2e3a}: "url" =
[noparse]http://www.bing.com/search?q={searchterms}&src=ie-searchbox&form=ie8src[/noparse]
ie - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\windows\currentversion\internet settings: "proxyenable" = 0
========== firefox ==========
ff - hklm\software\mozillaplugins\@adobe.com/shockwaveplayer:
c:\windows\system32\adobe\director\np32dsw.dll (adobe systems, inc.)
ff - hklm\software\mozillaplugins\@google.com/nppicasa3,version=3.0.0:
c:\program files\google\picasa3\nppicasa3.dll (google, inc.)
ff - hklm\software\mozillaplugins\@java.com/javaplugin:
c:\program files\java\jre7\bin\new_plugin\npjp2.dll (oracle corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/genuine: disabled file not found
ff - hklm\software\mozillaplugins\@microsoft.com/npctrl,version=1.0:
c:\program files\microsoft silverlight\4.1.10111.0\npctrl.dll ( microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/officeauthz,version=14.0:
c:\progra~1\micros~3\office14\npauthz.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@microsoft.com/sharepoint,version=14.0:
c:\progra~1\micros~3\office14\npspwrap.dll (microsoft corporation)
ff - hklm\software\mozillaplugins\@nero.com/km:
c:\progra~1\common~1\nero\browse~1\npbrow~1.dll (nero ag)
ff - hklm\software\mozillaplugins\@zylom.com/zylomgamesplayer:
c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll (zylom)
ff - hkcu\software\mozillaplugins\@thrixxx.com/weblaunch:
c:\program files\thrixxx\weblaunch\binaries\npweblaunch.dll file not found
o1 hosts file: (
[2012-03-11 12:49:52 | 000,000,859 | ---- | m]) - c:\windows\system32\drivers\etc\hosts
o2 - bho: (explorerbho class) -
{449d0d6e-2412-4e61-b68f-1cb625cd9e52} -
c:\program files\classic shell\classicexplorer32.dll (ivosoft)
o2 - bho: (groove gfs browser helper) -
{72853161-30c5-4d22-b7f9-0bbc1d38a37e} -
c:\program files\microsoft office\office14\grooveex.dll (microsoft corporation)
o2 - bho: (office document cache handler) -
{b4f3a835-0e21-4959-ba22-42b3008e02ff} -
c:\program files\microsoft office\office14\urlredir.dll (microsoft corporation)
o2 - bho: (java(tm) plug-in 2 ssv helper) -
{dbc80044-a445-435b-bc74-9c25c1c588a9} -
c:\program files\java\jre7\bin\jp2ssv.dll (oracle corporation)
o3 - hklm\..\toolbar: (classic explorer bar) -
{553891b7-a0d5-4526-be18-d3ce461d6310} -
c:\program files\classic shell\classicexplorer32.dll (ivosoft)
o4 - hklm..\run:
[adobecs4servicemanager] c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe (adobe systems incorporated)
o4 - hklm..\run:
[bcssync] c:\program files\microsoft office\office14\bcssync.exe (microsoft corporation)
o4 - hklm..\run:
[classic start menu] c:\program files\classic shell\classicstartmenu.exe (ivosoft)
o4 - hklm..\run:
[malwarebytes' anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe (malwarebytes corporation)
o4 - hklm..\run:
[msc] c:\program files\microsoft security client\msseces.exe (microsoft corporation)
o4 - hklm..\run:
[nusb3mon] c:\program files\renesas electronics\usb 3.0 host controller driver\application\nusb3mon.exe (renesas electronics corporation)
o4 - hklm..\runonce:
[malwarebytes anti-malware (cleanup)] c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll (malwarebytes corporation)
o4 - hku\s-1-5-19..\runonce:
[mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o4 - hku\s-1-5-20..\runonce:
[mctadmin] c:\windows\system32\mctadmin.exe (microsoft corporation)
o4 - startup:
c:\users\alexander\appdata\roaming\microsoft\windows\start menu\programs\startup\sabnzbd.lnk =
c:\program files\sabnzbd\sabnzbd.exe ()
o4 - startup:
c:\users\anja\appdata\roaming\microsoft\windows\start menu\programs\startup\dropbox.lnk = file not found
o6 - hklm\software\microsoft\windows\currentversion\policies\system: consentpromptbehavioruser = 3
o6 - hklm\software\microsoft\windows\currentversion\policies\system: consentpromptbehavioradmin = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: promptonsecuredesktop = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: localaccounttokenfilterpolicy = 0
o6 - hklm\software\microsoft\windows\currentversion\policies\system: enablelinkedconnections = 1
o7 - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\windows\currentversion\policies\explorer: nodrivetypeautorun = 145
o7 - hku\s-1-5-21-1772702603-541345436-1298147513-1002\software\microsoft\windows\currentversion\policies\explorer: nodesktop = 0
o8 - extra context menu item: add to google photos screensa&ver - c:\windows\system32\gphotos.scr (google inc.)
o8 - extra context menu item: e&xporteren naar microsoft excel -
c:\program files\microsoft office\office14\excel.exe (microsoft corporation)
o13 - gopher prefix: missing
o16 - dpf:
{233c1507-6a77-46a4-9443-f871f945d258} [noparse]http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab[/noparse] (shockwave activex control)
o16 - dpf:
{8ad9c840-044e-11d1-b3e9-00805f499d93} [noparse]http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab[/noparse] (java plug-in 10.1.0)
o16 - dpf:
{c3f79a2b-b9b4-4a66-b012-3ee46475b072} [noparse]http://messenger.zone.msn.com/binary/messengerstatspaclient.cab56907.cab[/noparse] (messengerstatsclient class)
o16 - dpf:
{cafeefac-0016-0000-0025-abcdeffedcba} [noparse]http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab[/noparse] (java plug-in 1.6.0_25)
o16 - dpf:
{cafeefac-0017-0000-0001-abcdeffedcba} [noparse]http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab[/noparse] (java plug-in 1.7.0_01)
o16 - dpf:
{cafeefac-ffff-ffff-ffff-abcdeffedcba} [noparse]http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab[/noparse] (java plug-in 1.7.0_01)
o16 - dpf:
{e6f480fc-bd44-4cba-b74a-89af7842937d} [noparse]http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab[/noparse] (reg error: key error.)
o16 - dpf:
{f5a7706b-b9c0-4c89-a715-7a0c6b05dd48} [noparse]http://messenger.zone.msn.com/binary/minesweeper.cab56986.cab[/noparse] (minesweeper flags class)
o17 - hklm\system\ccs\services\tcpip\parameters: dhcpnameserver = 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{848fdce2-d440-457c-8b50-e80147d5f0be}: dhcpnameserver = 192.168.0.1
o17 - hklm\system\ccs\services\tcpip\parameters\interfaces\{fa67fbbd-4ac8-4099-9f22-3234183ecdca}: dhcpnameserver = 192.168.0.1
o20 - hklm winlogon: shell - (explorer.exe) -
c:\windows\explorer.exe (microsoft corporation)
o20 - hklm winlogon: userinit - (
c:\windows\system32\userinit.exe) -
c:\windows\system32\userinit.exe (microsoft corporation)
o20 - hklm winlogon: vmapplet - (systempropertiesperformance.exe) -
c:\windows\system32\systempropertiesperformance.exe (microsoft corporation)
o20 - hklm winlogon: vmapplet - (/pagefile) - file not found
o20 - hku\s-1-5-21-1772702603-541345436-1298147513-1002 winlogon: shell - (explorer.exe) -
c:\windows\explorer.exe (microsoft corporation)
o20 - hku\s-1-5-21-1772702603-541345436-1298147513-1002 winlogon: userinit - (
c:\windows\system32\userinit.exe) -
c:\windows\system32\userinit.exe (microsoft corporation)
o21 - ssodl: webcheck -
{e6fb5e20-de35-11cf-9c87-00aa005127ed} - no clsid value found.
o28 - hklm shellexecutehooks:
{b5a7f190-dda6-4420-b3ba-52453494e6cd} -
c:\program files\microsoft office\office14\grooveex.dll (microsoft corporation)
o32 - hklm cdrom: autorun - 1
o32 - autorun file - [2009-06-10 23:42:20 | 000,000,024 | ---- | m] () - c:\autoexec.bat -- [ ntfs ]
o34 - hklm bootexecute: (autocheck autochk *)
o35 - hklm\..comfile [open] -- "%1" %*
o35 - hklm\..exefile [open] -- "%1" %*
o37 - hklm\...com [@ = comfile] -- "%1" %*
o37 - hklm\...exe [@ = exefile] -- "%1" %*
========== files/folders - created within 30 days ==========
[2012-04-18 00:37:09 | 000,000,000 | ---d | c] -- c:\windows\pss
[2012-04-18 00:08:13 | 000,000,000 | ---d | c] -- c:\programdata\hitmanpro
[2012-04-18 00:06:52 | 000,000,000 | ---d | c] -- c:\users\alexander\nieuwe map
[2012-04-17 23:48:14 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{e1bb5744-0bb6-490a-8e0f-8f32eb175e66}
[2012-04-17 23:48:03 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{6f0120a1-1580-49ea-8f79-83c144fb4e92}
[2012-04-17 23:03:21 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\malwarebytes' anti-malware
[2012-04-17 23:03:19 | 000,022,344 | ---- | c] (malwarebytes corporation) --
c:\windows\system32\drivers\mbam.sys
[2012-04-16 17:25:46 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{87ddf74a-439c-4057-95ae-bb50ef5a11ac}
[2012-04-16 17:25:36 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{e6bc2aed-97a8-4421-9d29-6c93e515a88d}
[2012-04-15 14:46:51 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{31ce6bbc-2fcc-4c83-8e88-a674d7d275a9}
[2012-04-15 14:46:40 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{d6846fea-3432-4ec2-913f-80457b464c39}
[2012-04-13 07:49:10 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{527477ec-b3c0-4ad1-9760-e42f4b046262}
[2012-04-13 07:49:00 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{31011154-068c-4952-a973-8d4854f58711}
[2012-04-12 19:48:36 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{d9228532-0079-441b-9edb-467cba4600b1}
[2012-04-12 19:48:26 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{bbc17437-2578-4167-a503-c9f6b0e5b564}
[2012-04-11 22:26:02 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{d834d613-eb20-4fab-9130-56b2dd54ba1c}
[2012-04-11 22:25:52 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{05436bbd-509d-4bd8-b46b-7064de2ae9e7}
[2012-04-11 07:22:24 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{7cb0b219-9344-43c3-b108-b70a1991df0e}
[2012-04-11 07:22:13 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{06d9c0bf-93b1-41ea-b4a2-1d79beb2ed58}
[2012-04-10 15:38:10 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{8085bfaa-2c44-4017-870f-7c024bc2b1de}
[2012-04-10 15:38:00 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{2fc07a09-728f-4bed-8aaf-106e28767275}
[2012-04-10 15:37:45 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\virtualstore
[2012-04-09 14:17:46 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\dvdfab 8 qt
[2012-04-09 14:17:39 | 000,000,000 | ---d | c] -- c:\program files\dvdfab 8 qt
[2012-04-09 10:03:35 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\roaming\symantec
[2012-04-09 09:57:48 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{88123464-6a0f-47c5-ae3d-c2b4357334f9}
[2012-04-09 09:57:38 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\
{f1d93624-ca71-4f4d-863f-4f1cc39fbd5a}
[2012-04-09 09:53:53 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\windows live
[2012-04-09 09:51:17 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\save2pc
[2012-04-09 09:51:16 | 000,000,000 | ---d | c] -- c:\program files\fdrlab
[2012-04-04 18:54:35 | 000,000,000 | ---d | c] -- c:\program files\microsoft synchronization services
[2012-04-04 18:54:34 | 000,000,000 | ---d | c] -- c:\program files\common files\designer
[2012-04-04 18:54:18 | 000,000,000 | ---d | c] -- c:\program files\microsoft sql server compact edition
[2012-04-04 18:53:18 | 000,000,000 | ---d | c] -- c:\program files\microsoft analysis services
[2012-04-04 18:52:31 | 000,000,000 | rh-d | c] -- c:\msocache
[2012-04-04 18:16:18 | 000,000,000 | ---d | c] -- c:\users\alexander\desktop\nieuwe map (2)
[2012-04-02 08:06:13 | 000,000,000 | ---d | c] -- c:\users\alexander\desktop\nieuwe samenstelling daan
[2012-04-02 08:02:41 | 000,000,000 | ---d | c] -- c:\users\alexander\desktop\backup daan
[2012-04-01 09:18:06 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\ambrasoft familiepakket 0910
[2012-04-01 09:15:39 | 000,000,000 | ---d | c] -- c:\program files\common files\ambrasoft
[2012-04-01 09:15:39 | 000,000,000 | ---d | c] -- c:\program files\ambrasoft
[2012-04-01 08:52:04 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\4videosoft studio
[2012-04-01 08:50:40 | 000,000,000 | ---d | c] -- c:\program files\4videosoft studio
[2012-03-30 20:29:04 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\belastingdienst
[2012-03-30 20:29:04 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\roaming\belastingdienst
[2012-03-30 20:08:52 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\roaming\divx
[2012-03-30 20:01:50 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\ziggotvstreamer
[2012-03-30 20:01:48 | 000,000,000 | ---d | c] -- c:\program files\ziggotvstreamer
[2012-03-30 18:53:42 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\my cheat tables
[2012-03-30 18:53:29 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\cheat engine 6.1
[2012-03-30 18:53:25 | 000,000,000 | ---d | c] -- c:\program files\cheat engine 6.1
[2012-03-25 21:19:29 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\pctv systems
[2012-03-25 21:16:20 | 000,000,000 | ---d | c] -- c:\programdata\pctv systems
[2012-03-25 21:15:58 | 000,000,000 | ---d | c] -- c:\programdata\microsoft\windows\start menu\programs\divx
[2012-03-25 21:15:58 | 000,000,000 | ---d | c] -- c:\program files\divx
[2012-03-25 20:46:32 | 000,000,000 | ---d | c] -- c:\program files\installdir
[2012-03-25 11:59:28 | 000,000,000 | ---d | c] -- c:\pc_play&learn
[2012-03-20 20:50:34 | 000,000,000 | ---d | c] -- c:\users\alexander\appdata\local\apple
[2012-03-19 17:47:42 | 000,000,000 | ---d | c] -- c:\programdata\xml_param
[2012-03-19 17:44:53 | 000,000,000 | ---d | c] -- c:\users\alexander\documents\wondershare video converter platinum
[2012-03-19 17:44:33 | 000,892,928 | ---- | c] (free software foundation) --
c:\windows\system32\iconv.dll
[2012-03-19 17:44:29 | 000,000,000 | ---d | c] -- c:\program files\wondershare
[2011-10-28 22:15:19 | 000,047,360 | ---- | c] (vso software) --
c:\users\alexander\appdata\roaming\pcouffin.sys
[2010-11-28 07:30:28 | 317,590,022 | ---- | c] (user, nocompany,
user@nocompany.com) --
c:\program files\office2003nl.exe
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
========== files - modified within 30 days ==========
[2012-04-18 00:31:00 | 000,000,940 | ---- | m] () --
c:\windows\tasks\adobe flash player updater.job
[2012-04-18 00:26:04 | 000,054,016 | ---- | m] () --
c:\windows\system32\drivers\kjwswvst.sys
[2012-04-18 00:23:23 | 000,017,360 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-1.c7483456-a289-439d-8115-601632d005a0
[2012-04-18 00:23:23 | 000,017,360 | -h-- | m] () -- c:\windows\system32\7b296fb0-376b-497e-b012-9c450e1b7327-5p-0.c7483456-a289-439d-8115-601632d005a0
[2012-04-18 00:23:14 | 000,886,814 | ---- | m] () --
c:\windows\system32\perfh013.dat
[2012-04-18 00:23:14 | 000,702,158 | ---- | m] () --
c:\windows\system32\perfh009.dat
[2012-04-18 00:23:14 | 000,199,608 | ---- | m] () --
c:\windows\system32\perfc013.dat
[2012-04-18 00:23:14 | 000,161,944 | ---- | m] () --
c:\windows\system32\perfc009.dat
[2012-04-18 00:16:11 | 000,067,584 | --s- | m] () --
c:\windows\bootstat.dat
[2012-04-18 00:15:35 | 000,003,288 | ---- | m] () --
c:\bootsqm.dat
[2012-04-17 23:03:22 | 000,001,067 | ---- | m] () --
c:\users\public\desktop\malwarebytes anti-malware.lnk
[2012-04-17 16:20:42 | 000,021,504 | ---- | m] () -- c:\windows\system32\umstartup.etl
[2012-04-12 19:48:32 | 000,001,101 | ---- | m] () --
c:\users\alexander\application data\microsoft\internet explorer\quick launch\microsoft outlook.lnk
[2012-04-09 15:09:17 | 000,054,156 | -h-- | m] () -- c:\windows\qtfont.qfn
[2012-04-09 15:09:17 | 000,001,409 | ---- | m] () -- c:\windows\qtfont.for
[2012-04-09 14:17:48 | 000,001,011 | ---- | m] () --
c:\users\alexander\desktop\dvdfab profile editor.lnk
[2012-04-09 14:17:48 | 000,000,998 | ---- | m] () --
c:\users\alexander\application data\microsoft\internet explorer\quick launch\dvdfab 8 qt.lnk
[2012-04-09 14:17:48 | 000,000,974 | ---- | m] () --
c:\users\alexander\desktop\dvdfab 8 qt.lnk
[2012-04-09 09:55:06 | 099,957,822 | ---- | m] () -- c:\users\alexander\desktop\kids club rkc waalwijk rondleiding en persconferentie.avi
[2012-04-09 09:51:18 | 000,001,064 | ---- | m] () --
c:\users\alexander\desktop\save2pc ultimate.lnk
[2012-04-05 14:23:01 | 003,707,344 | ---- | m] () --
c:\windows\system32\fntcache.dat
[2012-04-04 19:18:07 | 000,203,776 | ---- | m] () -- c:\users\alexander\documents\lynnverjaardag.pub
[2012-04-04 19:05:26 | 000,008,192 | ---- | m] () --
c:\windows\system32\srvany.exe
[2012-04-04 18:55:30 | 000,003,119 | ---- | m] () --
c:\users\alexander\desktop\microsoft outlook 2010.lnk
[2012-04-04 15:56:40 | 000,022,344 | ---- | m] (malwarebytes corporation) --
c:\windows\system32\drivers\mbam.sys
[2012-04-01 09:18:06 | 000,001,034 | ---- | m] () --
c:\users\public\desktop\familiepakket 0910.lnk
[2012-03-30 20:01:50 | 000,001,049 | ---- | m] () --
c:\users\alexander\desktop\ziggotvstreamer.lnk
[2012-03-30 18:53:32 | 000,001,043 | ---- | m] () --
c:\users\alexander\desktop\cheat engine.lnk
[2012-03-30 18:47:15 | 000,112,862 | ---- | m] () -- c:\windows\run32a50.mch
[2012-03-30 18:40:44 | 000,000,213 | ---- | m] () --
c:\windows\mfont.dat
[2012-03-30 18:09:01 | 000,000,035 | ---- | m] () --
c:\windows\a5w.ini
[2012-03-25 21:19:34 | 000,000,349 | ---- | m] () --
c:\users\public\documents\pclechal.ini
[1 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
========== files created - no company name ==========
[2012-04-18 00:26:04 | 000,054,016 | ---- | c] () --
c:\windows\system32\drivers\kjwswvst.sys
[2012-04-18 00:15:35 | 000,003,288 | ---- | c] () --
c:\bootsqm.dat
[2012-04-17 23:03:22 | 000,001,067 | ---- | c] () --
c:\users\public\desktop\malwarebytes anti-malware.lnk
[2012-04-09 15:09:17 | 000,054,156 | -h-- | c] () -- c:\windows\qtfont.qfn
[2012-04-09 15:09:17 | 000,001,409 | ---- | c] () -- c:\windows\qtfont.for
[2012-04-09 14:17:48 | 000,001,011 | ---- | c] () --
c:\users\alexander\desktop\dvdfab profile editor.lnk
[2012-04-09 14:17:48 | 000,000,998 | ---- | c] () --
c:\users\alexander\application data\microsoft\internet explorer\quick launch\dvdfab 8 qt.lnk
[2012-04-09 14:17:48 | 000,000,974 | ---- | c] () --
c:\users\alexander\desktop\dvdfab 8 qt.lnk
[2012-04-09 09:56:31 | 000,002,432 | ---- | c] () --
c:\programdata\microsoft\windows\start menu\programs\windows live messenger.lnk
[2012-04-09 09:53:34 | 099,957,822 | ---- | c] () -- c:\users\alexander\desktop\kids club rkc waalwijk rondleiding en persconferentie.avi
[2012-04-09 09:51:18 | 000,001,064 | ---- | c] () --
c:\users\alexander\desktop\save2pc ultimate.lnk
[2012-04-04 19:18:36 | 000,001,101 | ---- | c] () --
c:\users\alexander\application data\microsoft\internet explorer\quick launch\microsoft outlook.lnk
[2012-04-04 19:18:06 | 000,203,776 | ---- | c] () -- c:\users\alexander\documents\lynnverjaardag.pub
[2012-04-04 19:06:07 | 000,008,192 | ---- | c] () --
c:\windows\system32\srvany.exe
[2012-04-04 18:55:30 | 000,003,119 | ---- | c] () --
c:\users\alexander\desktop\microsoft outlook 2010.lnk
[2012-04-02 19:51:54 | 000,000,940 | ---- | c] () --
c:\windows\tasks\adobe flash player updater.job
[2012-04-01 09:18:06 | 000,001,034 | ---- | c] () --
c:\users\public\desktop\familiepakket 0910.lnk
[2012-03-30 20:01:50 | 000,001,049 | ---- | c] () --
c:\users\alexander\desktop\ziggotvstreamer.lnk
[2012-03-30 18:53:32 | 000,001,043 | ---- | c] () --
c:\users\alexander\desktop\cheat engine.lnk
[2012-03-25 21:18:51 | 000,000,349 | ---- | c] () --
c:\users\public\documents\pclechal.ini
[2012-03-19 17:44:33 | 000,675,840 | ---- | c] () -- c:\windows\system32\ac3filter.ax
[2011-12-15 15:17:08 | 000,000,064 | ---- | c] () --
c:\windows\system32\rp_stats.dat
[2011-12-15 15:17:08 | 000,000,044 | ---- | c] () --
c:\windows\system32\rp_rules.dat
[2011-10-28 22:15:19 | 000,087,608 | ---- | c] () --
c:\users\alexander\appdata\roaming\inst.exe
[2011-10-28 22:15:19 | 000,007,887 | ---- | c] () -- c:\users\alexander\appdata\roaming\pcouffin.cat
[2011-10-28 22:15:19 | 000,001,144 | ---- | c] () --
c:\users\alexander\appdata\roaming\pcouffin.inf
[2011-10-25 21:26:36 | 000,650,752 | ---- | c] () --
c:\windows\system32\xvidcore.dll
[2011-10-25 21:26:36 | 000,240,640 | ---- | c] () --
c:\windows\system32\xvidvfw.dll
[2011-10-09 21:27:27 | 000,087,552 | ---- | c] () --
c:\windows\system32\cpwmon2k.dll
[2011-08-31 19:46:18 | 000,145,804 | ---- | c] () --
c:\windows\system32\igcompkrng600.bin
[2011-08-31 19:46:14 | 000,216,000 | ---- | c] () --
c:\windows\system32\igfcg600m.bin
[2011-08-31 19:46:10 | 000,963,116 | ---- | c] () --
c:\windows\system32\igkrng600.bin
[2011-08-31 19:46:00 | 000,056,832 | ---- | c] () --
c:\windows\system32\igdde32.dll
[2011-08-31 19:26:20 | 013,903,872 | ---- | c] () --
c:\windows\system32\ig4icd32.dll
[2011-08-31 19:15:48 | 000,004,096 | ---- | c] ( ) --
c:\windows\system32\igfxdevlib.dll
[2011-08-31 19:14:12 | 000,000,151 | ---- | c] () --
c:\windows\system32\gfxui.exe.config
[2011-08-31 19:13:52 | 000,094,208 | ---- | c] () --
c:\windows\system32\icclibdll.dll
[2011-08-27 08:42:47 | 000,302,592 | ---- | c] () --
c:\windows\mauninst.exe
[2011-08-24 20:33:27 | 000,000,392 | ---- | c] () --
c:\windows\odbc.ini
[2011-08-20 10:51:02 | 000,000,213 | ---- | c] () --
c:\windows\mfont.dat
[2011-08-20 10:50:50 | 000,000,035 | ---- | c] () --
c:\windows\a5w.ini
[2011-08-20 10:32:16 | 000,000,053 | ---- | c] () --
c:\windows\davilex.ini
[2011-08-17 10:28:45 | 000,004,096 | ---- | c] () --
c:\windows\d3dx.dat
[2011-07-30 13:45:27 | 000,110,032 | ---- | c] () --
c:\windows\system32\aloaha_prntmon.dll
[2011-07-25 21:47:49 | 000,000,069 | ---- | c] () --
c:\windows\nerodigital.ini
[2011-07-23 08:22:34 | 000,000,034 | ---- | c] () --
c:\windows\cdplayer.ini
[2011-05-21 09:14:14 | 000,061,024 | ---- | c] () --
c:\windows\system32\zlib.dll
[2011-05-07 23:48:01 | 000,021,552 | ---- | c] () --
c:\windows\system32\emptyregdb.dat
[2011-05-02 11:25:52 | 000,001,769 | ---- | c] () --
c:\windows\language_trs.ini
[2011-04-01 01:49:01 | 000,080,416 | ---- | c] () --
c:\windows\system32\rtnicprop32.dll
[2010-11-28 00:20:13 | 000,002,857 | ---- | c] () --
c:\windows\system32\atipblag.dat
[2010-11-21 01:57:58 | 000,886,814 | ---- | c] () --
c:\windows\system32\perfh013.dat
[2010-11-21 01:57:58 | 000,341,322 | ---- | c] () --
c:\windows\system32\perfi013.dat
[2010-11-21 01:57:58 | 000,199,608 | ---- | c] () --
c:\windows\system32\perfc013.dat
[2010-11-21 01:57:58 | 000,043,068 | ---- | c] () --
c:\windows\system32\perfd013.dat
[2010-11-20 23:29:34 | 000,080,896 | ---- | c] () --
c:\windows\system32\rdvghelper.exe
[2010-11-20 23:29:26 | 000,066,048 | ---- | c] () --
c:\windows\system32\printbrmui.exe
[2010-11-03 22:19:39 | 000,013,216 | ---- | c] () --
c:\windows\system32\drivers\asacpi.sys
[2010-10-13 13:16:35 | 000,000,008 | rhs- | c] () -- c:\programdata\ntuser.pol
[2010-10-11 21:30:43 | 000,175,616 | ---- | c] () --
c:\windows\system32\unrar.dll
[2010-08-08 13:29:04 | 000,000,711 | ---- | c] () --
c:\windows\system32\rtslcs.dll
========== lop check ==========
[2011-10-28 22:07:11 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\anvsoft
[2012-03-05 22:48:08 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\avidemux
[2012-03-30 20:35:23 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\belastingdienst
[2012-02-05 13:41:19 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\downloaded installations
[2012-04-09 08:45:09 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\dropbox
[2011-09-08 21:41:17 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\grabit
[2011-09-25 17:33:00 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\jumb-o-fun games
[2011-12-17 12:45:05 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\makemusic
[2011-08-18 21:46:32 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\thrixxx
[2011-07-22 21:00:02 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\tuneup software
[2011-08-17 11:37:41 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\tweetdeckfast.fff259dc0ce2657847bbb4aff0e62062efc56543.1
[2011-11-12 01:31:25 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\vso
[2012-03-05 14:34:59 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\xilisoft
[2011-07-31 10:24:04 | 000,000,000 | ---d | m] -- c:\users\alexander\appdata\roaming\zylom
[2012-03-06 17:50:58 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\avidemux
[2012-03-14 21:28:33 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\belastingdienst
[2011-08-27 09:34:08 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\blamgames
[2011-08-29 22:08:11 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\charles
[2012-04-16 15:37:59 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\dropbox
[2011-09-05 22:28:22 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\grabit
[2011-08-31 18:55:16 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\jumb-o-fun games
[2011-07-21 21:00:01 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\tuneup software
[2011-10-02 13:04:53 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\tweetdeckfast.fff259dc0ce2657847bbb4aff0e62062efc56543.1
[2012-03-06 19:05:18 | 000,000,000 | ---d | m] -- c:\users\anja\appdata\roaming\xilisoft
[2012-04-09 16:56:38 | 000,000,000 | ---d | m] -- c:\users\lynn\appdata\roaming\belastingdienst
[2012-01-26 08:59:44 | 000,000,000 | ---d | m] -- c:\users\lynn\appdata\roaming\dropbox
[2012-01-12 09:00:02 | 000,000,000 | ---d | m] -- c:\users\lynn\appdata\roaming\tuneup software
[2011-05-07 23:46:03 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\expert pdf editor
[2011-07-21 20:38:04 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\free download manager
[2011-05-07 23:46:03 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\iobit
[2011-05-07 23:46:05 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\tuneup software
[2011-05-07 23:46:05 | 000,000,000 | ---d | m] -- c:\users\user\appdata\roaming\ursoft
[2012-04-17 23:47:24 | 000,032,544 | ---- | m] () -- c:\windows\tasks\schedlgu.txt
========== purity check ==========
========== alternate data streams ==========
@alternate data stream - 166 bytes -> c:\programdata\temp:b3d74a13
@alternate data stream - 128 bytes -> c:\programdata\temp:dfc5a2b2
@alternate data stream - 127 bytes -> c:\programdata\temp:430c6d84
< end of report >