Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

ongewenste toolbars in HJT te zien

Abraham54
10 antwoorden
  • Af en toe doe ik een HJT controle. Dit keer zag ik (minstens) 2 ongevraagde en ongewenste toolbars, waarbij ik dacht dat ik searchqu had verwijderd. nee dus? En die onder "03" daarvan vertrouw ik die "noname" ook niet.

    Hierbij alvast een logje:
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:23:39, on 4-10-2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\MailWasher Pro\MailWasher.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O3 - Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - (no file)
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files\AMD AVT\bin\kdbsync.exe" aml
    O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
    O4 - Startup: MailWasher.lnk = C:\Program Files\Firetrust\MailWasher\MailWasher.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe
    O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - Unknown owner - C:\Program Files\PC Tools Firewall Plus\FWService.exe
    O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: uvnc_service - UltraVNC - C:\Users\Ultimate\AppData\Local\CrossLoop\winvnc.exe


    End of file - 5452 bytes

    in eerste instantie en bij voorbaat alvast hartelijk dank!
  • We gaan kijken:

    [b:5c512f23db]Stap •1•[/b:5c512f23db][/color:5c512f23db]
    [b:5c512f23db]Welk programma[/b:5c512f23db]: [b:5c512f23db]AdwCleaner[/b:5c512f23db][/color:5c512f23db]
    [b:5c512f23db]Waarvoor/waarom[/b:5c512f23db]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
    [b:5c512f23db]Moeilijkheidsgraad[/b:5c512f23db]: Geen.
    [b:5c512f23db]Downloadlokatie[/b:5c512f23db]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:5c512f23db]Download[/b:5c512f23db]: AdwCleaner by Xplode.

    [b:5c512f23db]Opmerkingen[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db][b:5c512f23db] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:5c512f23db][/color:5c512f23db].
    [*:5c512f23db]Dat na opstarten van [b:5c512f23db]AdwCleaner[/b:5c512f23db][/color:5c512f23db] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:5c512f23db]
    [b:5c512f23db]AdwCleaner[/color:5c512f23db] opstarten[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db][b:5c512f23db]Windows 2000[/color:5c512f23db][/b:5c512f23db] en [b:5c512f23db]Windows XP[/b:5c512f23db][/color:5c512f23db]: dubbelklik op adwcleaner.exe.
    [*:5c512f23db][b:5c512f23db]Windows Vista[/b:5c512f23db][/color:5c512f23db] en [b:5c512f23db]Windows 7[/b:5c512f23db][/color:5c512f23db]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:5c512f23db]
    [b:5c512f23db]AdwCleaner[/color:5c512f23db] is opgestart[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db]Klik nu eerst op de knop [b:5c512f23db]Zoeken[/b:5c512f23db][/color:5c512f23db]; klik daarna het geopende log weg.
    [*:5c512f23db]Klik vervolgens op de knop [b:5c512f23db]Verwijderen[/b:5c512f23db][/color:5c512f23db]
    [*:5c512f23db]Klik bij [b:5c512f23db]AdwCleaner – Afsluiting van de programma's[/b:5c512f23db][/color:5c512f23db] op [b:5c512f23db]OK[/b:5c512f23db]
    [*:5c512f23db]Klik bij [b:5c512f23db]AdwCleaner – Herstarten noodzakelijk[/b:5c512f23db][/color:5c512f23db] op [b:5c512f23db]OK[/b:5c512f23db][/list:u:5c512f23db]
    [b:5c512f23db]AdwCleaner[/color:5c512f23db] logbestand[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db]Nadat de PC opnieuw is opgestart, opent een logfile.
    [*:5c512f23db]Post vervolgens aansluitend de inhoud van dit log in je volgende bericht.
    [list:5c512f23db]Indien je een foutmelding krijgt, probeer dan eerst of de scan in Veilige modus wel werkt.[/list:u:5c512f23db][/list:u:5c512f23db]

    [b:5c512f23db]Stap •2•[/b:5c512f23db][/color:5c512f23db]
    [b:5c512f23db]Welk programma[/b:5c512f23db]: [b:5c512f23db]Malwarebytes MBAM[/b:5c512f23db][/color:5c512f23db]
    [b:5c512f23db]Waarvoor/waarom[/b:5c512f23db]: gratis specialistische ondemandscanner om Windows snel te onderzoeken op- en te ontdoen van spy- & malware.
    [b:5c512f23db]Moeilijkheidsgraad[/b:5c512f23db]: geen.

    [b:5c512f23db]Download Malwarebytes MBAM via één van deze locaties[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db][b:5c512f23db]Softpedia.com[/b:5c512f23db][*:5c512f23db][b:5c512f23db]Majorgeeks.com[/b:5c512f23db][/list:u:5c512f23db]
    [b:5c512f23db]Allereerst[/b:5c512f23db]:[list:5c512f23db][*:5c512f23db] Al meteen na de installatie wil 'MBAM' zijn database opwaarderen – toestaan dus.
    [*:5c512f23db] Ook bij herhaald gebruik: eerst 'MBAM' updaten via de tab 'Update'![/list:u:5c512f23db]
    [b:5c512f23db]Malwarebytes MBAM opstarten[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db] [b:5c512f23db]Sluit nu eerst alle nog openstaande programmavensters![/color:5c512f23db][/b:5c512f23db]
    [list:5c512f23db][*:5c512f23db][b:5c512f23db]Windows 2000[/color:5c512f23db][/b:5c512f23db] en [b:5c512f23db]Windows XP[/b:5c512f23db][/color:5c512f23db]: dubbelklik op de MBAM -snelkoppeling.
    [*:5c512f23db][b:5c512f23db]Windows Vista[/b:5c512f23db][/color:5c512f23db] en [b:5c512f23db]Windows 7[/b:5c512f23db][/color:5c512f23db]: rechtsklik op de MBAM-snelkoppeling en dan kiezen voor Als Administrator uitvoeren.[/list:u:5c512f23db][/list:u:5c512f23db]
    [list:5c512f23db][*:5c512f23db][b:5c512f23db]Let op:[/b:5c512f23db]
    [list:5c512f23db][*:5c512f23db]Malwarebytes verstrekt nu de volledige versie van MBAM.
    [*:5c512f23db]Bij de eerste start kijg je de mogelijkheid de gratis probeerversie van Malwarebytes AntiMalware tijdelijk te gebruiken.
    [*:5c512f23db]Onafhankelijk van welke antivirusprogramma in jouw Windows adviseer ik dan voor de gratis versie te gaan en dus het vinkje bij de probeerversie te verwijderen.
    [*:5c512f23db]Zodoende zal MBAM als gratis versie verder te gebruiken zijn[/list:u:5c512f23db]
    [img:5c512f23db]http://www.imgdumper.nl/uploads5/5006440296e1a/5006440291bd9-MBAM_4.jpg[/img:5c512f23db]

    [*:5c512f23db][b:5c512f23db]Doe ook nog het volgende:[/b:5c512f23db]
    [list:5c512f23db][*:5c512f23db]Zodra het programma gestart is, ga dan naar het tabblad "[b:5c512f23db]Instellingen[/b:5c512f23db]".
    [*:5c512f23db]Vink hier aan: "[b:5c512f23db]Sluit Internet Explorer tijdens verwijdering van malware[/b:5c512f23db]".[/list:u:5c512f23db][/list:u:5c512f23db]

    [b:5c512f23db]Scannen[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db] Bij het starten van 'MBAM' kies je voor 'Snelle Scan'.
    [*:5c512f23db]Het scannen kan een tijdje duren, dus wees geduldig. Indien de scan voltooid is, klik dan op de knop 'OK'.
    [*:5c512f23db]Klik daarna op de knop 'Bekijk Resultaten' om de resultaten te zien.[/list:u:5c512f23db]
    [b:5c512f23db]Infecties gevonden[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db]Klik nu eerst op OK om de melding weg te klikken
    [*:5c512f23db]Klik vervolgens rechtsonder op de knop Bekijk resultaten.
    [*:5c512f23db]Zorg er nu voor dat alle gevonden infecties aangevinkt zijn, en klik linksonder op Verwijder geselecteerde.
    [*:5c512f23db]Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
    [*:5c512f23db]Indien 'MBAM' moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven – dan telkens op 'OK' klikken!
    [*:5c512f23db]Daarna zal 'MBAM' vragen om de Computer opnieuw op te starten - dus sta toe dat de computer opnieuw opgestart wordt.[/list:u:5c512f23db]
    [b:5c512f23db]MBAM-Log[/b:5c512f23db]:
    [list:5c512f23db][*:5c512f23db] Het log wordt automatisch bewaard door 'MBAM' en dat kan je terugvinden door in het hoofdmenu van 'MBAM' op de tab 'Logbestanden' te klikken.[/list:u:5c512f23db]
    [b:5c512f23db]Post aansluitend in je volgende bericht de inhoud van het MBAM-log.[/b:5c512f23db][/color:5c512f23db]
  • ADW cleaner kon ik alleen afsluiten door opnieuw te laten draaien in V.M. ; een logje heb ik niet meer maar er waren geen ongeoorloofde bestanden te zien. Hier volgt het log van de MBAM:
    Malwarebytes Anti-Malware 1.65.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.10.04.09

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 9.0.8112.16421
    Ultimate :: ULTIMATE-PC [administrator]

    4-10-2012 18:52:18
    mbam-log-2012-10-04 (18-52-18).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 187141
    Verstreken tijd: 3 minuut/minuten, 51 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)

    ———
    Zelf doe ik ook al met regelmaat MBAM, Ccleaner en Eset online scan. Ben benieuwd.!
  • het logo van Adw Cleaner deed mij denken aan een teek die ik eergisteren oogstte, maar dit terzijde:
    [img:7f566f17b8]http://i50.tinypic.com/kn8sp.jpg[/img:7f566f17b8]
  • Vergelijkbaar dus met unwanted sofware in Windows!

    Dan gaan we uitgebreider op zoek:

    [b:f19aa6c047]Welk programma[/b:f19aa6c047]: [b:f19aa6c047]OTL.com[/b:f19aa6c047][/color:f19aa6c047]
    [b:f19aa6c047]Waarvoor/waarom[/b:f19aa6c047]: multifunktioneel tool - analyse en fix
    [b:f19aa6c047]Moeilijkheidsgraad[/b:f19aa6c047]: geen.
    [b:f19aa6c047]Download[/b:f19aa6c047]: [b:f19aa6c047]OTL[/color:f19aa6c047][/b:f19aa6c047] en plaats het bestand op het bureaublad.

    [b:f19aa6c047]OTL.com[/color:f19aa6c047] gebruiken[/b:f19aa6c047]:
    [list:f19aa6c047][*:f19aa6c047] [b:f19aa6c047]Sluit nu eerst alle nog openstaande programmavensters![/color:f19aa6c047][/b:f19aa6c047]
    [list:f19aa6c047][*:f19aa6c047][b:f19aa6c047]Windows 2000[/color:f19aa6c047][/b:f19aa6c047] en [b:f19aa6c047]Windows XP[/b:f19aa6c047][/color:f19aa6c047]: dubbelklik op [b:f19aa6c047]OTL[/b:f19aa6c047][/color:f19aa6c047].
    [*:f19aa6c047][b:f19aa6c047]Windows Vista[/b:f19aa6c047][/color:f19aa6c047] en [b:f19aa6c047]Windows 7[/b:f19aa6c047][/color:f19aa6c047]: via rechtsklik op [b:f19aa6c047]OTL.[/b:f19aa6c047][/color:f19aa6c047] en kies voor "Als Administrator uitvoeren".[/list:u:f19aa6c047][/list:u:f19aa6c047]
    [list:f19aa6c047][*:f19aa6c047]Zet een vinkje bij [b:f19aa6c047]Scan All Users[/b:f19aa6c047][/color:f19aa6c047].
    [*:f19aa6c047]Klik vervolgens op de knop [img:f19aa6c047]http://www.imgdumper.nl/uploads5/4f9112fd1172c/4f9112fd11340-OTL-3.png[/img:f19aa6c047].
    [*:f19aa6c047]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:f19aa6c047]De scan zal niet heel erg lang duren.
    [list:f19aa6c047][*:f19aa6c047]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:f19aa6c047]OTL.Txt[/b:f19aa6c047] en [b:f19aa6c047]Extras.txt[/b:f19aa6c047].
    [*:f19aa6c047]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:f19aa6c047]
    [*:f19aa6c047][b:f19aa6c047]Notabene:[/b:f19aa6c047][/color:f19aa6c047] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:f19aa6c047]
  • hier het OTL:
    OTL logfile created on: 4-10-2012 20:29:21 - Run 1
    OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Ultimate\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,88% Memory free
    6,50 Gb Paging File | 5,34 Gb Available in Paging File | 82,20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232,79 Gb Total Space | 190,43 Gb Free Space | 81,80% Space Free | Partition Type: NTFS
    Drive X: | 465,73 Gb Total Space | 211,66 Gb Free Space | 45,45% Space Free | Partition Type: NTFS
    Drive Z: | 298,09 Gb Total Space | 239,69 Gb Free Space | 80,41% Space Free | Partition Type: NTFS

    Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:0ba1d22f02]

    PRC - [2012-10-04 20:27:45 | 000,601,088 | —- | M] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.com
    PRC - [2012-09-28 20:45:04 | 001,807,800 | —- | M] (Adobe Systems, Inc.) – C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_500_80.exe
    PRC - [2012-09-14 12:56:31 | 000,917,984 | —- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012-09-07 17:04:44 | 000,981,656 | —- | M] (Malwarebytes Corporation) – C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    PRC - [2012-08-31 16:02:03 | 002,754,984 | —- | M] (TeamViewer GmbH) – C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012-08-21 11:12:26 | 004,282,728 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2012-08-21 11:12:25 | 000,044,808 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2012-07-26 14:16:14 | 000,092,632 | —- | M] (TomTom) – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012-04-06 04:16:24 | 000,451,072 | —- | M] (AMD) – C:\Windows\System32\atieclxx.exe
    PRC - [2012-04-06 04:15:50 | 000,217,600 | —- | M] (AMD) – C:\Windows\System32\atiesrxx.exe
    PRC - [2012-04-05 21:56:18 | 000,291,840 | —- | M] (Advanced Micro Devices, Inc.) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    PRC - [2011-10-21 22:47:12 | 000,023,176 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) – C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    PRC - [2011-10-21 22:47:04 | 000,060,552 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) – C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    PRC - [2011-04-07 14:23:34 | 002,672,600 | —- | M] (PC Tools) – C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
    PRC - [2011-02-25 07:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
    PRC - [2011-01-24 13:23:14 | 000,286,000 | —- | M] (PC Tools) – C:\Program Files\PC Tools Firewall Plus\FWService.exe
    PRC - [2010-11-20 23:29:19 | 000,049,152 | —- | M] (Microsoft Corporation) – C:\Windows\System32\taskhost.exe
    PRC - [2010-03-24 19:50:00 | 002,516,296 | —- | M] (CANON INC.) – C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2010-03-15 12:24:06 | 000,560,792 | —- | M] (CrossLoop Inc) – C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe
    PRC - [2009-07-14 03:14:29 | 000,017,408 | —- | M] (Microsoft Corporation) – C:\Windows\System32\PrintIsolationHost.exe
    PRC - [2008-09-16 12:03:18 | 000,169,312 | —- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    PRC - [2007-11-14 21:46:00 | 000,131,072 | —- | M] (Brio) – C:\Program Files\FolderSize\FolderSizeSvc.exe
    PRC - [2007-08-20 10:42:23 | 000,495,616 | —- | M] (Gadwin Systems, Inc) – C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    PRC - [2003-11-06 10:18:13 | 004,393,984 | —- | M] (eCOSM) – C:\Program Files\MailWasher Pro\MailWasher.exe


    ========== Modules (No Company Name) ==========[/color:0ba1d22f02]

    MOD - [2012-09-28 20:45:04 | 014,580,664 | —- | M] () – C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_500_80.dll
    MOD - [2012-09-14 12:56:30 | 002,244,064 | —- | M] () – C:\Program Files\Mozilla Firefox\mozjs.dll


    ========== Services (SafeList) ==========[/color:0ba1d22f02]

    SRV - [2012-09-28 20:45:04 | 000,250,288 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-09-14 12:56:30 | 000,114,144 | —- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
    SRV - [2012-08-31 16:02:03 | 002,754,984 | —- | M] (TeamViewer GmbH) [Auto | Running] – C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe – (TeamViewer7)
    SRV - [2012-08-21 11:12:25 | 000,044,808 | —- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
    SRV - [2012-07-26 14:16:14 | 000,092,632 | —- | M] (TomTom) [Auto | Running] – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe – (TomTomHOMEService)
    SRV - [2012-06-05 12:26:51 | 001,343,400 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)
    SRV - [2012-04-24 12:31:23 | 000,651,720 | —- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
    SRV - [2012-04-06 04:15:50 | 000,217,600 | —- | M] (AMD) [Auto | Running] – C:\Windows\System32\atiesrxx.exe – (AMD External Events Utility)
    SRV - [2012-04-05 21:56:18 | 000,291,840 | —- | M] (Advanced Micro Devices, Inc.) [Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe – (AMD FUEL Service)
    SRV - [2011-10-21 22:47:12 | 000,023,176 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] – C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe – (Guard Agent)
    SRV - [2011-10-21 22:47:04 | 000,060,552 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] – C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe – (EaseUS Agent)
    SRV - [2011-01-24 13:23:14 | 000,286,000 | —- | M] (PC Tools) [Auto | Running] – C:\Program Files\PC Tools Firewall Plus\FWService.exe – (PCToolsFirewallPlus)
    SRV - [2010-03-15 12:24:06 | 000,560,792 | —- | M] (CrossLoop Inc) [Auto | Running] – C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe – (CrossLoopService)
    SRV - [2009-12-06 22:12:48 | 001,590,216 | —- | M] (UltraVNC) [On_Demand | Stopped] – C:\Users\Ultimate\AppData\Local\CrossLoop\winvnc.exe – (uvnc_service)
    SRV - [2009-07-14 03:16:13 | 000,025,088 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
    SRV - [2009-07-14 03:15:41 | 000,680,960 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV - [2008-09-16 12:03:18 | 000,169,312 | —- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe – (AdobeActiveFileMonitor7.0)
    SRV - [2007-11-14 21:46:00 | 000,131,072 | —- | M] (Brio) [Auto | Running] – C:\Program Files\FolderSize\FolderSizeSvc.exe – (FolderSize)


    ========== Driver Services (SafeList) ==========[/color:0ba1d22f02]

    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2010.SP3\WNt500x86\Sandra.sys – (SANDRA)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Program Files\BurnInTest\DirectIo32.sys – (DIRECTIO37)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Program Files\BurnInTest\DirectIo32.sys – (DIRECTIO)
    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Windows\TEMP\cpuz135\cpuz135_x32.sys – (cpuz135)
    DRV - [2012-10-04 18:52:09 | 000,040,776 | —- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\mbamswissarmy.sys – (MBAMSwissArmy)
    DRV - [2012-08-21 11:13:15 | 000,729,752 | —- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\System32\drivers\aswSnx.sys – (aswSnx)
    DRV - [2012-08-21 11:13:15 | 000,355,632 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswSP.sys – (aswSP)
    DRV - [2012-08-21 11:13:15 | 000,054,232 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswTdi.sys – (aswTdi)
    DRV - [2012-08-21 11:13:14 | 000,058,680 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswMonFlt.sys – (aswMonFlt)
    DRV - [2012-08-21 11:13:14 | 000,044,784 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\System32\drivers\aswRdr2.sys – (aswRdr)
    DRV - [2012-08-21 11:13:13 | 000,021,256 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\System32\drivers\aswFsBlk.sys – (aswFsBlk)
    DRV - [2012-04-06 07:21:10 | 009,334,784 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmdag.sys – (amdkmdag)
    DRV - [2012-04-06 03:10:22 | 000,275,968 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmpag.sys – (amdkmdap)
    DRV - [2012-03-05 16:04:30 | 000,045,184 | —- | M] (Advanced Micro Devices) [Kernel | Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys – (AODDriver4.1)
    DRV - [2012-02-23 14:31:58 | 000,086,544 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\AtihdW73.sys – (AtiHDAudioService)
    DRV - [2011-10-21 22:46:56 | 000,185,480 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] – C:\Windows\System32\drivers\EuFdDisk.sys – (EUFDDISK)
    DRV - [2011-10-21 22:46:54 | 000,043,656 | —- | M] () [Kernel | Boot | Running] – C:\Windows\System32\drivers\EUBKMON.sys – (EUBKMON)
    DRV - [2011-10-21 22:46:48 | 000,017,032 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] – C:\Windows\System32\drivers\eudskacs.sys – (EUDSKACS)
    DRV - [2011-10-21 22:46:46 | 000,039,560 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] – C:\Windows\System32\drivers\eubakup.sys – (EUBAKUP)
    DRV - [2011-10-13 13:06:14 | 000,441,608 | —- | M] (Paragon) [Kernel | System | Stopped] – C:\Windows\System32\drivers\Uim_IM.sys – (Uim_IM)
    DRV - [2011-10-13 13:06:14 | 000,277,576 | —- | M] (Paragon) [Kernel | System | Stopped] – C:\Windows\System32\drivers\Uim_Vim.sys – (Uim_Vim)
    DRV - [2011-10-13 13:06:14 | 000,045,240 | —- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] – C:\Windows\System32\drivers\UimBus.sys – (UimBus)
    DRV - [2011-03-02 12:40:54 | 000,160,576 | —- | M] (PC Tools) [Kernel | Auto | Running] – C:\Windows\System32\drivers\PCTAppEvent.sys – (PCTAppEvent)
    DRV - [2011-02-16 17:52:46 | 000,011,520 | —- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\wdcsam.sys – (WDC_SAM)
    DRV - [2011-01-17 09:10:26 | 000,251,560 | —- | M] (PC Tools) [Kernel | System | Running] – C:\Windows\System32\drivers\pctgntdi.sys – (pctgntdi)
    DRV - [2011-01-17 08:11:12 | 000,125,248 | —- | M] (PC Tools) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\pctplfw.sys – (pctplfw)
    DRV - [2011-01-12 10:36:22 | 000,089,472 | —- | M] (PC Tools) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\pctNdis-PacketFilter.sys – (PCTFW-PacketFilter)
    DRV - [2010-11-20 23:29:24 | 000,052,224 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbFlt.sys – (TsUsbFlt)
    DRV - [2010-11-20 23:29:03 | 000,027,264 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbGD.sys – (TsUsbGD)
    DRV - [2010-11-20 14:30:18 | 000,172,416 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vpchbus.sys – (vpcbus)
    DRV - [2010-11-20 12:50:40 | 000,078,336 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vpcusb.sys – (vpcusb)
    DRV - [2010-07-08 08:49:10 | 000,057,536 | —- | M] (PC Tools) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\pctNdis.sys – (pctNdisMP)
    DRV - [2010-07-08 08:49:10 | 000,057,536 | —- | M] (PC Tools) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\pctNdis.sys – (pctNdis)
    DRV - [2010-02-18 09:18:22 | 000,037,944 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\amdiox86.sys – (amdiox86)
    DRV - [2009-12-30 11:21:18 | 000,027,192 | —- | M] (VS Revo Group) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\revoflt.sys – (Revoflt)
    DRV - [2009-07-14 01:45:33 | 000,083,456 | —- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\serial.sys – (Serial)


    ========== Standard Registry (SafeList) ==========[/color:0ba1d22f02]


    ========== Internet Explorer ==========[/color:0ba1d22f02]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com
    esults.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/?ocid=OIE9HP
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E6 0D 95 B7 EF 21 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{B6153D8F-0AD9-4528-ABC2-A94F8DCC9D11}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========[/color:0ba1d22f02]

    FF - prefs.js..browser.search.defaultenginename: "Search Results"
    FF - prefs.js..browser.search.order.1: "Search Results"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp"
    FF - prefs.js..browser.search.selectedEngine: "Search Results"
    FF - prefs.js..browser.startup.homepage: "www.google.nl"
    FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
    FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.3
    FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=388&systemid=406&sr=0&q="
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_500_80.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins
    pFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin
    pgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3
    pPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32
    pDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat
    pWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC
    pvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-31 03:58:40 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-09-14 12:56:31 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012-10-03 13:04:41 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions
    [2012-04-28 16:02:25 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2012-10-04 09:21:24 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Firefox\Profiles\7ailpn14.default\extensions
    [2012-10-04 09:21:24 | 000,257,937 | —- | M] () (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
    [2012-10-03 13:04:41 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions
    [2012-08-31 03:58:40 | 000,000,000 | —D | M] (avast! WebRep) – C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2012-09-14 12:56:31 | 000,266,720 | —- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012-09-14 12:56:29 | 000,002,465 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012-07-14 02:37:45 | 000,001,892 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
    [2012-07-14 02:37:45 | 000,004,558 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2012-07-14 02:37:45 | 000,001,049 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

    ========== Chrome ==========[/color:0ba1d22f02]


    O1 HOSTS File: ([2009-06-10 23:39:37 | 000,000,824 | —- | M]) - C:\Windows\System32\drivers\etc\hosts
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
    O4 - HKLM..\Run: [AMD AVT] C:\Windows\System32\cmd.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKCU..\Run: [MailWasher] C:\Program Files\MailWasher Pro\MailWasher.exe (eCOSM)
    O4 - Startup: C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MailWasher.lnk = File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D5CE26-332D-432B-B622-E97B7F631628}: DhcpNameServer = 192.168.2.254
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | —- | M] () - C:\autoexec.bat – [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = comfile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========[/color:0ba1d22f02]

    [2012-10-04 20:27:43 | 000,601,088 | —- | C] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.com
    [2012-10-04 18:51:25 | 000,040,776 | —- | C] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbamswissarmy.sys
    [2012-10-04 13:40:06 | 000,000,000 | —D | C] – C:\ProgramData\Canneverbe Limited
    [2012-10-04 13:40:05 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Canneverbe Limited
    [2012-10-04 13:39:54 | 000,000,000 | —D | C] – C:\Program Files\CDBurnerXP
    [2012-10-03 16:44:01 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotoservice
    [2012-10-03 11:34:39 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
    [2012-10-03 11:34:39 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
    [2012-10-01 16:39:14 | 000,000,000 | —D | C] – C:\Users\Ultimate\Desktop\LR 4.2 r.c
    [2012-09-28 20:47:02 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
    [2012-09-26 08:54:51 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ACD Systems
    [2012-09-26 08:54:51 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
    [2012-09-26 08:25:09 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\ACD Systems
    [2012-09-25 10:42:29 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Adobe
    [2012-09-23 15:26:43 | 000,000,000 | —D | C] – C:\Windows\System32\DRVSTORE
    [2012-09-23 15:25:53 | 000,000,000 | —D | C] – C:\ProgramData\Soluto
    [2012-09-23 08:30:26 | 000,000,000 | -H-D | C] – C:\ProgramData\CanonIJMyPrinter
    [2012-09-22 20:48:46 | 000,000,000 | —D | C] – C:\ProgramData\CanonIJPLM
    [2012-09-22 20:48:45 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
    [2012-09-22 20:20:41 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\CD-LabelPrint
    [2012-09-20 12:08:31 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Enhanced Mitigation Experience Toolkit
    [2012-09-20 12:08:29 | 000,000,000 | —D | C] – C:\Program Files\EMET
    [2012-09-15 13:58:14 | 000,000,000 | —D | C] – C:\ProgramData\NCH Software
    [2012-09-15 13:58:14 | 000,000,000 | —D | C] – C:\Program Files\NCH Software
    [2012-09-15 13:58:11 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\NCH Software
    [2012-09-14 18:42:43 | 000,000,000 | —D | C] – C:\Users\Ultimate\Documents\restore
    [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========[/color:0ba1d22f02]

    [2012-10-04 20:28:26 | 000,004,605 | —- | M] () – C:\Users\Ultimate\intlname.ols
    [2012-10-04 20:27:45 | 000,601,088 | —- | M] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.com
    [2012-10-04 20:27:02 | 000,001,048 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012-10-04 20:26:43 | 000,067,584 | –S- | M] () – C:\Windows\bootstat.dat
    [2012-10-04 20:26:43 | 000,000,940 | —- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012-10-04 18:58:30 | 000,021,472 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012-10-04 18:58:30 | 000,021,472 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012-10-04 18:50:35 | 000,001,044 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012-10-04 18:50:26 | 2616,647,680 | -HS- | M] () – C:\hiberfil.sys
    [2012-10-04 18:42:17 | 000,513,501 | —- | M] () – C:\Users\Ultimate\Desktop\adwcleaner.exe
    [2012-10-03 11:33:15 | 000,701,326 | —- | M] () – C:\Windows\System32\perfh013.dat
    [2012-10-03 11:33:15 | 000,615,810 | —- | M] () – C:\Windows\System32\perfh009.dat
    [2012-10-03 11:33:15 | 000,133,358 | —- | M] () – C:\Windows\System32\perfc013.dat
    [2012-10-03 11:33:15 | 000,106,190 | —- | M] () – C:\Windows\System32\perfc009.dat
    [2012-10-01 16:46:07 | 000,002,072 | —- | M] () – C:\Users\Public\Desktop\Lightroom 4.2 RC.lnk
    [2012-10-01 11:38:50 | 000,000,047 | —- | M] () – C:\Users\Ultimate\Desktop\Google.URL
    [2012-09-28 20:47:02 | 000,001,124 | —- | M] () – C:\Users\Ultimate\Application Data\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk
    [2012-09-25 20:51:39 | 000,000,148 | —- | M] () – C:\Users\Ultimate\Desktop\Onze nieuwe tuin - Jacob Doeglas - Picasa Webalbums.URL
    [2012-09-23 15:30:05 | 000,000,193 | —- | M] () – C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012-09-20 09:07:36 | 000,002,577 | —- | M] () – C:\Windows\System32\config.nt
    [2012-09-15 07:39:44 | 000,001,068 | —- | M] () – C:\Users\Public\Desktop\Picasa 3.lnk
    [2012-09-07 17:04:46 | 000,022,856 | —- | M] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbam.sys
    [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    ========== Files Created - No Company Name ==========[/color:0ba1d22f02]

    [2012-10-04 18:42:12 | 000,513,501 | —- | C] () – C:\Users\Ultimate\Desktop\adwcleaner.exe
    [2012-10-04 13:39:58 | 000,001,849 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
    [2012-10-01 16:46:08 | 000,002,084 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.2 RC.lnk
    [2012-10-01 16:46:07 | 000,002,072 | —- | C] () – C:\Users\Public\Desktop\Lightroom 4.2 RC.lnk
    [2012-10-01 11:38:50 | 000,000,047 | —- | C] () – C:\Users\Ultimate\Desktop\Google.URL
    [2012-09-25 20:51:39 | 000,000,148 | —- | C] () – C:\Users\Ultimate\Desktop\Onze nieuwe tuin - Jacob Doeglas - Picasa Webalbums.URL
    [2012-09-24 15:29:27 | 000,001,132 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn.lnk
    [2012-09-23 15:26:59 | 000,000,193 | —- | C] () – C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012-07-31 15:46:36 | 000,038,465 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (DOS).ADR
    [2012-07-09 08:22:23 | 000,007,605 | —- | C] () – C:\Users\Ultimate\AppData\Local\Resmon.ResmonCfg
    [2012-07-01 14:04:10 | 000,043,656 | —- | C] () – C:\Windows\System32\drivers\EUBKMON.sys
    [2012-04-27 19:26:55 | 000,022,728 | —- | C] () – C:\Windows\System32\emptyregdb.dat
    [2012-04-27 13:15:07 | 000,004,605 | —- | C] () – C:\Users\Ultimate\intlname.ols
    [2012-04-27 12:52:51 | 000,028,286 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door tabs gescheiden waarden (Windows).ADR
    [2012-04-27 12:30:47 | 000,028,245 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door tabs gescheiden waarden (DOS).ADR
    [2012-04-27 12:00:12 | 000,038,423 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Microsoft Excel.ADR
    [2012-04-26 19:17:13 | 000,000,035 | —- | C] () – C:\Windows\A4W.INI
    [2012-04-25 18:04:35 | 000,000,000 | —- | C] () – C:\Windows\ativpsrm.bin
    [2012-04-24 15:30:53 | 000,088,656 | —- | C] () – C:\Windows\System32\cpwmon2k.dll
    [2012-04-24 10:55:07 | 000,028,308 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
    [2012-04-24 10:38:23 | 000,000,392 | —- | C] () – C:\Windows\ODBC.INI
    [2012-04-24 10:05:55 | 000,000,663 | —- | C] () – C:\Windows\unins000.dat
    [2012-04-05 22:34:22 | 000,159,232 | —- | C] () – C:\Windows\System32\clinfo.exe
    [2012-03-09 06:22:26 | 000,204,952 | —- | C] () – C:\Windows\System32\ativvsvl.dat
    [2012-03-09 06:22:26 | 000,157,144 | —- | C] () – C:\Windows\System32\ativvsva.dat
    [2012-01-31 07:00:24 | 000,016,896 | —- | C] () – C:\Windows\System32\kdbsdk32.dll
    [2012-01-10 23:10:08 | 000,601,728 | —- | C] () – C:\Windows\System32\atiicdxx.dat
    [2011-09-13 00:06:16 | 000,003,917 | —- | C] () – C:\Windows\System32\atipblag.dat
    [2011-06-15 17:54:34 | 000,009,525 | —- | C] () – C:\Users\Ultimate\huidig adresboek
    [2011-04-12 06:48:01 | 000,701,326 | —- | C] () – C:\Windows\System32\perfh013.dat
    [2011-04-12 06:48:01 | 000,341,322 | —- | C] () – C:\Windows\System32\perfi013.dat
    [2011-04-12 06:48:01 | 000,133,358 | —- | C] () – C:\Windows\System32\perfc013.dat
    [2011-04-12 06:48:01 | 000,043,068 | —- | C] () – C:\Windows\System32\perfd013.dat

    ========== ZeroAccess Check ==========[/color:0ba1d22f02]

    [2009-07-14 06:42:31 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll – [2012-06-09 06:41:00 | 012,873,728 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll – [2010-11-20 23:29:20 | 000,606,208 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll – [2009-07-14 03:16:17 | 000,342,528 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== LOP Check ==========[/color:0ba1d22f02]

    [2012-06-13 19:18:36 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\ACD Systems
    [2012-09-02 09:51:06 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Auslogics
    [2012-10-04 13:40:05 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Canneverbe Limited
    [2012-05-07 12:46:24 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Canon
    [2012-09-22 20:20:41 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\CD-LabelPrint
    [2012-05-13 09:39:54 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Christofer Persson
    [2012-08-05 09:19:59 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Firetrust
    [2012-06-19 09:21:11 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Foxit Software
    [2012-08-07 16:14:05 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\MailWasherFree
    [2012-10-04 18:51:04 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\MailWasherPro
    [2012-06-22 15:34:31 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\PC Cleaners
    [2012-06-22 15:37:46 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\PCPro
    [2012-04-26 19:20:29 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\PCToolsFirewallPlus
    [2012-08-16 08:22:19 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Spotify
    [2012-04-24 10:58:06 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\Thunderbird
    [2012-04-28 16:02:24 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\TomTom
    [2012-05-16 10:46:05 | 000,000,000 | —D | M] – C:\Users\Ultimate\AppData\Roaming\YoWindow

    ========== Purity Check ==========[/color:0ba1d22f02]



    ========== Alternate Data Streams ==========[/color:0ba1d22f02]

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:07BF512B
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6

    < End of report >
    en hier Extras
    OTL Extras logfile created on: 4-10-2012 20:29:21 - Run 1
    OTL by OldTimer - Version 3.2.70.2 Folder = C:\Users\Ultimate\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,53 Gb Available Physical Memory | 77,88% Memory free
    6,50 Gb Paging File | 5,34 Gb Available in Paging File | 82,20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232,79 Gb Total Space | 190,43 Gb Free Space | 81,80% Space Free | Partition Type: NTFS
    Drive X: | 465,73 Gb Total Space | 211,66 Gb Free Space | 45,45% Space Free | Partition Type: NTFS
    Drive Z: | 298,09 Gb Total Space | 239,69 Gb Free Space | 80,41% Space Free | Partition Type: NTFS

    Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:0ba1d22f02]


    ========== File Associations ==========[/color:0ba1d22f02]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] – C:\Windows\winhlp32.exe (Microsoft Corporation)
    .html [@ = ChromeHTML] – Reg Error: Unable to open value key File not found

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] – C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========[/color:0ba1d22f02]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Unable to open value key
    hlpfile [open] – %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    http [open] – Reg Error: Unable to open value key
    https [open] – Reg Error: Unable to open value key
    inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Unable to open value key
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Unable to open value key
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] – "C:\Program Files\VideoLAN\VLC\vlc.exe" –started-from-file –playlist-enqueue "%1" ()
    Directory [Browse with FastStone] – "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Fotoservice] – "C:\Program Files\AH\Fotoservice\Fotoservice.exe" "%1" ()
    Directory [PlayWithVLC] – "C:\Program Files\VideoLAN\VLC\vlc.exe" –started-from-file –no-playlist-enqueue "%1" ()
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========[/color:0ba1d22f02]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type – File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== Firewall Settings ==========[/color:0ba1d22f02]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 0
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========[/color:0ba1d22f02]


    ========== Vista Active Open Ports Exception List ==========[/color:0ba1d22f02]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0609EBB1-B486-4636-862D-7198AEBB8496}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{2EEDF5BE-C4DC-4FF1-BCD6-BF3F1D4A4579}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4874608D-4934-49E3-BC0A-8B45DC2EDF45}" = rport=445 | protocol=6 | dir=out | app=system |
    "{4C65FE78-18E2-41DF-B684-CF665069B29C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{4DB1D5F6-67D9-414C-9189-144C5EE67C69}" = lport=139 | protocol=6 | dir=in | app=system |
    "{5DCDD79F-071E-45AD-A550-D398C1F34F7C}" = lport=445 | protocol=6 | dir=in | app=system |
    "{69BDCCB7-DA8F-466F-927B-DDD0AE810C6B}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6D46F93F-0D9F-43C6-8FB9-AB7B191D4650}" = lport=138 | protocol=17 | dir=in | app=system |
    "{6F148229-29CA-4E13-88B4-403B688CBB69}" = rport=138 | protocol=17 | dir=out | app=system |
    "{7B6C8CC4-02C8-4D17-A044-125E95A11BD9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{B8DFFB33-036F-432E-8CF9-CC11194DF2AD}" = lport=137 | protocol=17 | dir=in | app=system |
    "{EE78C9AA-101C-4559-900D-1491DC6FAAC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F68788B2-0A41-489D-BD31-AB767A15887D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{FFAFBBB1-CB13-4676-B265-D1BEE8E335F9}" = rport=137 | protocol=17 | dir=out | app=system |

    ========== Vista Active Application Exception List ==========[/color:0ba1d22f02]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{20431594-A2FD-4679-AB3B-E5BBE3FB796A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{2225897E-753F-42A4-B112-3AFCF20A6F11}" = protocol=17 | dir=in | app=c:\users\ultimate\appdata\local\crossloop\vncviewer.exe |
    "{2498890C-FE75-470E-B3E4-B21375C321A9}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
    "{4AB12A2A-1FEE-4294-BE69-32371AE4A3D0}" = protocol=6 | dir=in | app=c:\users\ultimate\appdata\local\crossloop\vncviewer.exe |
    "{4F81F2CD-328F-4914-AA1B-EFAB8F86793B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{4F9D1B14-A3DB-49D1-9870-308017B11511}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
    "{5DF84106-3489-44DE-82E0-1CCB7AF220C8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{974A4F08-49D6-4BB9-8435-3D8AC762A2C2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{9851EB90-B199-4C54-B9D8-26A520B0F959}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A6D40755-819F-4366-BE55-066E4F7246D5}" = protocol=17 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
    "{AB56F165-F622-4F27-959C-A7E689D9CC15}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{AF8E6C91-AA8F-41F4-BADC-9BE9031405D5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{B27E1178-07E7-40BF-ACC0-819A6AB7F728}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
    "{BC624937-6249-46B3-B9A9-0EF52314A992}" = protocol=6 | dir=in | app=c:\program files\easeus\todo backup\bin\agent.exe |
    "{CD59705E-CB63-4355-91DE-4C970C781BE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{EABC683D-8D9A-4246-8160-D87409639C9B}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
    "{FE7D7812-4D95-4576-882C-B3B211605955}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:0ba1d22f02]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00F30C0D-4193-4555-8BEA-C60AE8040383}" = Microsoft Camera Codec Pack
    "{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
    "{0673654C-5296-453B-9798-B61CD7E03FEB}" = SES Driver
    "{115C6DA4-A8B1-4DA2-B675-302576FD04FB}" = LUMIX RAW Codec 1.0
    "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
    "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD YouTube Downloader & Converter 3.7
    "{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}" = Microsoft .NET Framework 4 Client Profile NLD Language Pack
    "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
    "{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
    "{2FC92BF4-F8BB-755F-755C-D756383C4CF3}" = ccc-utility
    "{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
    "{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
    "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
    "{3D599ADA-65D9-4B51-898F-CE718DEC5DBB}" = Microsoft Image Composite Editor
    "{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
    "{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
    "{48FC3F43-D57D-43A3-B1E6-EE88AFD93DE5}" = Easy Rolodex 3.2
    "{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
    "{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
    "{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
    "{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
    "{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
    "{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
    "{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
    "{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1" = Revo Uninstaller Pro 2.5.8
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
    "{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
    "{90110413-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Editie 2003
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}" = TomTom HOME
    "{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
    "{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
    "{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
    "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
    "{A6F1A4B7-4EFA-653F-98EB-BFD8C209FF1C}" = AMD Accelerated Video Transcoding
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
    "{BB6DFD70-C112-4369-869D-9DD148F9285E}" = Adobe Photoshop Lightroom 4.2 RC
    "{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
    "{BE46269C-3DB6-281D-07AC-E658A9768A8E}" = AMD Drag and Drop Transcoding
    "{BF7E72DC-FD54-20A6-8F92-E6F27F1D579D}" = AMD Fuel
    "{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0
    "{CE3DF04B-D674-369C-8469-75285614A8C4}" = AMD Catalyst Install Manager
    "{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
    "{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
    "{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
    "{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
    "{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
    "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
    "{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
    "{F335228B-0FFC-F617-08C7-A4E072441FBE}" = AMD Media Foundation Decoders
    "{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
    "{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
    "7-Zip" = 7-Zip 9.22beta
    "ACDSee" = ACDSee
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0
    "Adres 2000_is1" = Adres 2000 Versie 1.931
    "avast" = avast! Free Antivirus
    "CanonMyPrinter" = Canon My Printer
    "CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
    "CCleaner" = CCleaner
    "CrossLoop_is1" = CrossLoop 2.72
    "CutePDF Writer Installation" = CutePDF Writer 3.0
    "EaseUS Todo Backup Free 3.5_is1" = EaseUS Todo Backup Free 3.5
    "ESET Online Scanner" = ESET Online Scanner v3
    "ExpressBurn" = Express Burn
    "FastStone Image Viewer" = FastStone Image Viewer 4.6
    "FastStone Photo Resizer" = FastStone Photo Resizer 3.0
    "FileHippo.com" = FileHippo.com Update Checker
    "Fotoservice" = Fotoservice
    "Foxit Reader_is1" = Foxit Reader
    "Gadwin PrintScreen" = Gadwin PrintScreen
    "HijackThis" = HijackThis 2.0.2
    "Icon Restore_is1" = Icon Restore 1.0
    "MailWasher Pro_is1" = MailWasher Pro
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.65.0.1400
    "MediaNavigation.CDLabelPrint" = CD-LabelPrint
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile NLD Language Pack" = Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD
    "Mozilla Firefox 15.0.1 (x86 nl)" = Mozilla Firefox 15.0.1 (x86 nl)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
    "NTREGOPT_is1" = NTREGOPT 1.1j
    "PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
    "Picasa 3" = Picasa 3
    "TeamViewer 7" = TeamViewer 7
    "VLC media player" = VLC media player 2.0.3

    ========== Last 20 Event Log Errors ==========[/color:0ba1d22f02]

    [ Application Events ]
    Error - 2-10-2012 1:40:03 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2-10-2012 2:00:58 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 2-10-2012 9:57:53 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 2-10-2012 13:27:27 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 3-10-2012 2:55:05 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 3-10-2012 7:33:17 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 3-10-2012 8:14:34 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 4-10-2012 3:11:31 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 4-10-2012 3:45:38 | Computer Name = Ultimate-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 4-10-2012 12:50:58 | Computer Name = Ultimate-PC | Source = WinMgmt | ID = 10
    Description =

    [ System Events ]
    Error - 9-8-2012 2:56:07 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 9-8-2012 4:39:57 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 9-8-2012 8:36:46 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 9-8-2012 15:02:53 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 10-8-2012 1:18:19 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 11-8-2012 1:55:52 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 11-8-2012 4:37:40 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 12-8-2012 2:45:05 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 12-8-2012 7:00:59 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim

    Error - 13-8-2012 2:54:24 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM
    Uim_Vim


    < End of report >

    tot zo!
  • Hoi, kijk hier: http://www.sevenforums.com/software/138171-uimbus-uim_im-drivers.html voor de foutmeldingen: [b:3719b7cd29]Error - 13-8-2012 2:54:24 | Computer Name = Ultimate-PC | Source = Service Control Manager | ID = 7026
    Description = De volgende opstartstuurprogramma's zijn niet geladen: UimBus Uim_IM Uim_Vim[/b:3719b7cd29]


    [b:3719b7cd29]Sluit voordat OTL[/color:3719b7cd29] de fix laat doen, eerst alle andere openstaande vensters![/b:3719b7cd29]

    [list:3719b7cd29][*:3719b7cd29]Dubblklik op [img:3719b7cd29]http://www.imgdumper.nl/uploads5/4f91108799372/4f91108798ba0-OTL-1.png[/img:3719b7cd29]
    [*:3719b7cd29]Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het kader onder [img:3719b7cd29]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:3719b7cd29]

    [b:3719b7cd29]
    :OTL

    IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchnu.com/406
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

    [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

    @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:07BF512B
    @Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:C31F31E6



    :Services


    :Reg


    :Files
    ipconfig /flushdns /c
    C:\Users\Ultimate\Desktop\adwcleaner.exe



    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
    [reboot][/color:3719b7cd29][/b:3719b7cd29]


    [*:3719b7cd29]Klik daarna bovenaan op [img:3719b7cd29]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:3719b7cd29]
    [*:3719b7cd29]Laat het programma ongestoord zijn werk doen.
    [*:3719b7cd29][b:3719b7cd29]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:3719b7cd29][/color:3719b7cd29]
    [*:3719b7cd29]Klik op [b:3719b7cd29]OK[/b:3719b7cd29]
    [*:3719b7cd29]Na het opnieuw opstarten wordt enkel een nieuw log geopend.
    [*:3719b7cd29]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:3719b7cd29]
  • hier komt ie:
    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
    C:\ProgramData\xml3CC9.tmp deleted successfully.
    C:\ProgramData\xml3DF3.tmp deleted successfully.
    C:\ProgramData\xml3E81.tmp deleted successfully.
    C:\ProgramData\xml3F0E.tmp deleted successfully.
    C:\ProgramData\xml443B.tmp deleted successfully.
    C:\ProgramData\xml44B9.tmp deleted successfully.
    C:\Program Files\GUME2F5.tmp\GoogleCrashHandler.exe deleted successfully.
    C:\Program Files\GUME2F5.tmp\GoogleCrashHandler64.exe deleted successfully.
    C:\Program Files\GUME2F5.tmp\GoogleUpdate.exe deleted successfully.
    C:\Program Files\GUME2F5.tmp\GoogleUpdateBroker.exe deleted successfully.
    C:\Program Files\GUME2F5.tmp\GoogleUpdateHelper.msi deleted successfully.
    C:\Program Files\GUME2F5.tmp\GoogleUpdateOnDemand.exe deleted successfully.
    C:\Program Files\GUME2F5.tmp\GoogleUpdateSetup.exe deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdate.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_am.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ar.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_bg.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_bn.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ca.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_cs.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_da.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_de.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_el.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_en-GB.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_en.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_es-419.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_es.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_et.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_fa.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_fi.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_fil.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_fr.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_gu.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_hi.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_hr.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_hu.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_id.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_is.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_it.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_iw.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ja.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_kn.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ko.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_lt.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_lv.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ml.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_mr.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ms.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_nl.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_no.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_pl.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_pt-BR.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_pt-PT.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ro.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ru.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_sk.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_sl.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_sr.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_sv.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_sw.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ta.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_te.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_th.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_tr.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_uk.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_ur.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_vi.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_zh-CN.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\goopdateres_zh-TW.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp
    pGoogleUpdate3.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\psmachine.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp\psuser.dll deleted successfully.
    C:\Program Files\GUME2F5.tmp folder deleted successfully.
    C:\Program Files\GUTE2F6.tmp deleted successfully.
    ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
    ADS C:\ProgramData\TEMP:C31F31E6 deleted successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >[/color:5f9491a133]
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Users\Ultimate\Desktop\cmd.bat deleted successfully.
    C:\Users\Ultimate\Desktop\cmd.txt deleted successfully.
    C:\Users\Ultimate\Desktop\adwcleaner.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    User: Ultimate
    ->Temp folder emptied: 6114373 bytes
    ->Temporary Internet Files folder emptied: 7770402 bytes
    ->Java cache emptied: 1878 bytes
    ->FireFox cache emptied: 90047878 bytes
    ->Flash cache emptied: 1363 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 119061563 bytes
    RecycleBin emptied: 8039392 bytes

    Total Files Cleaned = 220,00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Ultimate
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: Public

    User: Ultimate
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.70.2 log created on 10042012_212046

    Files\Folders moved on Reboot…
    File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DF571B8BC9804D8F50.TMP not found!
    File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DF66E8D2DBB1663BF3.TMP not found!
    File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DF7503DF930DA38E70.TMP not found!
    File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DFDC7054AD26DEF71C.TMP not found!
    File\Folder C:\Users\Ultimate\AppData\Local\Temp\~DFE38D2A3BF0E7D21F.TMP not found!
    File\Folder C:\Users\Ultimate\AppData\Local\Temp\~WRD0004.doc not found!
    File\Folder C:\Users\Ultimate\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS0001.tmp not found!
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

    PendingFileRenameOperations files…

    Registry entries deleted on Reboot…

    ik zie staan: all processes killed.
  • Hoe gaat het nu?
  • ik zag met HJT dat de rommel weg is. Voor mij mag je 30 april een lintje krijgen. Hartelijk dank. f.j.s.
    p.s. klachten had ik niet maar ik heb een hekel aan toolbars, vooral als ze niet te de-installeren zijn.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.