Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

hardnekkige toolbars

None
32 antwoorden
  • Na installatie en uninstall. van "Unlocker" zag ik in HJT een aantal hardnekkige toolbars. HGraag zou ik advies hier over willen hebben hoe ik van die handel afkom:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:00:58, on 4-1-2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    C:\Program Files\MailWasher Pro\MailWasher.exe
    C:\Program Files\Secunia\PSI\psi_tray.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
    O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
    O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
    O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash
    O4 - HKCU\..\Run: [MailWasher] C:\PROGRA~1\MAILWA~1\MAILWA~1.EXE
    O4 - HKCU\..\Run: [FileHippo.com] "C:\Program Files\FileHippo.com\UpdateChecker.exe" /background
    O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Avira Planner (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop Inc - C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe
    O23 - Service: EaseUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
    O23 - Service: Guard Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Unknown owner - C:\Program Files\Macrium\Reflect\ReflectService.exe
    O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
    O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
    O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe


    End of file - 6589 bytes

    Met name die toolbar "no name" "sweet"en "sweetpacks" zijn met die Unlocker meegekomen. Uniblue-gedoe had ik al eerder verwijderd.
  • Ik weet niet waar je Unlocker vandaan hebt gehaald.
    Maar was dat Softonic - ja dan is alles duidelijk!
    Lees alles over wrappers hier: https://www.emsisoft.com/en/kb/articles/tec120224/

    [b:c87a97fc52]Stap •1•[/b:c87a97fc52][/color:c87a97fc52]
    [b:c87a97fc52]Welk programma[/b:c87a97fc52]: [b:c87a97fc52]AdwCleaner[/b:c87a97fc52][/color:c87a97fc52]
    [b:c87a97fc52]Waarvoor/waarom[/b:c87a97fc52]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
    [b:c87a97fc52]Moeilijkheidsgraad[/b:c87a97fc52]: Geen.
    [b:c87a97fc52]Downloadlokatie[/b:c87a97fc52]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:c87a97fc52]Download[/b:c87a97fc52]: [b:c87a97fc52]AdwCleaner by Xplode[/b:c87a97fc52][/color:c87a97fc52].

    [b:c87a97fc52]Opmerkingen[/b:c87a97fc52]:
    [list:c87a97fc52][*:c87a97fc52][b:c87a97fc52] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:c87a97fc52][/color:c87a97fc52].
    [*:c87a97fc52]Dat na opstarten van [b:c87a97fc52]AdwCleaner[/b:c87a97fc52][/color:c87a97fc52] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:c87a97fc52]
    [b:c87a97fc52]AdwCleaner[/color:c87a97fc52] opstarten[/b:c87a97fc52]:
    [list:c87a97fc52][*:c87a97fc52][b:c87a97fc52]Windows 2000[/color:c87a97fc52][/b:c87a97fc52] en [b:c87a97fc52]Windows XP[/b:c87a97fc52][/color:c87a97fc52]: dubbelklik op adwcleaner.exe.
    [*:c87a97fc52][b:c87a97fc52]Windows Vista[/b:c87a97fc52][/color:c87a97fc52], [b:c87a97fc52]Windows 7[/b:c87a97fc52][/color:c87a97fc52] en [b:c87a97fc52]Windows 8[/b:c87a97fc52][/color:c87a97fc52]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:c87a97fc52]
    [b:c87a97fc52]AdwCleaner[/color:c87a97fc52] is opgestart[/b:c87a97fc52]:
    [list:c87a97fc52][*:c87a97fc52]Klik op de knop [b:c87a97fc52]Verwijderen[/b:c87a97fc52][/color:c87a97fc52]
    [*:c87a97fc52]Klik bij [b:c87a97fc52]AdwCleaner – Afsluiting van de programma's[/b:c87a97fc52][/color:c87a97fc52] op [b:c87a97fc52]OK[/b:c87a97fc52]
    [*:c87a97fc52]Klik bij [b:c87a97fc52]AdwCleaner – Herstarten noodzakelijk[/b:c87a97fc52][/color:c87a97fc52] op [b:c87a97fc52]OK[/b:c87a97fc52][/list:u:c87a97fc52]
    [b:c87a97fc52]AdwCleaner[/color:c87a97fc52] logbestand[/b:c87a97fc52]:
    [list:c87a97fc52][*:c87a97fc52]Nadat de PC opnieuw is opgestart, opent een logfile.
    [*:c87a97fc52]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:c87a97fc52]

    [b:c87a97fc52]Stap •2•[/b:c87a97fc52][/color:c87a97fc52]
    [b:c87a97fc52]Welk programma[/b:c87a97fc52]: [b:c87a97fc52]OTL.exe[/b:c87a97fc52][/color:c87a97fc52]
    [b:c87a97fc52]Waarvoor/waarom[/b:c87a97fc52]: multifunktioneel tool - analyse en fix
    [b:c87a97fc52]Moeilijkheidsgraad[/b:c87a97fc52]: geen.
    [b:c87a97fc52]Download[/b:c87a97fc52]: [b:c87a97fc52]OTL.exe[/color:c87a97fc52][/b:c87a97fc52] en plaats het bestand op het bureaublad.
    [b:c87a97fc52]Sluit voordat OTL.exe[/color:c87a97fc52] gaat scannen, eerst alle andere openstaande vensters![/b:c87a97fc52]

    [b:c87a97fc52]OTL.exe[/color:c87a97fc52] gebruiken[/b:c87a97fc52]:
    [list:c87a97fc52][*:c87a97fc52] [b:c87a97fc52]Sluit nu eerst alle nog openstaande programmavensters![/color:c87a97fc52][/b:c87a97fc52]
    [list:c87a97fc52][*:c87a97fc52][b:c87a97fc52]Windows 2000[/color:c87a97fc52][/b:c87a97fc52] en [b:c87a97fc52]Windows XP[/b:c87a97fc52][/color:c87a97fc52]: dubbelklik op [b:c87a97fc52]OTL.exe[/b:c87a97fc52][/color:c87a97fc52].
    [*:c87a97fc52][b:c87a97fc52]Windows Vista[/b:c87a97fc52][/color:c87a97fc52], [b:c87a97fc52]Windows 7[/b:c87a97fc52][/color:c87a97fc52] en [b:c87a97fc52]Windows 8[/b:c87a97fc52][/color:c87a97fc52]: via rechtsklik op [b:c87a97fc52]OTL.exe[/b:c87a97fc52][/color:c87a97fc52] en kies voor "Als Administrator uitvoeren".[/list:u:c87a97fc52][/list:u:c87a97fc52]

    [list:c87a97fc52][*:c87a97fc52]Zet een vinkje bij [b:c87a97fc52]Scan All Users[/b:c87a97fc52][/color:c87a97fc52], [b:c87a97fc52]LOP Check[/b:c87a97fc52][/color:c87a97fc52] en bij [b:c87a97fc52]PURITY Check[/b:c87a97fc52][/color:c87a97fc52].

    [*:c87a97fc52]Kopieer en plak ondervermelde (vetgedrukte, blauwe tekst) in het kader onder [img:c87a97fc52]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:c87a97fc52]

    [b:c87a97fc52]netsvcs
    BASESERVICES
    DRIVES
    netsvcs
    msconfig
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.sys /90
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\*
    %USERPROFILE%\..|smtmp;true;true;true /FP
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    hklm\software\clients\startmenuinternet|command
    s
    hklm\software\clients\startmenuinternet|command /64
    s
    CREATERESTOREPOINT[/color:c87a97fc52][/b:c87a97fc52]

    [*:c87a97fc52]Klik vervolgens op de knop [img:c87a97fc52]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:c87a97fc52].
    [*:c87a97fc52]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:c87a97fc52]De scan zal niet heel erg lang duren.
    [list:c87a97fc52][*:c87a97fc52]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:c87a97fc52]OTL.Txt[/b:c87a97fc52] en [b:c87a97fc52]Extras.txt[/b:c87a97fc52].
    [*:c87a97fc52]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:c87a97fc52]
    [*:c87a97fc52][b:c87a97fc52]Notabene:[/b:c87a97fc52][/color:c87a97fc52] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.[/list:u:c87a97fc52]
  • hier het ADW log:
    # AdwCleaner v2.104 - Verslag gemaakt op 04/01/2013 om 16:49:34
    # Geactualiseerd op 29/12/2012 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (32 bits)
    # Gebruiker : Ultimate - ULTIMATE-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Ultimate\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\END
    File Verwijdert : C:\Users\Ultimate\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
    File Verwijdert : C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
    File Verwijdert : C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\searchplugins\SweetIm.xml
    Map Verwijdert : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
    Map Verwijdert : C:\Program Files\SweetIM
    Map Verwijdert : C:\ProgramData\SweetIM
    Map Verwijdert : C:\ProgramData\Tarma Installer
    Map Verwijdert : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
    Map Verwijdert : C:\Windows\Installer\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\APN PIP
    Sleutel Verwijdert : HKCU\Software\Ask.com.tmp
    Sleutel Verwijdert : HKCU\Software\Softonic
    Sleutel Verwijdert : HKCU\Software\SweetIM
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\sim-packages
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A0C9DF2B-89B5-4483-8983-18A68200F1B4}
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
    Sleutel Verwijdert : HKLM\Software\PIP
    Sleutel Verwijdert : HKLM\Software\SweetIM
    Sleutel Verwijdert : HKLM\Software\Tarma Installer
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]

    ***** [Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Het register bevat geen enkele ongeoorloofde invoer.

    -\\ Mozilla Firefox v17.0.1 (nl)

    File : C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\prefs.js

    Verwijdert : user_pref("extensions.freecorder@freecorder.com.menuitems", "[{\"name\":\"Freecorder Menu Header\",\[…]

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [2083 octets] - [15/12/2012 13:41:44]
    AdwCleaner[S2].txt - [3712 octets] - [04/01/2013 16:49:34]

    ########## EOF - C:\AdwCleaner[S2].txt - [3772 octets] ##########

    en hier OTL.txt

    OTL logfile created on: 4-1-2013 16:59:54 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ultimate\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,43% Memory free
    6,50 Gb Paging File | 5,18 Gb Available in Paging File | 79,80% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232,79 Gb Total Space | 192,10 Gb Free Space | 82,52% Space Free | Partition Type: NTFS
    Drive X: | 465,73 Gb Total Space | 245,77 Gb Free Space | 52,77% Space Free | Partition Type: NTFS
    Drive Z: | 298,09 Gb Total Space | 236,63 Gb Free Space | 79,38% Space Free | Partition Type: NTFS

    Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:bce0fd248f]

    PRC - [2013-01-04 16:52:11 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.exe
    PRC - [2012-12-24 16:32:54 | 000,225,552 | —- | M] () – C:\Program Files\Macrium\Reflect\ReflectService.exe
    PRC - [2012-12-11 21:04:42 | 001,818,040 | —- | M] (Adobe Systems, Inc.) – C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_108.exe
    PRC - [2012-11-29 09:26:08 | 000,916,960 | —- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012-10-10 13:44:26 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2012-10-10 13:44:11 | 000,465,360 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2012-10-10 13:44:05 | 000,348,664 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012-10-10 13:44:05 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012-10-09 14:10:52 | 002,447,440 | —- | M] (Check Point Software Technologies LTD) – C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2012-10-09 13:41:08 | 000,073,392 | —- | M] (Check Point Software Technologies LTD) – C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2012-10-04 15:57:58 | 000,271,360 | —- | M] (Microsoft Corporation) – C:\Windows\System32\conhost.exe
    PRC - [2012-09-27 14:07:48 | 000,080,336 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012-08-30 12:03:36 | 000,497,320 | —- | M] (Check Point Software Technologies) – C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2012-08-30 12:03:12 | 000,738,984 | —- | M] (Check Point Software Technologies) – C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2012-08-28 06:41:08 | 000,092,632 | —- | M] (TomTom) – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012-07-25 09:46:44 | 001,326,176 | —- | M] (Secunia) – C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2012-07-25 09:46:42 | 000,572,000 | —- | M] (Secunia) – C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2012-04-06 03:16:24 | 000,451,072 | —- | M] (AMD) – C:\Windows\System32\atieclxx.exe
    PRC - [2012-04-06 03:15:50 | 000,217,600 | —- | M] (AMD) – C:\Windows\System32\atiesrxx.exe
    PRC - [2012-04-05 20:56:18 | 000,291,840 | —- | M] (Advanced Micro Devices, Inc.) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    PRC - [2011-10-21 21:47:12 | 000,023,176 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) – C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    PRC - [2011-10-21 21:47:04 | 000,060,552 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) – C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    PRC - [2011-02-25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
    PRC - [2010-04-02 10:18:54 | 001,185,112 | —- | M] (CANON INC.) – C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2010-03-24 18:50:00 | 002,516,296 | —- | M] (CANON INC.) – C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2010-03-15 11:24:06 | 000,560,792 | —- | M] (CrossLoop Inc) – C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe
    PRC - [2008-09-16 11:03:18 | 000,169,312 | —- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    PRC - [2007-11-14 20:46:00 | 000,131,072 | —- | M] (Brio) – C:\Program Files\FolderSize\FolderSizeSvc.exe
    PRC - [2007-08-20 09:42:23 | 000,495,616 | —- | M] (Gadwin Systems, Inc) – C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    PRC - [2003-11-06 09:18:13 | 004,393,984 | —- | M] (eCOSM) – C:\Program Files\MailWasher Pro\MailWasher.exe


    ========== Modules (No Company Name) ==========[/color:bce0fd248f]

    MOD - [2012-12-11 21:04:42 | 014,711,736 | —- | M] () – C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_108.dll
    MOD - [2012-11-29 09:26:21 | 002,397,152 | —- | M] () – C:\Program Files\Mozilla Firefox\mozjs.dll


    ========== Services (SafeList) ==========[/color:bce0fd248f]

    SRV - [2012-12-24 16:32:54 | 000,225,552 | —- | M] () [Auto | Running] – C:\Program Files\Macrium\Reflect\ReflectService.exe – (ReflectService.exe)
    SRV - [2012-12-11 21:04:53 | 000,250,808 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-11-29 00:52:16 | 000,115,168 | —- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
    SRV - [2012-10-10 13:44:26 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\sched.exe – (AntiVirSchedulerService)
    SRV - [2012-10-10 13:44:11 | 000,465,360 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe – (AntiVirWebService)
    SRV - [2012-10-10 13:44:05 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avguard.exe – (AntiVirService)
    SRV - [2012-10-09 14:10:52 | 002,447,440 | —- | M] (Check Point Software Technologies LTD) [Auto | Running] – C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe – (vsmon)
    SRV - [2012-08-30 12:03:36 | 000,497,320 | —- | M] (Check Point Software Technologies) [Auto | Running] – C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe – (IswSvc)
    SRV - [2012-08-28 06:41:08 | 000,092,632 | —- | M] (TomTom) [Auto | Running] – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe – (TomTomHOMEService)
    SRV - [2012-07-25 09:46:44 | 001,326,176 | —- | M] (Secunia) [Auto | Running] – C:\Program Files\Secunia\PSI\psia.exe – (Secunia PSI Agent)
    SRV - [2012-07-25 09:46:42 | 000,681,056 | —- | M] (Secunia) [Auto | Stopped] – C:\Program Files\Secunia\PSI\sua.exe – (Secunia Update Agent)
    SRV - [2012-06-05 11:26:51 | 001,343,400 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)
    SRV - [2012-04-24 11:31:23 | 000,651,720 | —- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
    SRV - [2012-04-06 03:15:50 | 000,217,600 | —- | M] (AMD) [Auto | Running] – C:\Windows\System32\atiesrxx.exe – (AMD External Events Utility)
    SRV - [2012-04-05 20:56:18 | 000,291,840 | —- | M] (Advanced Micro Devices, Inc.) [Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe – (AMD FUEL Service)
    SRV - [2011-10-21 21:47:12 | 000,023,176 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] – C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe – (Guard Agent)
    SRV - [2011-10-21 21:47:04 | 000,060,552 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] – C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe – (EaseUS Agent)
    SRV - [2010-03-15 11:24:06 | 000,560,792 | —- | M] (CrossLoop Inc) [Auto | Running] – C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe – (CrossLoopService)
    SRV - [2009-07-14 02:16:13 | 000,025,088 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
    SRV - [2009-07-14 02:15:41 | 000,680,960 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV - [2008-09-16 11:03:18 | 000,169,312 | —- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe – (AdobeActiveFileMonitor7.0)
    SRV - [2007-11-14 20:46:00 | 000,131,072 | —- | M] (Brio) [Auto | Running] – C:\Program Files\FolderSize\FolderSizeSvc.exe – (FolderSize)


    ========== Driver Services (SafeList) ==========[/color:bce0fd248f]

    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Users\Ultimate\AppData\Local\Temp\catchme.sys – (catchme)
    DRV - [2012-12-24 16:34:12 | 000,016,656 | —- | M] (Macrium Software) [Kernel | Boot | Running] – C:\Windows\System32\drivers\pssnap.sys – (pssnap)
    DRV - [2012-10-09 15:10:44 | 000,021,520 | —- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] – c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys – (RapportIaso)
    DRV - [2012-09-27 14:07:48 | 000,137,928 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\avipbb.sys – (avipbb)
    DRV - [2012-09-27 14:07:48 | 000,083,392 | —- | M] (Avira GmbH) [File_System | Auto | Running] – C:\Windows\System32\drivers\avgntflt.sys – (avgntflt)
    DRV - [2012-09-27 14:07:48 | 000,036,000 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\avkmgr.sys – (avkmgr)
    DRV - [2012-08-30 12:03:48 | 000,027,056 | —- | M] (Check Point Software Technologies) [Kernel | Auto | Running] – C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys – (ISWKL)
    DRV - [2012-08-27 15:50:24 | 000,028,520 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\ssmdrv.sys – (ssmdrv)
    DRV - [2012-08-23 15:44:32 | 000,014,848 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\rdpvideominiport.sys – (RdpVideoMiniport)
    DRV - [2012-08-23 15:41:34 | 000,027,136 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbGD.sys – (TsUsbGD)
    DRV - [2012-08-23 15:40:25 | 000,049,664 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbFlt.sys – (TsUsbFlt)
    DRV - [2012-04-06 06:21:10 | 009,334,784 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmdag.sys – (amdkmdag)
    DRV - [2012-04-06 02:10:22 | 000,275,968 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmpag.sys – (amdkmdap)
    DRV - [2012-03-05 15:04:30 | 000,045,184 | —- | M] (Advanced Micro Devices) [Kernel | Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys – (AODDriver4.1)
    DRV - [2012-02-23 13:31:58 | 000,086,544 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\AtihdW73.sys – (AtiHDAudioService)
    DRV - [2011-10-21 21:46:56 | 000,185,480 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] – C:\Windows\System32\drivers\EuFdDisk.sys – (EUFDDISK)
    DRV - [2011-10-21 21:46:54 | 000,043,656 | —- | M] () [Kernel | Boot | Running] – C:\Windows\System32\drivers\EUBKMON.sys – (EUBKMON)
    DRV - [2011-10-21 21:46:48 | 000,017,032 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] – C:\Windows\System32\drivers\eudskacs.sys – (EUDSKACS)
    DRV - [2011-10-21 21:46:46 | 000,039,560 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] – C:\Windows\System32\drivers\eubakup.sys – (EUBAKUP)
    DRV - [2011-10-13 12:06:14 | 000,441,608 | —- | M] (Paragon) [Kernel | System | Stopped] – C:\Windows\System32\drivers\Uim_IM.sys – (Uim_IM)
    DRV - [2011-10-13 12:06:14 | 000,277,576 | —- | M] (Paragon) [Kernel | System | Stopped] – C:\Windows\System32\drivers\Uim_Vim.sys – (Uim_Vim)
    DRV - [2011-10-13 12:06:14 | 000,045,240 | —- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] – C:\Windows\System32\drivers\UimBus.sys – (UimBus)
    DRV - [2011-05-07 16:51:28 | 000,455,256 | —- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] – C:\Windows\System32\drivers\vsdatant.sys – (Vsdatant)
    DRV - [2011-02-16 16:52:46 | 000,011,520 | —- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\wdcsam.sys – (WDC_SAM)
    DRV - [2010-11-20 13:30:18 | 000,172,416 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vpchbus.sys – (vpcbus)
    DRV - [2010-11-20 11:50:40 | 000,078,336 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vpcusb.sys – (vpcusb)
    DRV - [2010-09-01 09:30:58 | 000,015,544 | —- | M] (Secunia) [File_System | On_Demand | Running] – C:\Windows\System32\drivers\psi_mf.sys – (PSI)
    DRV - [2010-02-18 08:18:22 | 000,037,944 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\amdiox86.sys – (amdiox86)
    DRV - [2009-12-30 10:21:18 | 000,027,192 | —- | M] (VS Revo Group) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\revoflt.sys – (Revoflt)


    ========== Standard Registry (SafeList) ==========[/color:bce0fd248f]


    ========== Internet Explorer ==========[/color:bce0fd248f]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 E8 16 5C 95 A3 CD 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKCU\..\SearchScopes,DefaultScope =
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{2981EB21-784D-4A7B-9612-BCC88F674D43}: "URL" = http://websearch.ask.com
    edirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=919B9990-A3B3-4B9F-974B-9E29B15D57B2&apn_sauid=C2C86A11-E584-403E-8117-CAD09669BD98
    IE - HKCU\..\SearchScopes\{2B97F5CE-2B2B-4D47-B790-975908FCD852}: "URL" = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115135798154785-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=3c26e9ca00000000000000252243cb72&q={searchTerms}&r=125
    IE - HKCU\..\SearchScopes\{B6153D8F-0AD9-4528-ABC2-A94F8DCC9D11}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKCU\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp&p={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========[/color:bce0fd248f]

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.nl"
    FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.0.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_108.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin
    pFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins
    pFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin
    pgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3
    pPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32
    pDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat
    pWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC
    pvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC
    pvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-10-15 17:30:42 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-10 14:58:54 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012-10-03 12:04:41 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions
    [2012-04-28 15:02:25 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2013-01-03 19:32:03 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Firefox\Profiles\7ailpn14.default\extensions
    [2012-12-27 15:16:26 | 000,194,265 | —- | M] () (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
    [2012-12-08 09:56:27 | 000,001,074 | —- | M] () – C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\searchplugins\produtools-manuals-21-customized-web-search.xml
    [2012-10-15 17:29:36 | 000,001,498 | —- | M] () – C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\searchplugins\zonealarm.xml
    [2013-01-04 16:49:35 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions
    [2012-11-29 09:26:57 | 000,262,112 | —- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012-11-29 09:56:45 | 000,002,465 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012-11-29 09:56:45 | 000,002,616 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
    [2012-11-29 09:56:45 | 000,004,771 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2012-11-29 09:56:45 | 000,001,262 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

    ========== Chrome ==========[/color:bce0fd248f]

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_500_104.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
    CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin
    pFFApi.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins
    pFoxitReaderPlugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3
    pPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123
    pGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0
    pctrl.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC
    pvlc.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat
    pWatWeb.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32
    pDeployJava1.dll
    CHR - Extension: YouTube = C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Zoeken = C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-12-10 08:23:52 | 000,000,027 | —- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKCU..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - HKCU..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKCU..\Run: [MailWasher] C:\Program Files\MailWasher Pro\MailWasher.exe (eCOSM)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D5CE26-332D-432B-B622-E97B7F631628}: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | —- | M] () - C:\autoexec.bat – [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpFolder: C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasher.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpReg: [b:bce0fd248f]BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}[/b:bce0fd248f] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b:bce0fd248f]EaseUs Tray[/b:bce0fd248f] - hkey= - key= - C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    MsConfig - StartUpReg: [b:bce0fd248f]EaseUs Watch[/b:bce0fd248f] - hkey= - key= - C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    MsConfig - StartUpReg: [b:bce0fd248f]EMET Notifier[/b:bce0fd248f] - hkey= - key= - C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
    MsConfig - StartUpReg: [b:bce0fd248f]MailWasher[/b:bce0fd248f] - hkey= - key= - C:\Program Files\MailWasher Pro\MailWasher.exe (eCOSM)
    MsConfig - StartUpReg: [b:bce0fd248f]Malwarebytes Anti-Malware (reboot)[/b:bce0fd248f] - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    MsConfig - StartUpReg: [b:bce0fd248f]NeroFilterCheck[/b:bce0fd248f] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b:bce0fd248f]StartCCC[/b:bce0fd248f] - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    MsConfig - StartUpReg: [b:bce0fd248f]TomTomHOME.exe[/b:bce0fd248f] - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========[/color:bce0fd248f]

    [2013-01-04 16:52:06 | 000,602,112 | —- | C] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.exe
    [2013-01-03 19:24:06 | 000,000,000 | —D | C] – C:\Program Files\Unlocker
    [2013-01-03 19:24:01 | 000,000,000 | —D | C] – C:\Program Files\sweetpacks bundle uninstaller
    [2013-01-03 14:51:12 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
    [2013-01-03 14:51:12 | 000,000,000 | —D | C] – C:\Program Files\Macrium
    [2013-01-03 09:16:35 | 000,000,000 | —D | C] – C:\Users\Ultimate\Desktop\Frank henry 2012
    [2013-01-02 15:56:43 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Adobe
    [2013-01-02 09:19:04 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\InfraRecorder
    [2013-01-02 09:19:03 | 000,000,000 | —D | C] – C:\Program Files\InfraRecorder
    [2012-12-31 16:43:53 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Freecorder 7 Video
    [2012-12-31 16:39:41 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Freecorder 7 Video
    [2012-12-31 16:39:41 | 000,000,000 | —D | C] – C:\Users\Ultimate\Documents\Freecorder
    [2012-12-31 16:39:40 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Jaksta_Technologies_Pty_L
    [2012-12-31 16:28:12 | 000,000,000 | —D | C] – C:\Program Files\Applian Technologies
    [2012-12-30 11:30:54 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
    [2012-12-30 09:34:10 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012-12-29 09:27:03 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Programs
    [2012-12-28 18:24:04 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHP 5
    [2012-12-27 12:07:17 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Research
    [2012-12-27 12:07:17 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
    [2012-12-26 16:03:42 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Systweak
    [2012-12-26 16:03:37 | 000,018,360 | —- | C] (Systweak Inc., (www.systweak.com)) – C:\Windows\System32\roboot.exe
    [2012-12-25 11:40:40 | 000,290,816 | —- | C] (CANON INC.) – C:\Windows\System32\CNMLMAE.DLL
    [2012-12-24 21:02:06 | 000,000,000 | —D | C] – C:\Windows\MiniDump
    [2012-12-24 16:34:36 | 000,013,584 | —- | C] (Paramount Software UK Ltd) – C:\Windows\System32\drivers\PSVolAcc.sys
    [2012-12-24 16:34:12 | 000,016,656 | —- | C] (Macrium Software) – C:\Windows\System32\drivers\pssnap.sys
    [2012-12-24 10:50:54 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{390D465F-C6CB-4519-8680-829DB952F43F}
    [2012-12-24 10:50:53 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{38C384D2-FCEC-4690-A87B-175291B9F149}
    [2012-12-24 10:32:25 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\AVS4YOU
    [2012-12-24 10:31:47 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
    [2012-12-24 10:31:36 | 000,000,000 | —D | C] – C:\Program Files\Common Files\AVSMedia
    [2012-12-24 10:31:30 | 001,700,352 | —- | C] (Microsoft Corporation) – C:\Windows\System32\GdiPlus.dll
    [2012-12-24 10:31:30 | 000,024,576 | —- | C] (Microsoft Corporation) – C:\Windows\System32\msxml3a.dll
    [2012-12-24 10:31:30 | 000,000,000 | —D | C] – C:\ProgramData\AVS4YOU
    [2012-12-24 10:31:30 | 000,000,000 | —D | C] – C:\Program Files\AVS4YOU
    [2012-12-23 19:24:28 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Rsolutions
    [2012-12-23 19:24:28 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Rsolutions
    [2012-12-23 19:24:14 | 000,000,000 | —D | C] – C:\Program Files\Rsolutions
    [2012-12-22 11:25:13 | 000,000,000 | —D | C] – C:\ProgramData\CanonIJ
    [2012-12-22 11:12:46 | 000,000,000 | -H-D | C] – C:\ProgramData\CanonIJSolutionMenuEX
    [2012-12-22 11:12:24 | 000,000,000 | -H-D | C] – C:\ProgramData\CanonIJMyPrinter
    [2012-12-22 11:10:11 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG5200 series
    [2012-12-22 11:10:00 | 000,000,000 | —D | C] – C:\ProgramData\CanonIJWSpt
    [2012-12-22 11:05:04 | 000,000,000 | -H-D | C] – C:\ProgramData\CanonBJ
    [2012-12-22 11:04:55 | 000,000,000 | -H-D | C] – C:\Windows\System32\CanonIJ Uninstaller Information
    [2012-12-22 11:04:55 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series
    [2012-12-22 11:04:52 | 001,335,296 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200C.dll
    [2012-12-22 11:04:52 | 000,307,200 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200L.dll
    [2012-12-22 11:04:52 | 000,114,688 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200I.dll
    [2012-12-22 11:04:52 | 000,106,496 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200U.dll
    [2012-12-22 11:04:27 | 000,180,224 | —- | C] (CANON INC.) – C:\Windows\System32\CNMIUAE.DLL
    [2012-12-22 11:04:19 | 000,000,000 | -H-D | C] – C:\Program Files\CanonBJ
    [2012-12-21 14:09:03 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{5905F944-0B86-40E0-A848-10EB83461BE4}
    [2012-12-21 13:55:15 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{CAFCC7C0-D5B7-4657-A948-5D0ABA30474D}
    [2012-12-21 13:54:53 | 000,000,000 | —D | C] – C:\Users\Ultimate\Tracing
    [2012-12-21 13:50:25 | 000,000,000 | —D | C] – C:\Program Files\Microsoft
    [2012-12-21 13:24:57 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{4EB7351A-F1F7-4241-85A5-B3CB77ECA4B3}
    [2012-12-21 13:07:05 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{074E1B51-A9AA-48E3-9A26-4563DF45F19E}
    [2012-12-21 12:36:27 | 000,515,416 | —- | C] (Microsoft Corporation) – C:\Windows\System32\XAudio2_5.dll
    [2012-12-21 12:36:27 | 000,069,464 | —- | C] (Microsoft Corporation) – C:\Windows\System32\XAPOFX1_3.dll
    [2012-12-21 12:36:26 | 000,453,456 | —- | C] (Microsoft Corporation) – C:\Windows\System32\d3dx10_42.dll
    [2012-12-21 12:35:57 | 003,426,072 | —- | C] (Microsoft Corporation) – C:\Windows\System32\d3dx9_32.dll
    [2012-12-21 10:21:16 | 000,295,424 | —- | C] (Adobe Systems Incorporated) – C:\Windows\System32\atmfd.dll
    [2012-12-21 10:21:16 | 000,034,304 | —- | C] (Adobe Systems) – C:\Windows\System32\atmlib.dll
    [2012-12-20 16:05:33 | 000,000,000 | —D | C] – C:\ProgramData\YTD Video Downloader
    [2012-12-20 08:49:49 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Google
    [2012-12-19 15:09:42 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\RawTherapee3.0.1
    [2012-12-19 10:47:31 | 000,000,000 | —D | C] – C:\Windows\ERUNT
    [2012-12-19 10:47:08 | 000,000,000 | —D | C] – C:\JRT
    [2012-12-18 17:53:19 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012-12-18 17:50:04 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [2012-12-15 14:58:48 | 000,000,000 | R–D | C] – C:\Users\Ultimate\SkyDrive
    [2012-12-15 14:58:48 | 000,000,000 | —D | C] – C:\Program Files\Microsoft SkyDrive
    [2012-12-15 14:58:39 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft SkyDrive
    [2012-12-15 14:56:17 | 000,000,000 | RH-D | C] – C:\MSOCache
    [2012-12-15 14:50:57 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Office 15
    [2012-12-13 15:52:16 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{D5332439-95DB-43D5-838D-DB76758C758D}
    [2012-12-13 15:04:11 | 000,000,000 | —D | C] – C:\Windows\Migration
    [2012-12-13 15:02:15 | 000,012,800 | —- | C] (Microsoft Corporation) – C:\Windows\System32\Register-CimProvider.exe
    [2012-12-13 15:02:13 | 000,001,536 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrsmgr.dll
    [2012-12-13 15:02:09 | 000,042,496 | —- | C] (Microsoft Corporation) – C:\Windows\System32\pwrshplugin.dll
    [2012-12-13 15:02:08 | 000,039,936 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrs.exe
    [2012-12-13 15:02:08 | 000,020,480 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrshost.exe
    [2012-12-13 15:02:08 | 000,010,240 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wsmplpxy.dll
    [2012-12-13 15:02:08 | 000,009,728 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrssrv.dll
    [2012-12-13 15:02:06 | 000,083,456 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wevtfwd.dll
    [2012-12-13 15:02:06 | 000,078,336 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wecutil.exe
    [2012-12-13 15:02:06 | 000,061,440 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wecapi.dll
    [2012-12-13 15:02:06 | 000,060,416 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmRes.dll
    [2012-12-13 15:02:06 | 000,059,904 | —- | C] (Microsoft Corporation) – C:\Windows\System32\prvdmofcomp.dll
    [2012-12-13 15:02:06 | 000,036,352 | —- | C] (Microsoft Corporation) – C:\Windows\System32\PSModuleDiscoveryProvider.dll
    [2012-12-13 15:02:06 | 000,021,504 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmAgent.dll
    [2012-12-13 15:02:05 | 000,089,088 | —- | C] (Microsoft Corporation) – C:\Windows\System32\mi.dll
    [2012-12-13 15:02:05 | 000,035,840 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wsmprovhost.exe
    [2012-12-13 15:02:05 | 000,030,208 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WSManHTTPConfig.exe
    [2012-12-13 15:02:04 | 000,172,544 | —- | C] (Microsoft Corporation) – C:\Windows\System32\miutils.dll
    [2012-12-13 15:02:04 | 000,154,112 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wmitomi.dll
    [2012-12-13 15:02:04 | 000,124,416 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wmidcom.dll
    [2012-12-13 15:01:58 | 000,192,512 | —- | C] (Microsoft Corporation) – C:\Windows\System32\framedynos.dll
    [2012-12-13 15:01:58 | 000,189,952 | —- | C] (Microsoft Corporation) – C:\Windows\System32\framedyn.dll
    [2012-12-13 15:01:57 | 000,526,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmGCDeps.dll
    [2012-12-13 15:01:57 | 000,227,328 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmWmiPl.dll
    [2012-12-13 15:01:57 | 000,138,752 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmAuto.dll
    [2012-12-13 15:01:57 | 000,092,160 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrscmd.dll
    [2012-12-13 15:01:57 | 000,056,832 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WSManMigrationPlugin.dll
    [2012-12-13 15:01:56 | 000,382,464 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wbemcomn2.dll
    [2012-12-13 09:38:45 | 000,000,000 | —D | C] – C:\ProgramData\MSScanAppDataDir
    [2012-12-13 09:21:17 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012-12-13 09:20:51 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DESIGNER
    [2012-12-12 08:52:14 | 002,382,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\mshtml.tlb
    [2012-12-12 08:52:14 | 000,176,640 | —- | C] (Microsoft Corporation) – C:\Windows\System32\ieui.dll
    [2012-12-12 08:52:14 | 000,065,024 | —- | C] (Microsoft Corporation) – C:\Windows\System32\jsproxy.dll
    [2012-12-12 08:52:13 | 001,800,704 | —- | C] (Microsoft Corporation) – C:\Windows\System32\jscript9.dll
    [2012-12-12 08:52:13 | 000,607,744 | —- | C] (Microsoft Corporation) – C:\Windows\System32\msfeeds.dll
    [2012-12-12 08:52:13 | 000,231,936 | —- | C] (Microsoft Corporation) – C:\Windows\System32\url.dll
    [2012-12-12 08:52:13 | 000,142,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\ieUnatt.exe
    [2012-12-12 08:52:12 | 001,427,968 | —- | C] (Microsoft Corporation) – C:\Windows\System32\inetcpl.cpl
    [2012-12-12 08:33:36 | 002,345,984 | —- | C] (Microsoft Corporation) – C:\Windows\System32\win32k.sys
    [2012-12-12 08:33:28 | 000,271,360 | —- | C] (Microsoft Corporation) – C:\Windows\System32\conhost.exe
    [2012-12-12 08:33:28 | 000,169,984 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winsrv.dll
    [2012-12-12 08:33:28 | 000,006,144 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,005,120 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    [2012-12-12 08:33:20 | 000,376,832 | —- | C] (Microsoft Corporation) – C:\Windows\System32\dpnet.dll
    [2012-12-12 08:33:14 | 000,002,048 | —- | C] (Microsoft Corporation) – C:\Windows\System32\tzres.dll
    [2012-12-11 03:34:47 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
    [2012-12-11 03:34:40 | 000,000,000 | —D | C] – C:\Program Files\Microsoft IntelliType Pro
    [2012-12-10 14:58:55 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Maintenance Service
    [2012-12-10 14:54:28 | 000,000,000 | —D | C] – C:\Windows\System32\%LOCALAPPDATA%
    [2012-12-10 11:08:42 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Office
    [2012-12-10 10:39:08 | 000,000,000 | -HSD | C] – C:\Config.Msi
    [2012-12-10 10:35:44 | 000,000,000 | —D | C] – C:\Program Files\Common Files\ODBC
    [2012-12-10 10:33:46 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Microsoft Help
    [2012-12-10 10:33:44 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft Help
    [2012-12-10 08:28:12 | 000,000,000 | -HSD | C] – C:\$RECYCLE.BIN
    [2012-12-10 07:55:49 | 000,518,144 | —- | C] (SteelWerX) – C:\Windows\SWREG.exe
    [2012-12-10 07:55:49 | 000,406,528 | —- | C] (SteelWerX) – C:\Windows\SWSC.exe
    [2012-12-10 07:55:49 | 000,060,416 | —- | C] (NirSoft) – C:\Windows\NIRCMD.exe
    [2012-12-10 07:55:27 | 000,000,000 | –SD | C] – C:\ComboFix
    [2012-12-10 07:54:18 | 000,000,000 | —D | C] – C:\Windows\erdnt
    [2012-12-06 18:31:06 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Avira
    [2012-12-06 18:25:38 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2012-12-06 18:24:49 | 000,028,520 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\ssmdrv.sys
    [2012-12-06 18:24:48 | 000,137,928 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\avipbb.sys
    [2012-12-06 18:24:48 | 000,083,392 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\avgntflt.sys
    [2012-12-06 18:24:48 | 000,036,000 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\avkmgr.sys
    [2012-12-06 18:24:48 | 000,000,000 | —D | C] – C:\ProgramData\Avira
    [2012-12-06 18:24:48 | 000,000,000 | —D | C] – C:\Program Files\Avira
    [2012-12-06 18:11:54 | 000,000,000 | —D | C] – C:\Program Files\Common Files\G Data

    ========== Files - Modified Within 30 Days ==========[/color:bce0fd248f]

    [2013-01-04 16:59:23 | 000,021,472 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-01-04 16:59:23 | 000,021,472 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-01-04 16:57:28 | 000,000,245 | —- | M] () – C:\Users\Ultimate\Desktop\Computer!Totaal Bekijk onderwerp - hardnekkige toolbars.URL
    [2013-01-04 16:52:11 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.exe
    [2013-01-04 16:51:17 | 000,000,890 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-01-04 16:51:00 | 000,000,886 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-01-04 16:50:40 | 000,067,584 | –S- | M] () – C:\Windows\bootstat.dat
    [2013-01-04 16:49:16 | 000,551,997 | —- | M] () – C:\Users\Ultimate\Desktop\adwcleaner.exe
    [2013-01-04 16:49:00 | 000,000,940 | —- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-01-04 16:30:17 | 000,023,020 | —- | M] () – C:\Users\Ultimate\Desktop\No. 003.jpg
    [2013-01-04 16:30:01 | 000,054,119 | —- | M] () – C:\Users\Ultimate\Desktop\No. 002.jpg
    [2013-01-04 09:51:30 | 000,745,966 | —- | M] () – C:\Windows\System32\perfh013.dat
    [2013-01-04 09:51:30 | 000,654,880 | —- | M] () – C:\Windows\System32\perfh009.dat
    [2013-01-04 09:51:30 | 000,153,248 | —- | M] () – C:\Windows\System32\perfc013.dat
    [2013-01-04 09:51:30 | 000,121,752 | —- | M] () – C:\Windows\System32\perfc009.dat
    [2013-01-04 09:16:42 | 000,011,102 | —- | M] () – C:\Users\Ultimate\Desktop\No. 001.jpg
    [2013-01-03 21:07:00 | 000,000,069 | —- | M] () – C:\Windows\System32\4
    [2013-01-02 16:14:13 | 1924,001,769 | —- | M] () – C:\Users\Ultimate\Desktop\The Ultimate Lightroom 4 Experience.mp4
    [2012-12-30 15:18:55 | 315,597,172 | —- | M] () – C:\Windows\MEMORY.DMP
    [2012-12-28 16:19:26 | 000,000,436 | —- | M] () – C:\Users\Ultimate\Desktop\Google.website
    [2012-12-27 15:40:00 | 000,000,020 | —- | M] () – C:\Windows\8õ¸
    [2012-12-25 10:40:48 | 000,001,068 | —- | M] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2012-12-24 16:34:36 | 000,013,584 | —- | M] (Paramount Software UK Ltd) – C:\Windows\System32\drivers\PSVolAcc.sys
    [2012-12-24 16:34:12 | 000,016,656 | —- | M] (Macrium Software) – C:\Windows\System32\drivers\pssnap.sys
    [2012-12-24 16:33:14 | 000,055,056 | —- | M] () – C:\Windows\System32\drivers\psmounterex.sys
    [2012-12-21 13:11:25 | 000,000,020 | —- | M] () – C:\Windows\hô¬
    [2012-12-21 12:07:11 | 000,444,368 | —- | M] () – C:\Windows\System32\FNTCACHE.DAT
    [2012-12-19 15:14:04 | 000,000,218 | —- | M] () – C:\Users\Ultimate\.recently-used.xbel
    [2012-12-18 17:53:19 | 000,002,170 | —- | M] () – C:\Users\Public\Desktop\Google Earth.lnk
    [2012-12-17 19:59:56 | 000,002,055 | —- | M] () – C:\Users\Public\Desktop\Lightroom 4.3.lnk
    [2012-12-16 15:13:28 | 000,295,424 | —- | M] (Adobe Systems Incorporated) – C:\Windows\System32\atmfd.dll
    [2012-12-16 15:13:20 | 000,034,304 | —- | M] (Adobe Systems) – C:\Windows\System32\atmlib.dll
    [2012-12-16 10:49:58 | 000,001,107 | —- | M] () – C:\Users\Ultimate\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
    [2012-12-15 16:38:01 | 000,002,719 | —- | M] () – C:\Users\Ultimate\Desktop\Microsoft Office Outlook 2003.lnk
    [2012-12-15 16:38:01 | 000,002,683 | —- | M] () – C:\Users\Ultimate\Desktop\Microsoft Office Word 2003.lnk
    [2012-12-15 16:38:01 | 000,002,669 | —- | M] () – C:\Users\Ultimate\Desktop\Microsoft Office Excel 2003.lnk
    [2012-12-15 16:38:01 | 000,002,657 | —- | M] () – C:\Users\Ultimate\Desktop\Microsoft Office PowerPoint 2003.lnk
    [2012-12-15 12:41:09 | 000,004,850 | —- | M] () – C:\Users\Ultimate\intlname.ols
    [2012-12-14 16:49:28 | 000,021,104 | —- | M] (Malwarebytes Corporation) – C:\Windows\System32\drivers\mbam.sys
    [2012-12-13 18:22:49 | 000,038,437 | —- | M] () – C:\Users\Ultimate\AppData\Roaming\Microsoft Excel.ADR
    [2012-12-13 09:21:54 | 000,000,392 | —- | M] () – C:\Windows\ODBC.INI
    [2012-12-11 21:04:42 | 000,691,128 | —- | M] (Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerApp.exe
    [2012-12-11 21:04:42 | 000,070,584 | —- | M] (Adobe Systems Incorporated) – C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2012-12-10 15:33:54 | 000,002,559 | —- | M] () – C:\Windows\diagwrn.xml
    [2012-12-10 15:33:54 | 000,001,908 | —- | M] () – C:\Windows\diagerr.xml
    [2012-12-10 14:59:00 | 000,001,109 | —- | M] () – C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012-12-10 12:01:22 | 000,018,360 | —- | M] (Systweak Inc., (www.systweak.com)) – C:\Windows\System32\roboot.exe
    [2012-12-10 08:23:52 | 000,000,027 | —- | M] () – C:\Windows\System32\drivers\etc\hosts
    [2012-12-09 19:28:09 | 000,001,919 | —- | M] () – C:\Users\Ultimate\Desktop\Update Checker.lnk

    ========== Files Created - No Company Name ==========[/color:bce0fd248f]

    [2013-01-04 16:57:28 | 000,000,245 | —- | C] () – C:\Users\Ultimate\Desktop\Computer!Totaal Bekijk onderwerp - hardnekkige toolbars.URL
    [2013-01-04 16:49:11 | 000,551,997 | —- | C] () – C:\Users\Ultimate\Desktop\adwcleaner.exe
    [2013-01-04 16:30:17 | 000,023,020 | —- | C] () – C:\Users\Ultimate\Desktop\No. 003.jpg
    [2013-01-04 16:30:01 | 000,054,119 | —- | C] () – C:\Users\Ultimate\Desktop\No. 002.jpg
    [2013-01-04 09:16:42 | 000,011,102 | —- | C] () – C:\Users\Ultimate\Desktop\No. 001.jpg
    [2013-01-03 21:07:00 | 000,000,069 | —- | C] () – C:\Windows\System32\4
    [2013-01-02 16:11:14 | 1924,001,769 | —- | C] () – C:\Users\Ultimate\Desktop\The Ultimate Lightroom 4 Experience.mp4
    [2012-12-30 15:18:55 | 315,597,172 | —- | C] () – C:\Windows\MEMORY.DMP
    [2012-12-27 15:40:00 | 000,000,020 | —- | C] () – C:\Windows\8õ¸
    [2012-12-25 10:40:48 | 000,001,068 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
    [2012-12-25 10:40:48 | 000,001,031 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
    [2012-12-24 16:33:14 | 000,055,056 | —- | C] () – C:\Windows\System32\drivers\psmounterex.sys
    [2012-12-21 13:11:25 | 000,000,020 | —- | C] () – C:\Windows\hô¬
    [2012-12-19 15:14:04 | 000,000,218 | —- | C] () – C:\Users\Ultimate\.recently-used.xbel
    [2012-12-18 17:53:19 | 000,002,170 | —- | C] () – C:\Users\Public\Desktop\Google Earth.lnk
    [2012-12-17 19:59:57 | 000,002,067 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 4.3.lnk
    [2012-12-17 19:59:56 | 000,002,055 | —- | C] () – C:\Users\Public\Desktop\Lightroom 4.3.lnk
    [2012-12-13 15:02:13 | 000,004,148 | —- | C] () – C:\Windows\System32\psmodulediscoveryprovider.mof
    [2012-12-13 15:02:11 | 000,004,675 | —- | C] () – C:\Windows\System32\wsmanconfig_schema.xml
    [2012-12-13 15:01:59 | 000,204,105 | —- | C] () – C:\Windows\System32\winrm.vbs
    [2012-12-13 09:28:03 | 000,002,719 | —- | C] () – C:\Users\Ultimate\Desktop\Microsoft Office Outlook 2003.lnk
    [2012-12-13 09:28:03 | 000,002,683 | —- | C] () – C:\Users\Ultimate\Desktop\Microsoft Office Word 2003.lnk
    [2012-12-13 09:28:03 | 000,002,669 | —- | C] () – C:\Users\Ultimate\Desktop\Microsoft Office Excel 2003.lnk
    [2012-12-13 09:28:03 | 000,002,657 | —- | C] () – C:\Users\Ultimate\Desktop\Microsoft Office PowerPoint 2003.lnk
    [2012-12-13 09:22:17 | 000,001,107 | —- | C] () – C:\Users\Ultimate\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook starten.lnk
    [2012-12-10 15:32:05 | 000,002,559 | —- | C] () – C:\Windows\diagwrn.xml
    [2012-12-10 15:32:05 | 000,001,908 | —- | C] () – C:\Windows\diagerr.xml
    [2012-12-10 14:59:00 | 000,001,121 | —- | C] () – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2012-12-10 14:59:00 | 000,001,109 | —- | C] () – C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2012-12-10 08:49:39 | 000,000,436 | —- | C] () – C:\Users\Ultimate\Desktop\Google.website
    [2012-12-10 07:55:49 | 000,256,000 | —- | C] () – C:\Windows\PEV.exe
    [2012-12-10 07:55:49 | 000,208,896 | —- | C] () – C:\Windows\MBR.exe
    [2012-12-10 07:55:49 | 000,098,816 | —- | C] () – C:\Windows\sed.exe
    [2012-12-10 07:55:49 | 000,080,412 | —- | C] () – C:\Windows\grep.exe
    [2012-12-10 07:55:49 | 000,068,096 | —- | C] () – C:\Windows\zip.exe
    [2012-12-09 19:28:09 | 000,001,949 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update Checker.lnk
    [2012-12-09 19:28:09 | 000,001,919 | —- | C] () – C:\Users\Ultimate\Desktop\Update Checker.lnk
    [2012-11-04 08:23:57 | 000,010,593 | —- | C] () – C:\Windows\CSTBox.INI
    [2012-09-23 14:26:59 | 000,000,193 | —- | C] () – C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2012-07-31 14:46:36 | 000,038,465 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (DOS).ADR
    [2012-07-09 07:22:23 | 000,007,605 | —- | C] () – C:\Users\Ultimate\AppData\Local\Resmon.ResmonCfg
    [2012-07-01 13:04:10 | 000,043,656 | —- | C] () – C:\Windows\System32\drivers\EUBKMON.sys
    [2012-04-27 18:26:55 | 000,022,728 | —- | C] () – C:\Windows\System32\emptyregdb.dat
    [2012-04-27 12:15:07 | 000,004,850 | —- | C] () – C:\Users\Ultimate\intlname.ols
    [2012-04-27 11:52:51 | 000,028,286 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door tabs gescheiden waarden (Windows).ADR
    [2012-04-27 11:30:47 | 000,028,245 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door tabs gescheiden waarden (DOS).ADR
    [2012-04-27 11:00:12 | 000,038,437 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Microsoft Excel.ADR
    [2012-04-26 18:17:13 | 000,000,035 | —- | C] () – C:\Windows\A4W.INI
    [2012-04-25 17:04:35 | 000,000,000 | —- | C] () – C:\Windows\ativpsrm.bin
    [2012-04-24 14:30:53 | 000,088,656 | —- | C] () – C:\Windows\System32\cpwmon2k.dll
    [2012-04-24 09:55:07 | 000,028,308 | —- | C] () – C:\Users\Ultimate\AppData\Roaming\Door lijstscheidingstekens gescheiden waarden (Windows).ADR
    [2012-04-24 09:38:23 | 000,000,392 | —- | C] () – C:\Windows\ODBC.INI
    [2012-04-24 09:05:55 | 000,000,663 | —- | C] () – C:\Windows\unins000.dat
    [2012-04-24 08:42:15 | 005,242,880 | —- | C] () – C:\Users\Ultimate
    tuser.bak
    [2012-04-05 21:34:22 | 000,159,232 | —- | C] () – C:\Windows\System32\clinfo.exe
    [2012-03-09 05:22:26 | 000,204,952 | —- | C] () – C:\Windows\System32\ativvsvl.dat
    [2012-03-09 05:22:26 | 000,157,144 | —- | C] () – C:\Windows\System32\ativvsva.dat
    [2012-01-31 06:00:24 | 000,016,896 | —- | C] () – C:\Windows\System32\kdbsdk32.dll
    [2012-01-10 22:10:08 | 000,601,728 | —- | C] () – C:\Windows\System32\atiicdxx.dat
    [2011-09-12 23:06:16 | 000,003,917 | —- | C] () – C:\Windows\System32\atipblag.dat
    [2011-06-15 16:54:34 | 000,009,525 | —- | C] () – C:\Users\Ultimate\huidig adresboek
    [2011-04-12 05:48:01 | 000,745,966 | —- | C] () – C:\Windows\System32\perfh013.dat
    [2011-04-12 05:48:01 | 000,341,322 | —- | C] () – C:\Windows\System32\perfi013.dat
    [2011-04-12 05:48:01 | 000,153,248 | —- | C] () – C:\Windows\System32\perfc013.dat
    [2011-04-12 05:48:01 | 000,043,068 | —- | C] () – C:\Windows\System32\perfd013.dat

    ========== ZeroAccess Check ==========[/color:bce0fd248f]

    [2009-07-14 05:42:31 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\S
  • ik zag dat ik de vinkjes vergeten was bij "scan all user", bij LOP check en bij Purity check.
    Ik hoor wel of ik iets over moet doen. heb nu 3 (identieke?) logbestanden van OTX verzameld.
  • Het log is niet compleet.
    En het tweede log mist dus ook.
  • ik krijg echt maar één txt bestand:
    OTL logfile created on: 4-1-2013 20:31:40 - Run 3
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ultimate\Desktop
    Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    3,25 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 64,22% Memory free
    6,50 Gb Paging File | 5,13 Gb Available in Paging File | 79,03% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 232,79 Gb Total Space | 191,83 Gb Free Space | 82,41% Space Free | Partition Type: NTFS
    Drive X: | 465,73 Gb Total Space | 245,77 Gb Free Space | 52,77% Space Free | Partition Type: NTFS
    Drive Z: | 298,09 Gb Total Space | 236,63 Gb Free Space | 79,38% Space Free | Partition Type: NTFS

    Computer Name: ULTIMATE-PC | User Name: Ultimate | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:e79c705cf7]

    PRC - [2013-01-04 16:52:11 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.exe
    PRC - [2012-12-24 16:32:54 | 000,225,552 | —- | M] () – C:\Program Files\Macrium\Reflect\ReflectService.exe
    PRC - [2012-12-11 21:04:42 | 001,818,040 | —- | M] (Adobe Systems, Inc.) – C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_6_602_108.exe
    PRC - [2012-11-29 09:26:08 | 000,916,960 | —- | M] (Mozilla Corporation) – C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2012-10-10 13:44:26 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2012-10-10 13:44:11 | 000,465,360 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
    PRC - [2012-10-10 13:44:05 | 000,348,664 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2012-10-10 13:44:05 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2012-10-09 14:10:52 | 002,447,440 | —- | M] (Check Point Software Technologies LTD) – C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
    PRC - [2012-10-09 13:41:08 | 000,073,392 | —- | M] (Check Point Software Technologies LTD) – C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
    PRC - [2012-10-04 15:57:58 | 000,271,360 | —- | M] (Microsoft Corporation) – C:\Windows\System32\conhost.exe
    PRC - [2012-09-27 14:07:48 | 000,080,336 | —- | M] (Avira Operations GmbH & Co. KG) – C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2012-08-30 12:03:36 | 000,497,320 | —- | M] (Check Point Software Technologies) – C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
    PRC - [2012-08-30 12:03:12 | 000,738,984 | —- | M] (Check Point Software Technologies) – C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    PRC - [2012-08-28 06:41:08 | 000,092,632 | —- | M] (TomTom) – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
    PRC - [2012-07-25 09:46:44 | 001,326,176 | —- | M] (Secunia) – C:\Program Files\Secunia\PSI\psia.exe
    PRC - [2012-07-25 09:46:42 | 000,572,000 | —- | M] (Secunia) – C:\Program Files\Secunia\PSI\psi_tray.exe
    PRC - [2012-04-06 03:16:24 | 000,451,072 | —- | M] (AMD) – C:\Windows\System32\atieclxx.exe
    PRC - [2012-04-06 03:15:50 | 000,217,600 | —- | M] (AMD) – C:\Windows\System32\atiesrxx.exe
    PRC - [2012-04-05 20:56:18 | 000,291,840 | —- | M] (Advanced Micro Devices, Inc.) – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    PRC - [2011-10-21 21:47:12 | 000,023,176 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) – C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
    PRC - [2011-10-21 21:47:04 | 000,060,552 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) – C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
    PRC - [2011-02-25 06:30:54 | 002,616,320 | —- | M] (Microsoft Corporation) – C:\Windows\explorer.exe
    PRC - [2010-04-02 10:18:54 | 001,185,112 | —- | M] (CANON INC.) – C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
    PRC - [2010-03-24 18:50:00 | 002,516,296 | —- | M] (CANON INC.) – C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
    PRC - [2010-03-15 11:24:06 | 000,560,792 | —- | M] (CrossLoop Inc) – C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe
    PRC - [2008-09-16 11:03:18 | 000,169,312 | —- | M] (Adobe Systems Incorporated) – C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
    PRC - [2007-11-14 20:46:00 | 000,131,072 | —- | M] (Brio) – C:\Program Files\FolderSize\FolderSizeSvc.exe
    PRC - [2007-08-20 09:42:23 | 000,495,616 | —- | M] (Gadwin Systems, Inc) – C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
    PRC - [2003-11-06 09:18:13 | 004,393,984 | —- | M] (eCOSM) – C:\Program Files\MailWasher Pro\MailWasher.exe


    ========== Modules (No Company Name) ==========[/color:e79c705cf7]

    MOD - [2012-12-11 21:04:42 | 014,711,736 | —- | M] () – C:\Windows\System32\Macromed\Flash\NPSWF32_11_6_602_108.dll
    MOD - [2012-11-29 09:26:21 | 002,397,152 | —- | M] () – C:\Program Files\Mozilla Firefox\mozjs.dll


    ========== Services (SafeList) ==========[/color:e79c705cf7]

    SRV - [2012-12-24 16:32:54 | 000,225,552 | —- | M] () [Auto | Running] – C:\Program Files\Macrium\Reflect\ReflectService.exe – (ReflectService.exe)
    SRV - [2012-12-11 21:04:53 | 000,250,808 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2012-11-29 00:52:16 | 000,115,168 | —- | M] (Mozilla Foundation) [On_Demand | Stopped] – C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe – (MozillaMaintenance)
    SRV - [2012-10-10 13:44:26 | 000,086,224 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\sched.exe – (AntiVirSchedulerService)
    SRV - [2012-10-10 13:44:11 | 000,465,360 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe – (AntiVirWebService)
    SRV - [2012-10-10 13:44:05 | 000,110,032 | —- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] – C:\Program Files\Avira\AntiVir Desktop\avguard.exe – (AntiVirService)
    SRV - [2012-10-09 14:10:52 | 002,447,440 | —- | M] (Check Point Software Technologies LTD) [Auto | Running] – C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe – (vsmon)
    SRV - [2012-08-30 12:03:36 | 000,497,320 | —- | M] (Check Point Software Technologies) [Auto | Running] – C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe – (IswSvc)
    SRV - [2012-08-28 06:41:08 | 000,092,632 | —- | M] (TomTom) [Auto | Running] – C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe – (TomTomHOMEService)
    SRV - [2012-07-25 09:46:44 | 001,326,176 | —- | M] (Secunia) [Auto | Running] – C:\Program Files\Secunia\PSI\psia.exe – (Secunia PSI Agent)
    SRV - [2012-07-25 09:46:42 | 000,681,056 | —- | M] (Secunia) [Auto | Stopped] – C:\Program Files\Secunia\PSI\sua.exe – (Secunia Update Agent)
    SRV - [2012-06-05 11:26:51 | 001,343,400 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\Wat\WatAdminSvc.exe – (WatAdminSvc)
    SRV - [2012-04-24 11:31:23 | 000,651,720 | —- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] – C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe – (FLEXnet Licensing Service)
    SRV - [2012-04-06 03:15:50 | 000,217,600 | —- | M] (AMD) [Auto | Running] – C:\Windows\System32\atiesrxx.exe – (AMD External Events Utility)
    SRV - [2012-04-05 20:56:18 | 000,291,840 | —- | M] (Advanced Micro Devices, Inc.) [Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe – (AMD FUEL Service)
    SRV - [2011-10-21 21:47:12 | 000,023,176 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] – C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe – (Guard Agent)
    SRV - [2011-10-21 21:47:04 | 000,060,552 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] – C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe – (EaseUS Agent)
    SRV - [2010-03-15 11:24:06 | 000,560,792 | —- | M] (CrossLoop Inc) [Auto | Running] – C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe – (CrossLoopService)
    SRV - [2009-07-14 02:16:13 | 000,025,088 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\System32\sensrsvc.dll – (SensrSvc)
    SRV - [2009-07-14 02:15:41 | 000,680,960 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV - [2008-09-16 11:03:18 | 000,169,312 | —- | M] (Adobe Systems Incorporated) [Auto | Running] – C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe – (AdobeActiveFileMonitor7.0)
    SRV - [2007-11-14 20:46:00 | 000,131,072 | —- | M] (Brio) [Auto | Running] – C:\Program Files\FolderSize\FolderSizeSvc.exe – (FolderSize)


    ========== Driver Services (SafeList) ==========[/color:e79c705cf7]

    DRV - File not found [Kernel | On_Demand | Stopped] – C:\Users\Ultimate\AppData\Local\Temp\catchme.sys – (catchme)
    DRV - [2012-12-24 16:34:12 | 000,016,656 | —- | M] (Macrium Software) [Kernel | Boot | Running] – C:\Windows\System32\drivers\pssnap.sys – (pssnap)
    DRV - [2012-10-09 15:10:44 | 000,021,520 | —- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] – c:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys – (RapportIaso)
    DRV - [2012-09-27 14:07:48 | 000,137,928 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\avipbb.sys – (avipbb)
    DRV - [2012-09-27 14:07:48 | 000,083,392 | —- | M] (Avira GmbH) [File_System | Auto | Running] – C:\Windows\System32\drivers\avgntflt.sys – (avgntflt)
    DRV - [2012-09-27 14:07:48 | 000,036,000 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\avkmgr.sys – (avkmgr)
    DRV - [2012-08-30 12:03:48 | 000,027,056 | —- | M] (Check Point Software Technologies) [Kernel | Auto | Running] – C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys – (ISWKL)
    DRV - [2012-08-27 15:50:24 | 000,028,520 | —- | M] (Avira GmbH) [Kernel | System | Running] – C:\Windows\System32\drivers\ssmdrv.sys – (ssmdrv)
    DRV - [2012-08-23 15:44:32 | 000,014,848 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\rdpvideominiport.sys – (RdpVideoMiniport)
    DRV - [2012-08-23 15:41:34 | 000,027,136 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbGD.sys – (TsUsbGD)
    DRV - [2012-08-23 15:40:25 | 000,049,664 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\TsUsbFlt.sys – (TsUsbFlt)
    DRV - [2012-04-06 06:21:10 | 009,334,784 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmdag.sys – (amdkmdag)
    DRV - [2012-04-06 02:10:22 | 000,275,968 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\atikmpag.sys – (amdkmdap)
    DRV - [2012-03-05 15:04:30 | 000,045,184 | —- | M] (Advanced Micro Devices) [Kernel | Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys – (AODDriver4.1)
    DRV - [2012-02-23 13:31:58 | 000,086,544 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\AtihdW73.sys – (AtiHDAudioService)
    DRV - [2011-10-21 21:46:56 | 000,185,480 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] – C:\Windows\System32\drivers\EuFdDisk.sys – (EUFDDISK)
    DRV - [2011-10-21 21:46:54 | 000,043,656 | —- | M] () [Kernel | Boot | Running] – C:\Windows\System32\drivers\EUBKMON.sys – (EUBKMON)
    DRV - [2011-10-21 21:46:48 | 000,017,032 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] – C:\Windows\System32\drivers\eudskacs.sys – (EUDSKACS)
    DRV - [2011-10-21 21:46:46 | 000,039,560 | —- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] – C:\Windows\System32\drivers\eubakup.sys – (EUBAKUP)
    DRV - [2011-10-13 12:06:14 | 000,441,608 | —- | M] (Paragon) [Kernel | System | Stopped] – C:\Windows\System32\drivers\Uim_IM.sys – (Uim_IM)
    DRV - [2011-10-13 12:06:14 | 000,277,576 | —- | M] (Paragon) [Kernel | System | Stopped] – C:\Windows\System32\drivers\Uim_Vim.sys – (Uim_Vim)
    DRV - [2011-10-13 12:06:14 | 000,045,240 | —- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] – C:\Windows\System32\drivers\UimBus.sys – (UimBus)
    DRV - [2011-05-07 16:51:28 | 000,455,256 | —- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] – C:\Windows\System32\drivers\vsdatant.sys – (Vsdatant)
    DRV - [2011-02-16 16:52:46 | 000,011,520 | —- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\wdcsam.sys – (WDC_SAM)
    DRV - [2010-11-20 13:30:18 | 000,172,416 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vpchbus.sys – (vpcbus)
    DRV - [2010-11-20 11:50:40 | 000,078,336 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\System32\drivers\vpcusb.sys – (vpcusb)
    DRV - [2010-09-01 09:30:58 | 000,015,544 | —- | M] (Secunia) [File_System | On_Demand | Running] – C:\Windows\System32\drivers\psi_mf.sys – (PSI)
    DRV - [2010-02-18 08:18:22 | 000,037,944 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\System32\drivers\amdiox86.sys – (amdiox86)
    DRV - [2009-12-30 10:21:18 | 000,027,192 | —- | M] (VS Revo Group) [File_System | On_Demand | Stopped] – C:\Windows\System32\drivers\revoflt.sys – (Revoflt)


    ========== Standard Registry (All) ==========[/color:e79c705cf7]


    ========== Internet Explorer ==========[/color:e79c705cf7]

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    IE - HKLM\..\SearchScopes,DefaultScope =


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=msnhome
    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=msnhome
    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi
    edir.dll?prd=ie&ar=iesearch
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C9 E8 16 5C 95 A3 CD 01 [binary data]
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\SearchScopes\{2981EB21-784D-4A7B-9612-BCC88F674D43}: "URL" = http://websearch.ask.com
    edirect?client=ie&tb=AVR-3&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=&apn_uid=919B9990-A3B3-4B9F-974B-9E29B15D57B2&apn_sauid=C2C86A11-E584-403E-8117-CAD09669BD98
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\SearchScopes\{2B97F5CE-2B2B-4D47-B790-975908FCD852}: "URL" = http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN115135798154785-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=3c26e9ca00000000000000252243cb72&q={searchTerms}&r=125
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\SearchScopes\{B6153D8F-0AD9-4528-ABC2-A94F8DCC9D11}: "URL" = http://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = http://nl.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811_yserp&p={searchTerms}
    IE - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========[/color:e79c705cf7]

    FF - prefs.js..browser.search.defaultengine: "Google"
    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811_yserp"
    FF - prefs.js..browser.search.suggest.enabled: false
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.nl"
    FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.0.4
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_108.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin
    pFFApi.dll ()
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins
    pFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin
    pgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3
    pPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32
    pDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat
    pWatWeb.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll File not found
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files\VideoLAN\VLC
    pvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC
    pvlc.dll (VideoLAN)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2012-10-15 17:30:42 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012-12-10 14:58:54 | 000,000,000 | —D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

    [2012-10-03 12:04:41 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions
    [2012-04-28 15:02:25 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
    [2013-01-03 19:32:03 | 000,000,000 | —D | M] (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\Firefox\Profiles\7ailpn14.default\extensions
    [2012-12-27 15:16:26 | 000,194,265 | —- | M] () (No name found) – C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
    [2012-12-08 09:56:27 | 000,001,074 | —- | M] () – C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\searchplugins\produtools-manuals-21-customized-web-search.xml
    [2012-10-15 17:29:36 | 000,001,498 | —- | M] () – C:\Users\Ultimate\AppData\Roaming\mozilla\firefox\profiles\7ailpn14.default\searchplugins\zonealarm.xml
    [2013-01-04 16:49:35 | 000,000,000 | —D | M] (No name found) – C:\Program Files\Mozilla Firefox\extensions
    [2012-12-10 14:58:53 | 000,000,000 | —D | M] (Default) – C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    [2012-11-29 09:26:57 | 000,262,112 | —- | M] (Mozilla Foundation) – C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012-11-29 09:56:45 | 000,002,465 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012-11-29 09:56:45 | 000,002,616 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\bolcom-nl.xml
    [2012-11-29 09:56:45 | 000,003,581 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\google.xml
    [2012-11-29 09:56:45 | 000,004,771 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\marktplaats-nl.xml
    [2012-11-29 09:56:45 | 000,001,262 | —- | M] () – C:\Program Files\mozilla firefox\searchplugins\wikipedia-nl.xml

    ========== Chrome ==========[/color:e79c705cf7]

    CHR - homepage: http://www.google.com
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\PepperFlash\pepflashplayer.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_500_104.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.96\pdf.dll
    CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin
    pFFApi.dll
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Foxit Software\Foxit Reader\plugins
    pFoxitReaderPlugin.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3
    pPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123
    pGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0
    pctrl.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC
    pvlc.dll
    CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat
    pWatWeb.dll
    CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\system32
    pDeployJava1.dll
    CHR - Extension: YouTube = C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Zoeken = C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Gmail = C:\Users\Ultimate\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012-12-10 08:23:52 | 000,000,027 | —- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O3 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
    O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
    O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
    O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
    O4 - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" File not found
    O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
    O4 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001..\Run: [FileHippo.com] C:\Program Files\FileHippo.com\UpdateChecker.exe (FileHippo.com)
    O4 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001..\Run: [Gadwin PrintScreen] C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe (Gadwin Systems, Inc)
    O4 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001..\Run: [MailWasher] C:\Program Files\MailWasher Pro\MailWasher.exe (eCOSM)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
    O7 - HKU\S-1-5-21-3246226185-3198626699-1455792835-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 File not found
    O9 - Extra Button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32
    laapi.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{41D5CE26-332D-432B-B622-E97B7F631628}: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp - No CLSID value found
    O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
    O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
    O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O24 - Desktop Components:0 (Mijn huidige introductiepagina) - About:Home
    O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
    O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O31 - SafeBoot: AlternateShell - cmd.exe
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009-06-10 22:42:20 | 000,000,024 | —- | M] () - C:\autoexec.bat – [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    MsConfig - StartUpFolder: C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasher.lnk - Reg Error: Value error. - File not found
    MsConfig - StartUpReg: [b:e79c705cf7]BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}[/b:e79c705cf7] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b:e79c705cf7]EaseUs Tray[/b:e79c705cf7] - hkey= - key= - C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe (CHENGDU YIWO Tech Development Co., Ltd)
    MsConfig - StartUpReg: [b:e79c705cf7]EaseUs Watch[/b:e79c705cf7] - hkey= - key= - C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
    MsConfig - StartUpReg: [b:e79c705cf7]EMET Notifier[/b:e79c705cf7] - hkey= - key= - C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
    MsConfig - StartUpReg: [b:e79c705cf7]MailWasher[/b:e79c705cf7] - hkey= - key= - C:\Program Files\MailWasher Pro\MailWasher.exe (eCOSM)
    MsConfig - StartUpReg: [b:e79c705cf7]Malwarebytes Anti-Malware (reboot)[/b:e79c705cf7] - hkey= - key= - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    MsConfig - StartUpReg: [b:e79c705cf7]NeroFilterCheck[/b:e79c705cf7] - hkey= - key= - File not found
    MsConfig - StartUpReg: [b:e79c705cf7]StartCCC[/b:e79c705cf7] - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    MsConfig - StartUpReg: [b:e79c705cf7]TomTomHOME.exe[/b:e79c705cf7] - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
    MsConfig - State: "startup" - 2

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========[/color:e79c705cf7]

    [2013-01-04 20:31:17 | 000,000,000 | —D | C] – C:\Users\Ultimate\Desktop\tijdelijk CT
    [2013-01-04 16:52:06 | 000,602,112 | —- | C] (OldTimer Tools) – C:\Users\Ultimate\Desktop\OTL.exe
    [2013-01-03 19:24:06 | 000,000,000 | —D | C] – C:\Program Files\Unlocker
    [2013-01-03 19:24:01 | 000,000,000 | —D | C] – C:\Program Files\sweetpacks bundle uninstaller
    [2013-01-03 14:51:12 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
    [2013-01-03 14:51:12 | 000,000,000 | —D | C] – C:\Program Files\Macrium
    [2013-01-03 09:16:35 | 000,000,000 | —D | C] – C:\Users\Ultimate\Desktop\Frank henry 2012
    [2013-01-02 15:56:43 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Adobe
    [2013-01-02 09:19:04 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\InfraRecorder
    [2013-01-02 09:19:03 | 000,000,000 | —D | C] – C:\Program Files\InfraRecorder
    [2012-12-31 16:43:53 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Freecorder 7 Video
    [2012-12-31 16:39:41 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Freecorder 7 Video
    [2012-12-31 16:39:41 | 000,000,000 | —D | C] – C:\Users\Ultimate\Documents\Freecorder
    [2012-12-31 16:39:40 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Jaksta_Technologies_Pty_L
    [2012-12-31 16:28:12 | 000,000,000 | —D | C] – C:\Program Files\Applian Technologies
    [2012-12-30 11:30:54 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
    [2012-12-30 09:34:10 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    [2012-12-29 09:27:03 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Programs
    [2012-12-28 18:24:04 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PHP 5
    [2012-12-27 12:07:17 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Research
    [2012-12-27 12:07:17 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft ICE
    [2012-12-26 16:03:42 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Systweak
    [2012-12-26 16:03:37 | 000,018,360 | —- | C] (Systweak Inc., (www.systweak.com)) – C:\Windows\System32\roboot.exe
    [2012-12-25 11:40:40 | 000,290,816 | —- | C] (CANON INC.) – C:\Windows\System32\CNMLMAE.DLL
    [2012-12-24 21:02:06 | 000,000,000 | —D | C] – C:\Windows\MiniDump
    [2012-12-24 16:34:36 | 000,013,584 | —- | C] (Paramount Software UK Ltd) – C:\Windows\System32\drivers\PSVolAcc.sys
    [2012-12-24 16:34:12 | 000,016,656 | —- | C] (Macrium Software) – C:\Windows\System32\drivers\pssnap.sys
    [2012-12-24 10:50:54 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{390D465F-C6CB-4519-8680-829DB952F43F}
    [2012-12-24 10:50:53 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{38C384D2-FCEC-4690-A87B-175291B9F149}
    [2012-12-24 10:32:25 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\AVS4YOU
    [2012-12-24 10:31:47 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
    [2012-12-24 10:31:36 | 000,000,000 | —D | C] – C:\Program Files\Common Files\AVSMedia
    [2012-12-24 10:31:30 | 001,700,352 | —- | C] (Microsoft Corporation) – C:\Windows\System32\GdiPlus.dll
    [2012-12-24 10:31:30 | 000,024,576 | —- | C] (Microsoft Corporation) – C:\Windows\System32\msxml3a.dll
    [2012-12-24 10:31:30 | 000,000,000 | —D | C] – C:\ProgramData\AVS4YOU
    [2012-12-24 10:31:30 | 000,000,000 | —D | C] – C:\Program Files\AVS4YOU
    [2012-12-23 19:24:28 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Rsolutions
    [2012-12-23 19:24:28 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Rsolutions
    [2012-12-23 19:24:14 | 000,000,000 | —D | C] – C:\Program Files\Rsolutions
    [2012-12-22 11:25:13 | 000,000,000 | —D | C] – C:\ProgramData\CanonIJ
    [2012-12-22 11:12:46 | 000,000,000 | -H-D | C] – C:\ProgramData\CanonIJSolutionMenuEX
    [2012-12-22 11:12:24 | 000,000,000 | -H-D | C] – C:\ProgramData\CanonIJMyPrinter
    [2012-12-22 11:10:11 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gebruikersregistratie voor Canon MG5200 series
    [2012-12-22 11:10:00 | 000,000,000 | —D | C] – C:\ProgramData\CanonIJWSpt
    [2012-12-22 11:05:04 | 000,000,000 | -H-D | C] – C:\ProgramData\CanonBJ
    [2012-12-22 11:04:55 | 000,000,000 | -H-D | C] – C:\Windows\System32\CanonIJ Uninstaller Information
    [2012-12-22 11:04:55 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series
    [2012-12-22 11:04:52 | 001,335,296 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200C.dll
    [2012-12-22 11:04:52 | 000,307,200 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200L.dll
    [2012-12-22 11:04:52 | 000,114,688 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200I.dll
    [2012-12-22 11:04:52 | 000,106,496 | —- | C] (CANON INC.) – C:\Windows\System32\CNC5200U.dll
    [2012-12-22 11:04:27 | 000,180,224 | —- | C] (CANON INC.) – C:\Windows\System32\CNMIUAE.DLL
    [2012-12-22 11:04:19 | 000,000,000 | -H-D | C] – C:\Program Files\CanonBJ
    [2012-12-21 14:09:03 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{5905F944-0B86-40E0-A848-10EB83461BE4}
    [2012-12-21 13:55:15 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{CAFCC7C0-D5B7-4657-A948-5D0ABA30474D}
    [2012-12-21 13:54:53 | 000,000,000 | —D | C] – C:\Users\Ultimate\Tracing
    [2012-12-21 13:50:25 | 000,000,000 | —D | C] – C:\Program Files\Microsoft
    [2012-12-21 13:24:57 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{4EB7351A-F1F7-4241-85A5-B3CB77ECA4B3}
    [2012-12-21 13:07:05 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{074E1B51-A9AA-48E3-9A26-4563DF45F19E}
    [2012-12-21 12:36:27 | 000,515,416 | —- | C] (Microsoft Corporation) – C:\Windows\System32\XAudio2_5.dll
    [2012-12-21 12:36:27 | 000,069,464 | —- | C] (Microsoft Corporation) – C:\Windows\System32\XAPOFX1_3.dll
    [2012-12-21 12:36:26 | 000,453,456 | —- | C] (Microsoft Corporation) – C:\Windows\System32\d3dx10_42.dll
    [2012-12-21 12:35:57 | 003,426,072 | —- | C] (Microsoft Corporation) – C:\Windows\System32\d3dx9_32.dll
    [2012-12-21 10:21:16 | 000,295,424 | —- | C] (Adobe Systems Incorporated) – C:\Windows\System32\atmfd.dll
    [2012-12-21 10:21:16 | 000,034,304 | —- | C] (Adobe Systems) – C:\Windows\System32\atmlib.dll
    [2012-12-20 16:05:33 | 000,000,000 | —D | C] – C:\ProgramData\YTD Video Downloader
    [2012-12-20 08:49:49 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Google
    [2012-12-19 15:09:42 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\RawTherapee3.0.1
    [2012-12-19 10:47:31 | 000,000,000 | —D | C] – C:\Windows\ERUNT
    [2012-12-19 10:47:08 | 000,000,000 | —D | C] – C:\JRT
    [2012-12-18 17:53:19 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2012-12-18 17:50:04 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    [2012-12-15 14:58:48 | 000,000,000 | R–D | C] – C:\Users\Ultimate\SkyDrive
    [2012-12-15 14:58:48 | 000,000,000 | —D | C] – C:\Program Files\Microsoft SkyDrive
    [2012-12-15 14:58:39 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft SkyDrive
    [2012-12-15 14:56:17 | 000,000,000 | RH-D | C] – C:\MSOCache
    [2012-12-15 14:50:57 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Office 15
    [2012-12-13 15:52:16 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\{D5332439-95DB-43D5-838D-DB76758C758D}
    [2012-12-13 15:04:11 | 000,000,000 | —D | C] – C:\Windows\Migration
    [2012-12-13 15:02:15 | 000,012,800 | —- | C] (Microsoft Corporation) – C:\Windows\System32\Register-CimProvider.exe
    [2012-12-13 15:02:13 | 000,001,536 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrsmgr.dll
    [2012-12-13 15:02:09 | 000,042,496 | —- | C] (Microsoft Corporation) – C:\Windows\System32\pwrshplugin.dll
    [2012-12-13 15:02:08 | 000,039,936 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrs.exe
    [2012-12-13 15:02:08 | 000,020,480 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrshost.exe
    [2012-12-13 15:02:08 | 000,010,240 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wsmplpxy.dll
    [2012-12-13 15:02:08 | 000,009,728 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrssrv.dll
    [2012-12-13 15:02:06 | 000,083,456 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wevtfwd.dll
    [2012-12-13 15:02:06 | 000,078,336 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wecutil.exe
    [2012-12-13 15:02:06 | 000,061,440 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wecapi.dll
    [2012-12-13 15:02:06 | 000,060,416 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmRes.dll
    [2012-12-13 15:02:06 | 000,059,904 | —- | C] (Microsoft Corporation) – C:\Windows\System32\prvdmofcomp.dll
    [2012-12-13 15:02:06 | 000,036,352 | —- | C] (Microsoft Corporation) – C:\Windows\System32\PSModuleDiscoveryProvider.dll
    [2012-12-13 15:02:06 | 000,021,504 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmAgent.dll
    [2012-12-13 15:02:05 | 000,089,088 | —- | C] (Microsoft Corporation) – C:\Windows\System32\mi.dll
    [2012-12-13 15:02:05 | 000,035,840 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wsmprovhost.exe
    [2012-12-13 15:02:05 | 000,030,208 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WSManHTTPConfig.exe
    [2012-12-13 15:02:04 | 000,172,544 | —- | C] (Microsoft Corporation) – C:\Windows\System32\miutils.dll
    [2012-12-13 15:02:04 | 000,154,112 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wmitomi.dll
    [2012-12-13 15:02:04 | 000,124,416 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wmidcom.dll
    [2012-12-13 15:01:58 | 000,192,512 | —- | C] (Microsoft Corporation) – C:\Windows\System32\framedynos.dll
    [2012-12-13 15:01:58 | 000,189,952 | —- | C] (Microsoft Corporation) – C:\Windows\System32\framedyn.dll
    [2012-12-13 15:01:57 | 000,526,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmGCDeps.dll
    [2012-12-13 15:01:57 | 000,227,328 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmWmiPl.dll
    [2012-12-13 15:01:57 | 000,138,752 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WsmAuto.dll
    [2012-12-13 15:01:57 | 000,092,160 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winrscmd.dll
    [2012-12-13 15:01:57 | 000,056,832 | —- | C] (Microsoft Corporation) – C:\Windows\System32\WSManMigrationPlugin.dll
    [2012-12-13 15:01:56 | 000,382,464 | —- | C] (Microsoft Corporation) – C:\Windows\System32\wbemcomn2.dll
    [2012-12-13 09:38:45 | 000,000,000 | —D | C] – C:\ProgramData\MSScanAppDataDir
    [2012-12-13 09:21:17 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    [2012-12-13 09:20:51 | 000,000,000 | —D | C] – C:\Program Files\Common Files\DESIGNER
    [2012-12-12 08:52:14 | 002,382,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\mshtml.tlb
    [2012-12-12 08:52:14 | 000,176,640 | —- | C] (Microsoft Corporation) – C:\Windows\System32\ieui.dll
    [2012-12-12 08:52:14 | 000,065,024 | —- | C] (Microsoft Corporation) – C:\Windows\System32\jsproxy.dll
    [2012-12-12 08:52:13 | 001,800,704 | —- | C] (Microsoft Corporation) – C:\Windows\System32\jscript9.dll
    [2012-12-12 08:52:13 | 000,607,744 | —- | C] (Microsoft Corporation) – C:\Windows\System32\msfeeds.dll
    [2012-12-12 08:52:13 | 000,231,936 | —- | C] (Microsoft Corporation) – C:\Windows\System32\url.dll
    [2012-12-12 08:52:13 | 000,142,848 | —- | C] (Microsoft Corporation) – C:\Windows\System32\ieUnatt.exe
    [2012-12-12 08:52:12 | 001,427,968 | —- | C] (Microsoft Corporation) – C:\Windows\System32\inetcpl.cpl
    [2012-12-12 08:33:36 | 002,345,984 | —- | C] (Microsoft Corporation) – C:\Windows\System32\win32k.sys
    [2012-12-12 08:33:28 | 000,271,360 | —- | C] (Microsoft Corporation) – C:\Windows\System32\conhost.exe
    [2012-12-12 08:33:28 | 000,169,984 | —- | C] (Microsoft Corporation) – C:\Windows\System32\winsrv.dll
    [2012-12-12 08:33:28 | 000,006,144 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,005,120 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,608 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,004,096 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,584 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    [2012-12-12 08:33:28 | 000,003,072 | -H– | C] (Microsoft Corporation) – C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    [2012-12-12 08:33:20 | 000,376,832 | —- | C] (Microsoft Corporation) – C:\Windows\System32\dpnet.dll
    [2012-12-12 08:33:14 | 000,002,048 | —- | C] (Microsoft Corporation) – C:\Windows\System32\tzres.dll
    [2012-12-11 03:34:47 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Keyboard
    [2012-12-11 03:34:40 | 000,000,000 | —D | C] – C:\Program Files\Microsoft IntelliType Pro
    [2012-12-10 14:58:55 | 000,000,000 | —D | C] – C:\Program Files\Mozilla Maintenance Service
    [2012-12-10 14:54:28 | 000,000,000 | —D | C] – C:\Windows\System32\%LOCALAPPDATA%
    [2012-12-10 11:08:42 | 000,000,000 | —D | C] – C:\Program Files\Microsoft Office
    [2012-12-10 10:39:08 | 000,000,000 | -HSD | C] – C:\Config.Msi
    [2012-12-10 10:35:44 | 000,000,000 | —D | C] – C:\Program Files\Common Files\ODBC
    [2012-12-10 10:33:46 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Local\Microsoft Help
    [2012-12-10 10:33:44 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft Help
    [2012-12-10 08:28:12 | 000,000,000 | -HSD | C] – C:\$RECYCLE.BIN
    [2012-12-10 07:55:49 | 000,518,144 | —- | C] (SteelWerX) – C:\Windows\SWREG.exe
    [2012-12-10 07:55:49 | 000,406,528 | —- | C] (SteelWerX) – C:\Windows\SWSC.exe
    [2012-12-10 07:55:49 | 000,060,416 | —- | C] (NirSoft) – C:\Windows\NIRCMD.exe
    [2012-12-10 07:55:27 | 000,000,000 | –SD | C] – C:\ComboFix
    [2012-12-10 07:54:18 | 000,000,000 | —D | C] – C:\Windows\erdnt
    [2012-12-06 18:31:06 | 000,000,000 | —D | C] – C:\Users\Ultimate\AppData\Roaming\Avira
    [2012-12-06 18:25:38 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2012-12-06 18:24:49 | 000,028,520 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\ssmdrv.sys
    [2012-12-06 18:24:48 | 000,137,928 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\avipbb.sys
    [2012-12-06 18:24:48 | 000,083,392 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\avgntflt.sys
    [2012-12-06 18:24:48 | 000,036,000 | —- | C] (Avira GmbH) – C:\Windows\System32\drivers\avkmgr.sys
    [2012-12-06 18:24:48 | 000,000,000 | —D | C] – C:\ProgramData\Avira
    [2012-12-06 18:24:48 | 000,000,000 | —D | C] – C:\Program Files\Avira
    [2012-12-06 18:11:54 | 000,000,000 | —D | C] – C:\Program Files\Common Files\G Data

    ========== Files - Modified Within 30 Days ==========[/color:e79c705cf7]

    [2013-01-04 19:51:00 | 000,000,890 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-01-04 19:49:00 | 000,000,940 | —- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-01-04 19:43:17 | 000,021,472 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-01-04 19:43:17 | 000,021,472 | -H– | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-01-04 19:35:05 | 000,000,886 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-01-04 19:34
  • Start OTL.exe wel op met administartorrechten.
    En je hebt OTL nu drie keer gebruikt, waarom is mij niet duidelijk en het log is weer incompleet of heb je mogelijk de aanvullende handelingen voor de start van OTL niet gedaan?

    En bij de eerste run van OTL met ook het tweede log zijn aangemaaakt!
  • Ik meen dat ik gewoon administratorrechten heb; hoe kan ik dat nagaan? De allereerste keer met OTL had ik niet aangevinkt (zoals ik schreef) en toen een keer over gedaan. dat zag er identiek uit (maar ik kan me vergissen).Er komt maar één txtbestand op bureaublad, wel steeds met een nieuw nummer. Nu dus voor de 3e keer in de hoop twéé txt bestanden te krijgen. Nee dus.
  • Je bent met jouw administratorrechten toch onderschikt aan de Trusted Installer in Windows.

    En daarom middels rechtsklik tools opstarten zoals beschreven!
    Dat staat er niet voor niks.
    En daarom ook dat jij je zelf extra werk bezorgt!
  • Abraham, ik heb opnieuw (met R klik en als administrator geselecteerd ) OTL gestart, de drie vinkjes gezet, en er komt maar één txt bestand uit. M.i. gelijk aan dat van gisteren. wat kan ik nog verder doen?
  • Hoi, dat vind ik dan vreemd.
    Ik acht het dan mogelijk, dat iets in jouw Windows OTL tegenwerkt.

    Dus gaan we nu eerst wat anders doen:

    [b:43a7a0c9c7]Welk programma[/b:43a7a0c9c7]: [b:43a7a0c9c7]ComboFix[/b:43a7a0c9c7][/color:43a7a0c9c7]
    [b:43a7a0c9c7]Waarvoor/waarom[/b:43a7a0c9c7]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:43a7a0c9c7]Moeilijkheidsgraad[/b:43a7a0c9c7]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:43a7a0c9c7]Downloadlokatie[/b:43a7a0c9c7]: Dit programma absoluut naar het bureaublad downloaden!
    [b:43a7a0c9c7]Download ComboFix via één van deze locaties[/b:43a7a0c9c7]:
    [list:43a7a0c9c7][*:43a7a0c9c7][b:43a7a0c9c7]Bleepingcomputer[/b:43a7a0c9c7]
    [*:43a7a0c9c7][b:43a7a0c9c7]ForoSpyware[/b:43a7a0c9c7]
    [*:43a7a0c9c7][b:43a7a0c9c7]Geekstogo[/b:43a7a0c9c7][/list:u:43a7a0c9c7]
    [b:43a7a0c9c7]Hier[/color:43a7a0c9c7][/b:43a7a0c9c7] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:43a7a0c9c7]Hier[/color:43a7a0c9c7][/b:43a7a0c9c7] en [b:43a7a0c9c7]hier[/color:43a7a0c9c7][/b:43a7a0c9c7] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:43a7a0c9c7]Opmerkingen[/b:43a7a0c9c7]:
    [list:43a7a0c9c7][*:43a7a0c9c7] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:43a7a0c9c7]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:43a7a0c9c7]
    [b:43a7a0c9c7]ComboFix opstarten[/b:43a7a0c9c7]:
    [list:43a7a0c9c7][*:43a7a0c9c7][b:43a7a0c9c7]Windows 2000[/color:43a7a0c9c7][/b:43a7a0c9c7] en [b:43a7a0c9c7]Windows XP[/b:43a7a0c9c7][/color:43a7a0c9c7]: dubbelklik op ComboFix.exe.
    [*:43a7a0c9c7][b:43a7a0c9c7]Windows Vista[/b:43a7a0c9c7][/color:43a7a0c9c7] en [b:43a7a0c9c7]Windows 7[/b:43a7a0c9c7][/color:43a7a0c9c7]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:43a7a0c9c7]
    [b:43a7a0c9c7]ComboFix is opgestart[/b:43a7a0c9c7]:
    [list:43a7a0c9c7][*:43a7a0c9c7]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:43a7a0c9c7]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:43a7a0c9c7]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:43a7a0c9c7]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:43a7a0c9c7]Post de inhoud van dit logbestand in je volgende bericht.
    [*:43a7a0c9c7]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:43a7a0c9c7]
    [b:43a7a0c9c7]Belangrijke opmerking[/b:43a7a0c9c7]:
    [list:43a7a0c9c7][*:43a7a0c9c7][b:43a7a0c9c7]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:43a7a0c9c7][/b:43a7a0c9c7]
    [*:43a7a0c9c7][b:43a7a0c9c7]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:43a7a0c9c7][/b:43a7a0c9c7]
    [*:43a7a0c9c7][b:43a7a0c9c7]Start dan de computer opnieuw op.[/color:43a7a0c9c7][/b:43a7a0c9c7][/list:u:43a7a0c9c7]
  • Dat duurde langer dan bij eerdere gelegenheden, ook het maken van het log bestand:
    ComboFix 13-01-05.01 - Ultimate 05-01-2013 11:35:16.2.3 - x86
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3327.1943 [GMT 1:00]
    Gestart vanuit: C:\Users\Ultimate\Desktop\ComboFix.exe
    FW: ZoneAlarm Free Firewall Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Windows\system32\roboot.exe

    —- Voorgaande Run ——-

    C:\Users\Ultimate\Desktop\Internet Explorer.lnk


    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    ——-\Service_uvnc_service
    ——-\Legacy_NPF


    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-05 to 2013-01-05 ))))))))))))))))))))))))))))))


    2013-01-05 10:56:26 . 2013-01-05 10:56:26 ——– d—–w- C:\Users\Default\AppData\Local\temp
    2013-01-04 07:53:43 . 2012-11-08 18:00:47 6812136 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F23D9625-1353-411A-B495-A83F632FCAE5}\mpengine.dll
    2013-01-03 18:24:06 . 2013-01-03 20:06:08 ——– d—–w- C:\Program Files\Unlocker
    2013-01-03 18:24:01 . 2013-01-03 18:24:01 ——– d—–w- C:\Program Files\sweetpacks bundle uninstaller
    2013-01-03 13:51:12 . 2013-01-03 13:51:12 ——– d—–w- C:\Program Files\Macrium
    2013-01-02 14:56:43 . 2013-01-02 14:57:59 ——– d—–w- C:\Users\Ultimate\AppData\Local\Adobe
    2013-01-02 08:19:04 . 2013-01-02 08:19:15 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\InfraRecorder
    2013-01-02 08:19:03 . 2013-01-02 11:03:04 ——– d—–w- C:\Program Files\InfraRecorder
    2012-12-31 15:43:53 . 2012-12-31 15:43:53 ——– d—–w- C:\Users\Ultimate\AppData\Local\Freecorder 7 Video
    2012-12-31 15:39:41 . 2012-12-31 15:39:41 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\Freecorder 7 Video
    2012-12-31 15:39:40 . 2013-01-02 11:02:55 ——– d—–w- C:\Users\Ultimate\AppData\Local\Jaksta_Technologies_Pty_L
    2012-12-31 15:28:12 . 2012-12-31 15:49:08 ——– d—–w- C:\Program Files\Applian Technologies
    2012-12-29 08:27:03 . 2012-12-29 08:27:03 ——– d—–w- C:\Users\Ultimate\AppData\Local\Programs
    2012-12-27 11:07:17 . 2012-12-27 11:07:17 ——– d—–w- C:\Program Files\Microsoft Research
    2012-12-26 15:03:42 . 2012-12-26 15:04:57 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\Systweak
    2012-12-25 10:40:40 . 2010-08-25 04:00:00 290816 —-a-w- C:\Windows\system32\CNMLMAE.DLL
    2012-12-24 15:34:36 . 2012-12-24 15:34:36 13584 —-a-w- C:\Windows\system32\drivers\PSVolAcc.sys
    2012-12-24 15:34:12 . 2012-12-24 15:34:12 16656 —-a-w- C:\Windows\system32\drivers\pssnap.sys
    2012-12-24 15:33:14 . 2012-12-24 15:33:14 55056 —-a-w- C:\Windows\system32\drivers\psmounterex.sys
    2012-12-24 09:32:25 . 2012-12-24 09:32:25 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\AVS4YOU
    2012-12-24 09:31:36 . 2012-12-27 14:42:46 ——– d—–w- C:\Program Files\Common Files\AVSMedia
    2012-12-24 09:31:30 . 2012-12-27 14:42:43 ——– d—–w- C:\Program Files\AVS4YOU
    2012-12-24 09:31:30 . 2012-12-24 09:32:25 ——– d—–w- C:\ProgramData\AVS4YOU
    2012-12-24 09:31:30 . 2012-03-23 18:59:54 1700352 —-a-w- C:\Windows\system32\GdiPlus.dll
    2012-12-24 09:31:30 . 2012-03-23 18:59:48 24576 —-a-w- C:\Windows\system32\msxml3a.dll
    2012-12-23 18:24:28 . 2012-12-23 18:24:28 ——– d—–w- C:\Users\Ultimate\AppData\Roaming\Rsolutions
    2012-12-23 18:24:28 . 2012-12-23 18:24:28 ——– d—–w- C:\Users\Ultimate\AppData\Local\Rsolutions
    2012-12-23 18:24:14 . 2013-01-02 03:03:39 ——– d—–w- C:\Program Files\Rsolutions
    2012-12-22 10:25:13 . 2012-12-22 10:25:13 ——– d—–w- C:\ProgramData\CanonIJ
    2012-12-22 10:05:04 . 2012-12-22 10:05:04 ——– d–h–w- C:\ProgramData\CanonBJ
    2012-12-22 10:04:55 . 2012-12-22 10:04:55 ——– d–h–w- C:\Windows\system32\CanonIJ Uninstaller Information
    2012-12-22 10:04:52 . 2010-03-18 18:25:16 307200 —-a-w- C:\Windows\system32\CNC5200L.dll
    2012-12-22 10:04:52 . 2010-03-18 16:12:28 1335296 —-a-w- C:\Windows\system32\CNC5200C.dll
    2012-12-22 10:04:52 . 2010-03-18 16:12:02 114688 —-a-w- C:\Windows\system32\CNC5200I.dll
    2012-12-22 10:04:52 . 2010-03-18 16:11:30 106496 —-a-w- C:\Windows\system32\CNC5200U.dll
    2012-12-22 10:04:27 . 2010-03-10 23:56:38 180224 —-a-w- C:\Windows\system32\CNMIUAE.DLL
    2012-12-22 10:04:19 . 2012-12-22 10:04:19 ——– d–h–w- C:\Program Files\CanonBJ
    2012-12-21 12:54:53 . 2012-12-21 12:54:53 ——– d—–w- C:\Users\Ultimate\Tracing
    2012-12-21 12:50:25 . 2012-12-21 13:11:03 ——– d—–w- C:\Program Files\Microsoft
    2012-12-21 12:38:45 . 2012-12-21 12:38:45 15712 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\1dcea4171cddf7814\MeshBetaRemover.exe
    2012-12-21 11:36:27 . 2009-09-04 16:44:40 69464 —-a-w- C:\Windows\system32\XAPOFX1_3.dll
    2012-12-21 11:36:27 . 2009-09-04 16:44:40 515416 —-a-w- C:\Windows\system32\XAudio2_5.dll
    2012-12-21 11:36:26 . 2009-09-04 16:29:34 453456 —-a-w- C:\Windows\system32\d3dx10_42.dll
    2012-12-21 11:35:57 . 2006-11-29 12:06:18 3426072 —-a-w- C:\Windows\system32\d3dx9_32.dll
    2012-12-21 11:35:02 . 2012-12-21 11:35:02 89944 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\369087f01cddf6f06\DSETUP.dll
    2012-12-21 11:35:02 . 2012-12-21 11:35:02 537432 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\369087f01cddf6f06\DXSETUP.exe
    2012-12-21 11:35:02 . 2012-12-21 11:35:02 1801048 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\369087f01cddf6f06\dsetup32.dll
    2012-12-21 11:34:57 . 2012-12-21 11:34:57 525656 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\3345decf1cddf6f05\DXSETUP.exe
    2012-12-21 11:34:57 . 2012-12-21 11:34:57 1691480 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\3345decf1cddf6f05\dsetup32.dll
    2012-12-21 11:34:56 . 2012-12-21 11:34:56 94040 —-a-w- C:\Program Files\Common Files\Windows Live\.cache\3345decf1cddf6f05\DSETUP.dll
    2012-12-21 09:21:16 . 2012-12-16 14:13:28 295424 —-a-w- C:\Windows\system32\atmfd.dll
    2012-12-21 09:21:16 . 2012-12-16 14:13:20 34304 —-a-w- C:\Windows\system32\atmlib.dll
    2012-12-20 15:05:33 . 2012-12-30 10:31:10 ——– d—–w- C:\ProgramData\YTD Video Downloader
    2012-12-19 14:09:42 . 2012-12-19 14:09:45 ——– d—–w- C:\Users\Ultimate\AppData\Local\RawTherapee3.0.1
    2012-12-19 09:47:31 . 2012-12-19 09:47:31 ——– d—–w- C:\Windows\ERUNT
    2012-12-19 09:47:08 . 2012-12-19 10:08:36 ——– d—–w- C:\JRT
    2012-12-15 13:58:48 . 2012-12-15 13:58:48 ——– d—–w- C:\Program Files\Microsoft SkyDrive
    2012-12-15 13:58:48 . 2012-12-15 13:58:48 ——– d—–r- C:\Users\Ultimate\SkyDrive
    2012-12-15 13:58:39 . 2012-12-15 13:58:39 ——– d—–w- C:\ProgramData\Microsoft SkyDrive
    2012-12-15 13:56:17 . 2012-12-15 13:56:17 ——– d—–r- C:\MSOCache
    2012-12-15 13:52:20 . 2012-12-15 13:52:18 461464 ——w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
    2012-12-15 13:50:57 . 2012-12-15 14:14:10 ——– d—–w- C:\Program Files\Microsoft Office 15
    2012-12-13 14:04:11 . 2012-12-13 14:04:11 ——– d—–w- C:\Windows\Migration
    2012-12-13 14:01:59 . 2012-07-23 18:16:48 204105 —-a-w- C:\Windows\system32\winrm.vbs
    2012-12-13 08:38:45 . 2012-12-13 08:38:45 ——– d—–w- C:\ProgramData\MSScanAppDataDir
    2012-12-12 07:33:36 . 2012-11-22 02:56:02 2345984 —-a-w- C:\Windows\system32\win32k.sys
    2012-12-11 02:34:40 . 2012-12-11 02:34:40 ——– d—–w- C:\Program Files\Microsoft IntelliType Pro
    2012-12-10 20:00:37 . 2012-12-10 20:00:37 ——– d—–w- C:\Users\Default\AppData\Local\Microsoft Help
    2012-12-10 13:54:28 . 2012-12-10 13:54:28 ——– d—–w- C:\Windows\system32\%LOCALAPPDATA%
    2012-12-10 09:33:46 . 2012-12-10 09:33:46 ——– d—–w- C:\Users\Ultimate\AppData\Local\Microsoft Help
    2012-12-10 09:33:44 . 2012-12-13 08:15:01 ——– d—–w- C:\ProgramData\Microsoft Help
    2012-12-06 17:24:48 . 2013-01-05 10:33:10 ——– d—–w- C:\ProgramData\Avira
    2012-12-06 17:11:54 . 2012-12-06 17:22:42 ——– d—–w- C:\Program Files\Common Files\G Data
    .


    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2012-12-14 15:49:28 . 2012-10-16 13:40:22 21104 —-a-w- C:\Windows\system32\drivers\mbam.sys
    2012-12-11 20:04:42 . 2012-10-14 06:56:05 70584 —-a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl
    2012-12-11 20:04:42 . 2012-10-14 06:56:05 691128 —-a-w- C:\Windows\system32\FlashPlayerApp.exe
    2012-12-05 10:29:12 . 2012-12-05 10:29:12 50080 —-a-w- C:\Windows\system32\drivers\PktIcpt.sys
    2012-11-30 11:07:16 . 2012-11-30 11:07:16 10792 —-a-w- C:\Windows\system32\GdScrSv.nl.dll
    2012-11-23 08:24:12 . 2012-06-14 12:53:10 821736 —-a-w- C:\Windows\system32
    pDeployJava1.dll
    2012-11-23 08:24:12 . 2012-06-14 12:53:10 746984 —-a-w- C:\Windows\system32\deployJava1.dll
    2012-10-29 07:50:29 . 2012-10-29 07:50:29 163056 —-a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
    2012-10-16 07:39:52 . 2012-11-28 10:07:02 561664 —-a-w- C:\Windows\apppatch\AcLayers.dll
    2012-10-09 17:40:31 . 2012-11-15 11:37:25 44032 —-a-w- C:\Windows\system32\dhcpcsvc6.dll
    2012-10-09 17:40:31 . 2012-11-15 11:37:25 193536 —-a-w- C:\Windows\system32\dhcpcore6.dll
    2012-10-07 14:21:12 . 2012-10-07 14:21:12 388096 —-a-r- C:\Users\Ultimate\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-11-29 08:26:57 . 2012-12-10 13:58:54 262112 —-a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 08:42:23 495616]
    "FileHippo.com"="C:\Program Files\FileHippo.com\UpdateChecker.exe" [2012-11-23 08:22:04 307712]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ZoneAlarm"="C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe" [2012-10-09 12:41:08 73392]
    "itype"="C:\Program Files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 15:39:48 1313640]
    "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 17:50:00 2516296]
    "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 09:18:54 1185112]
    "ISW"="C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" [2012-08-30 11:03:12 738984]

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
    Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe [2012-7-25 572000]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""

    [HKLM\~\startupfolder\C:^Users^Ultimate^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MailWasher.lnk]
    backup=C:\Windows\pss\MailWasher.lnk.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Tray]
    2011-10-21 20:47:04 743560 —-a-w- C:\Program Files\EaseUS\Todo Backup\bin\TrayNotify.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUs Watch]
    2011-10-21 20:47:02 70792 —-a-w- C:\Program Files\EaseUS\Todo Backup\bin\EuWatch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EMET Notifier]
    2012-05-09 12:25:58 152152 —-a-w- C:\Program Files\EMET\EMET_notifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MailWasher]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
    2012-12-14 15:49:28 824232 —-a-w- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
    2012-04-05 23:24:32 641664 —-a-w- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    2012-08-28 05:41:06 247768 —-a-w- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

    R1 Uim_Vim;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\Uim_Vim.sys [x]
    R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files\Secunia\PSI\sua.exe [x]
    R3 RapportIaso;RapportIaso;c:\programdata\trusteer\rapport\store\exts\rapportms\baseline\rapportiaso.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [x]
    S0 EUBAKUP;EUBAKUP;C:\Windows\system32\drivers\eubakup.sys [x]
    S0 EUBKMON;EUBKMON;C:\Windows\system32\drivers\EUBKMON.sys [x]
    S0 pssnap;Paramount Software Snapshot Filter;C:\Windows\system32\DRIVERS\pssnap.sys [x]
    S1 EUDSKACS;EUDSKACS;C:\Windows\system32\drivers\eudskacs.sys [x]
    S1 EUFDDISK;EUFDDISK;C:\Windows\system32\drivers\EuFdDisk.sys [x]
    S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [x]
    S2 CrossLoopService;CrossLoop Service;C:\Users\Ultimate\AppData\Local\CrossLoop\CrossLoopService.exe [x]
    S2 EaseUS Agent;EaseUS Agent;C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe [x]
    S2 Guard Agent;Guard Agent;C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe [x]
    S2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [x]
    S2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [x]
    S2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [x]
    S2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files\Secunia\PSI\PSIA.exe [x]
    S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe [x]
    S3 amdiox86;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox86.sys [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW73.sys [x]
    S3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam.sys [x]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    GPSvcGroup REG_MULTI_SZ GPSvc

    Inhoud van de 'Gedeelde Taken' map

    2013-01-05 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-14 06:56:05 . 2012-12-11 20:04:53]

    2013-01-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-07 09:05:07 . 2012-05-07 09:05:03]

    2013-01-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files\Google\Update\GoogleUpdate.exe [2012-05-07 09:05:07 . 2012-05-07 09:05:03]


    ——- Bijkomende Scan ——-

    uStart Page = hxxp://www.google.nl/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
    IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
    TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66
    FF - ProfilePath - C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: network.proxy.type - 0
    FF - ExtSQL: 2012-12-18 08:54; {37fa1426-b82d-11db-8314-0800200c9a66}; C:\Users\Ultimate\AppData\Roaming\Mozilla\Firefox\Profiles\7ailpn14.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi

    - - - - ORPHANS VERWIJDERD - - - -

    HKLM-Run-UnlockerAssistant - C:\Program Files\Unlocker\UnlockerAssistant.exe



    ——————— VERGRENDELDE REGISTER SLEUTELS ———————

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_108_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="C:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_108_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"

    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
    "v5Licence0"="15-AJV9-DUDP-TER2-S5M4-FKYA-GWX7X6N"
    "Activated"="N"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]
    @DACL=(02 0000)
    "DisplayName"="@ieframe.dll,-12512"
    @="Live Search"
    "URL"="http://search.live.com
    esults.aspx?q={searchTerms}&src={referrer:source?}"

    ——————— DLLs Geladen Onder Lopende Processen ———————

    - - - - - - - > 'lsass.exe'(552)
    C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'Explorer.exe'(3568)
    C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'explorer.exe'(6112)
    C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    ———————— Andere Aktieve Processen ————————

    C:\Windows\system32\atieclxx.exe
    C:\Program Files\FolderSize\FolderSizeSvc.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\MailWasher Pro\MailWasher.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    Z:\05 p r o g r a m m a s en filmpjes en meer\schoonmakertjes,diagnostiek,mailwasher\A V I R A sinds nov. 2012\avira_free_antivirus_nl.exe
    C:\Users\Ultimate\AppData\Local\Temp\RarSFX0\presetup.exe
    C:\Users\Ultimate\AppData\Local\Temp\RarSFX0\setup.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Avira\AntiVir Desktop\avconfig.exe
    C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
    C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vds.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\program files\avira\antivir desktop\avscan.exe

    **************************************************************************

    Voltooingstijd: 2013-01-05 13:03:44 - machine werd herstart

    ik hoop dat er wat te zien is.
  • Ik heb wel vraagtekens wat betreft Sweetpacks en ComboFix heeft wel degelijk het een en ander verwijderd.

    [b:1db7f92ef7]Doe de ESET online scan (Klik).[/b:1db7f92ef7]
    [list:1db7f92ef7]
    [*:1db7f92ef7]Klik op de knop [b:1db7f92ef7]ESET Online Scanner[/b:1db7f92ef7]
    [*:1db7f92ef7]Zet een vinkje bij [b:1db7f92ef7]YES, I accept the Terms of Use[/b:1db7f92ef7]
    [*:1db7f92ef7]Klik op [b:1db7f92ef7]Start[/b:1db7f92ef7]
    [*:1db7f92ef7]Sta het ActiveX control toe om te installeren.
    [*:1db7f92ef7]Zet een vinkje bij de volgende opties:
    [list:1db7f92ef7][*:1db7f92ef7][b:1db7f92ef7]Remove found threats[/b:1db7f92ef7]
    [*:1db7f92ef7][b:1db7f92ef7]Scan archives[/b:1db7f92ef7][/list:u:1db7f92ef7]
    [*:1db7f92ef7]Klik vervolgens op [b:1db7f92ef7]"Advanced Settings"[/color:1db7f92ef7][/b:1db7f92ef7]
    [list:1db7f92ef7][*:1db7f92ef7][b:1db7f92ef7]Scan for potentially unwanted applications[/b:1db7f92ef7]
    [*:1db7f92ef7][b:1db7f92ef7]Scan for potentially unsafe applications[/b:1db7f92ef7]
    [*:1db7f92ef7][b:1db7f92ef7]Enable Anti-Stealth technology [/b:1db7f92ef7][/list:u:1db7f92ef7]
    [*:1db7f92ef7]Klik op [b:1db7f92ef7]Start[/b:1db7f92ef7]
    [*:1db7f92ef7]De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
    [*:1db7f92ef7]is de scan klaar, daarna mag jij het venster sluiten omdat de scan klaar is.
    [*:1db7f92ef7]Ga vervolgens naar C:\Program Files\ESET\ESET Online Scanner en klik daar op log.txt
    [*:1db7f92ef7]Selekteer, kopieer en plak dan de inhoud van dit log in je volgende bericht.[/list:u:1db7f92ef7]
    [b:1db7f92ef7]N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller![/b:1db7f92ef7][/color:1db7f92ef7]
  • heb na ongeveer 1/3 scan de Avira maar gedeactiveerd, want het duurt wel erg lang. Hopelijk gaat het nu wat sneller, maar een aantal uren zal het nog wel duren. Tot nu toe 3 dezelfde Win32/opencandy/application gevonden.
  • en toen gin het ineens heel snel:
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=e5ff5a6bc0e7f84cb37dc8d8afad196c
    # end=stopped
    # remove_checked=true
    # archives_checked=false
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-07-02 07:15:47
    # local_time=2012-07-02 09:15:47 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=512 16777215 100 0 4598891 4598891 0 0
    # compatibility_mode=2560 16777215 100 0 0 0 0 0
    # compatibility_mode=5893 16776573 100 94 17058 92886844 0 0
    # compatibility_mode=8192 67108863 100 0 202 202 0 0
    # scanned=37122
    # found=0
    # cleaned=0
    # scan_time=894
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=e5ff5a6bc0e7f84cb37dc8d8afad196c
    # end=stopped
    # remove_checked=false
    # archives_checked=false
    # unwanted_checked=false
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-12-15 01:17:20
    # local_time=2012-12-15 02:17:20 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1023 16777215 0 0 0 0 0 0
    # compatibility_mode=1799 16775165 100 98 63430 126245145 56212 0
    # compatibility_mode=5893 16776573 100 94 106468 107208631 0 0
    # compatibility_mode=9217 16777214 75 4 458192 458192 0 0
    # scanned=64722
    # found=0
    # cleaned=0
    # scan_time=1819
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6844
    # api_version=3.0.2
    # EOSSerial=e5ff5a6bc0e7f84cb37dc8d8afad196c
    # end=stopped
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-01-05 03:11:11
    # local_time=2013-01-05 04:11:11 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1023 16777215 0 0 0 0 0 0
    # compatibility_mode=1799 16775165 100 98 13439 128066376 6226 0
    # compatibility_mode=5893 16776574 100 94 15180 109029862 0 0
    # compatibility_mode=9217 16777214 75 4 2279423 2279423 0 0
    # scanned=72298
    # found=3
    # cleaned=0
    # scan_time=9148
    B:\05 p r o g r a m m a s en filmpjes en meer\branders\cdb xp brander\cdbxp_setup_4.4.2.3442.exe Win32/OpenCandy application (unable to clean) 5ECBBB9045FE2455FB3EFA512B13C47CEAE2EA07 I
    B:\05 p r o g r a m m a s en filmpjes en meer\schoonmakertjes,diagnostiek,mailwasher\harde schijf info.exe Win32/OpenCandy application (unable to clean) FDA564CA7C6F0925F1984F8B0A247B522A11936D I
    B:\05 p r o g r a m m a s en filmpjes en meer\spelers en fraps\Kantaris_0.7.7_setup(1).exe Win32/OpenCandy application (unable to clean) 30BE86BDC92BD56B0C615172A03615D0FB5E1A6A I


    ook een melding van die drie dingen die met het brandprogramma cdburner meegekomen zijn in een (ngebouwde) extra schijf.
  • OpenCandy is geen virusmateriaal of zo.
    Maar scanners zien het anderzijds terecht als spyware!
    Want OpenCandy geeft de uitbrengers van software informatie over het gebruik van die software!

    Hoe gaat het ondertussen met jouw Windows?
  • Met mijn Windows 7 had ik geen klachten, maar ik merkte die toolbars op in een HJT. Die zijn nu verdwenen.En die "Unlocker" was mij op een ander subforum aangeraden omdat er een raar ding op mijn bureaublad stond dat ik maar niet weg kreeg. dat is toen wel gelukt. Heel veel dank voor de zoveelste keer!
  • Fijn dat de problemen zijn opgelost.

    a) [b:49cc9a48f6]Opruimen[/b:49cc9a48f6][/color:49cc9a48f6]
    Start OTL en klik dan op de knop [b:49cc9a48f6]CleanUp[/b:49cc9a48f6].
    [list:49cc9a48f6][*:49cc9a48f6]OTL zal ondrzoeken of er nog een tool of log opgeruimd moet worden.
    [*:49cc9a48f6]Na een reboot is dan OTL ook opgeruimd.[/list:u:49cc9a48f6]

    b) [b:49cc9a48f6]Eset Onlinescanner[/b:49cc9a48f6][/color:49cc9a48f6]
    Je kan opteren Eset aan te houden voor bijvoorbeeld maandelijkse scan ermee.
    Navigeer daartoe naar [b:49cc9a48f6]C:\Program Files\ESET\ESET Online Scanner[/b:49cc9a48f6] en klik met rechts op [b:49cc9a48f6]OnlineScannerApp.exe[/b:49cc9a48f6][/color:49cc9a48f6] en kies dan voor Snelkoppeling op het bureaublad plaatsen.

    Eset zal nu als App opstarten, dan kan je de scan-instellingen aanvinken en vervolgens zal het updateproces beginnen en daarna de scan starten.
  • Ik zie dat je 7/24 werkt.Zag dat OTL dan ook zichzelf dan opruimt: handig.
    Die Eset online scanner had ik al langere tijd; vroeger had ik ook het bijbehorende antivirusprogramma (nu Avira). Nogmaals veel dank
  • Een tip dan: Avast 7 Free is The Best Free!
    Ik gebruik zelf Avast in combinatie met de Emsisoft Online Scanner.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.