Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Trojan.BCMiner keert steeds terug

Abraham54
18 antwoorden
  • Ik krijg na het opstarten steeds weer dezelfde melding van MBAM. Hij staat steeds in Users/name/appdata/local/temp/470D.tmp/logitech.exe. Vreemd dat het een logitech bestand is. Iemand hier een oplossing voor?
  • Een bestandsnaam zegt verder niets. Vaak krijgt malware een naam die vertrouwd klinkt.

    Controleer dat bestand eens op https://www.virustotal.com/nl/

    Als meerdere programma's dat als malware detecteren moet je het hele systeem eens grondig scannen. Wordt er dan nog niets gevonden door je eigen AV, probeer het dan eens met de Emsisoft Emergency kit
  • Logitech zet vreemd genoeg bepaalde driverbestanden in de tijdelijke mappen.

    Verwijder je die, worden ze ook weer teruggezet.

    Maar laten we kijken hoe jouw Windows er bij staat:

    [b:7fdda04be5]Welk programma[/b:7fdda04be5]: [b:7fdda04be5]OTL.exe[/b:7fdda04be5][/color:7fdda04be5]
    [b:7fdda04be5]Waarvoor/waarom[/b:7fdda04be5]: multifunktioneel tool - analyse en fix
    [b:7fdda04be5]Moeilijkheidsgraad[/b:7fdda04be5]: geen.
    [b:7fdda04be5]Download[/b:7fdda04be5]: [b:7fdda04be5]OTL.exe[/color:7fdda04be5][/b:7fdda04be5] en plaats het bestand op het bureaublad.
    [b:7fdda04be5]Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters![/b:7fdda04be5]

    [b:7fdda04be5]OTL.exe gebruiken[/b:7fdda04be5]:
    [list:7fdda04be5][list:7fdda04be5][*:7fdda04be5][b:7fdda04be5]Windows 2000[/color:7fdda04be5][/b:7fdda04be5] en [b:7fdda04be5]Windows XP[/b:7fdda04be5][/color:7fdda04be5]: dubbelklik op [b:7fdda04be5]OTL.exe[/b:7fdda04be5][/color:7fdda04be5].
    [*:7fdda04be5][b:7fdda04be5]Windows Vista[/b:7fdda04be5][/color:7fdda04be5], [b:7fdda04be5]Windows 7[/b:7fdda04be5][/color:7fdda04be5] en [b:7fdda04be5]Windows 8[/b:7fdda04be5][/color:7fdda04be5]: via rechtsklik op [b:7fdda04be5]OTL.exe[/b:7fdda04be5][/color:7fdda04be5] en kies voor "Als Administrator uitvoeren".[/list:u:7fdda04be5][/list:u:7fdda04be5]

    [list:7fdda04be5][*:7fdda04be5]Zet een vinkje bij [b:7fdda04be5]Scan All Users[/b:7fdda04be5], [b:7fdda04be5]LOP Check[/b:7fdda04be5] en bij [b:7fdda04be5]PURITY Check[/b:7fdda04be5].

    [*:7fdda04be5]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder [img:7fdda04be5]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:7fdda04be5]

    [code:1:7fdda04be5]
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    netsvcs
    BASESERVICES
    DRIVES
    msconfig
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %PROGRAMFILES%\*
    [/code:1:7fdda04be5]

    [*:7fdda04be5]Klik vervolgens op de knop [img:7fdda04be5]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:7fdda04be5].
    [*:7fdda04be5]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:7fdda04be5]De scan zal niet heel erg lang duren.
    [list:7fdda04be5][*:7fdda04be5]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:7fdda04be5]OTL.Txt[/b:7fdda04be5] en [b:7fdda04be5]Extras.txt[/b:7fdda04be5].
    [*:7fdda04be5]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:7fdda04be5][/list:u:7fdda04be5]
    [b:7fdda04be5]Notabene:[/b:7fdda04be5][/color:7fdda04be5] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.
  • OTL Extras logfile created on: 5-7-2013 10:42:28 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bert\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    7,98 Gb Total Physical Memory | 6,71 Gb Available Physical Memory | 84,06% Memory free
    15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 224,13 Gb Total Space | 109,03 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
    Drive D: | 1863,01 Gb Total Space | 1649,25 Gb Free Space | 88,53% Space Free | Partition Type: NTFS

    Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========[/color:9bb2f52310]


    ========== File Associations ==========[/color:9bb2f52310]

    [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = Opera.HTML] – C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
    .url[@ = InternetShortcut] – C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] – C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = Opera.HTML] – C:\Program Files (x86)\Opera\Opera.exe (Opera Software)

    [HKEY_USERS\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Classes\<extension>]
    .html [@ = ChromeHTML] – Reg Error: Key error. File not found

    ========== Shell Spawning ==========[/color:9bb2f52310]

    [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [edit] – Reg Error: Key error.
    htmlfile [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] – "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] – "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] – "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] – "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] – "%1" %*
    cmdfile [open] – "%1" %*
    comfile [open] – "%1" %*
    cplfile [cplopen] – %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] – "%1" %*
    helpfile [open] – Reg Error: Key error.
    htmlfile [edit] – Reg Error: Key error.
    htmlfile [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [opennew] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    htmlfile [print] – "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
    http [open] – "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    https [open] – "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
    inffile [install] – %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    piffile [open] – "%1" %*
    regfile [merge] – Reg Error: Key error.
    scrfile [config] – "%1"
    scrfile [install] – rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] – "%1" /S
    txtfile [edit] – Reg Error: Key error.
    Unknown [openas] – %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] – cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] – Reg Error: Value error.
    Drive [find] – %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] – "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] – Reg Error: Value error.

    ========== Security Center Settings ==========[/color:9bb2f52310]

    [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [b:9bb2f52310]64bit:[/b:9bb2f52310] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========[/color:9bb2f52310]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "EnableFirewall" = 1
    "DisableNotifications" = 0

    ========== Authorized Applications List ==========[/color:9bb2f52310]


    ========== Vista Active Open Ports Exception List ==========[/color:9bb2f52310]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{00FCD404-D417-419C-851D-DDCA6E257582}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{123ECA3E-D0F6-4397-A78E-94A06DA9CA1C}" = rport=137 | protocol=17 | dir=out | app=system |
    "{16736976-3D79-43FD-BC86-454C40957AAA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
    "{1A0BFA4F-6AFB-45DA-BBE8-92C4BCCA7EB0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{324AF649-3E60-468E-8F1C-E8F48D1DF0C1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{3C86EE98-216D-4B0F-9B0A-CF2AF7DD9EBC}" = rport=138 | protocol=17 | dir=out | app=system |
    "{4393C30D-D92A-4876-A03D-3865431B1E7A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{4C6ABD09-AB10-4216-8015-E4F6208F8F9A}" = lport=138 | protocol=17 | dir=in | app=system |
    "{54CAD0EC-EBC5-4679-8D39-3F4B43045245}" = rport=139 | protocol=6 | dir=out | app=system |
    "{5C44BF06-8008-4DC3-96FF-8557E42D5CA8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{6CE00D2C-823E-49A0-86F9-FB4DD76A57F9}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{771C390D-D587-4DB1-A314-F8E5A19CFB24}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{84C3E0C3-0DA1-4AC7-98D9-41A621BB9226}" = lport=137 | protocol=17 | dir=in | app=system |
    "{9A680860-CDF0-4517-956B-E155A7239E16}" = lport=139 | protocol=6 | dir=in | app=system |
    "{9C0CCE0D-E399-441C-A41F-84F62C1083E6}" = rport=445 | protocol=6 | dir=out | app=system |
    "{AF700F90-5148-4CCD-A8AD-23E63C5C71A2}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{B4563A61-C6E6-4236-ABFE-854699BDAAEE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{CB9CD761-8767-4980-ADF6-1E847B680DEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E3648193-3195-4C54-8EE2-A04D3C5728AA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{E7565598-3184-4097-8CB0-135FAFFAFF5D}" = lport=445 | protocol=6 | dir=in | app=system |
    "{EE33FDC1-440A-49E1-8BC0-AD2806FCEE9D}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{EE67E9E7-8DD2-4F56-B885-C953CF13EF0C}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{EEFE7DC9-9B5C-4E81-B74C-4E51D19E1A44}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
    "{F074FC4C-4411-42E1-9555-C4DC2F0D60DF}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{F09B543D-8B47-434A-9421-CD9A2FF16F91}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========[/color:9bb2f52310]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0550BE32-E07A-4F97-964F-09EDF2E1A345}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{15D400A6-3330-475C-904B-DB7DC2346F98}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{20665D23-F957-44FD-B410-73FD21E4D65B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{219F0485-B3C9-407D-830A-F688821D0025}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{271C0C92-AB24-4FEC-A428-54B54F8CDA76}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{2A3BA0DC-1B57-45EA-A7D1-56D3ABE43FF3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{396AB77D-10DA-4714-BB6A-077EE4FD59C8}" = protocol=6 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{3CD9C330-9EF6-4415-A26E-998C722242E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
    "{3E3A727A-E998-46E1-B2E7-894270D7BC58}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
    "{46AA82CF-C54A-4386-9FBF-41D276231D91}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{49250E74-41AA-4B1A-A504-3FA2BE9D808B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
    "{5BE51FA7-E27F-493E-8199-1A0B5616BBD9}" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
    "{5FC7EC71-5DB2-4CB6-85CF-DACB4D57B985}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{6DF661FA-9D93-4288-839C-486569E2C4B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{6EADB8DB-7FB2-4484-AC8F-3BEDDB331D34}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{747E4A5E-D85A-4095-A7A0-098B30B488B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{7562C37A-38D4-43D9-9AFA-14C410C3890E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\csbtw.exe |
    "{77B9483B-EB06-424D-B42B-8923BCC36E7D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{7BFCDD10-8347-496A-881C-174B6D91591C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{7FA93D56-610D-4644-8655-C1DAE074C2B3}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{8098EE6C-FEB2-4DAD-8BAA-89446D62ECE9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{838A10C9-1BEE-4134-8404-3FAF6AD3981B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{8A19FAF0-C380-4E9A-8C49-C1EB6FA1E20E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8C29BD49-D243-4BCF-915F-C6C9C2ED2E80}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
    "{8FF02B39-9033-433B-9EE2-FA4654CB37ED}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
    "{91E47C66-FB49-4AD9-A59E-4FFA04BEDD3E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
    "{997464E4-B467-4F27-9821-9E415FDC706B}" = protocol=17 | dir=in | app=c:\program files (x86)\activision\call of duty 4 - modern warfare\iw3mp.exe |
    "{9D35B16F-517D-4794-893A-E1570539A00F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{9E1D975D-5423-42A5-AC42-8440AE809D67}" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe |
    "{A2BC3297-5022-49F5-A0FD-37B51AF3D691}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
    "{AB7071A4-F2BE-4384-93CC-B94859FCD831}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
    "{AC0131E8-0C9B-4E86-92BC-731D01818A95}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{AE325D52-1B75-4C67-9BF8-F5F385963BC8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\cshlp.exe |
    "{B098C485-D4D5-498C-8B27-24F2C592951E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\scenarioeditor.exe |
    "{B47D2887-FA70-4FA1-B1E9-160E31C0A4F0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{B61B0B5A-A546-46AC-A8ED-426FBD970F0C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fear2\fear2.exe |
    "{B6978495-51CC-454F-8C87-5CCA6A85FC23}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{CE43EED4-CADE-42E4-AE98-38F09257D3CC}" = protocol=6 | dir=out | app=system |
    "{DB7EB6F1-C9C2-4138-94F5-DA61EDFF13C8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{DC4DD6D9-109F-4AA3-BF40-2980E6808DC7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
    "{DD7D398C-ADD0-4732-BE96-23DAD0B5D601}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
    "{DF24FFCA-0609-4403-A012-19BBB8537CB9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\dmcr.exe |
    "{E1E4994C-FFC6-4059-91FD-06EC74CB9C53}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
    "{EF8C290F-364E-403A-A80D-976848CABCA7}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
    "{F2BBD380-3721-4694-9B26-EAEFB8F70EF7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F2E6EC37-40A2-46F5-A7BA-46CCDDB052F5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\cossacks back to war\bin\hview.exe |
    "{F301B8C2-8ADC-44A6-AC9E-30C28F93EBBA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{FADDAF1E-AA3F-4608-9C07-7865BCBA6726}" = dir=in | app=c:\users\bert\appdata\local\microsoft\skydrive\skydrive.exe |
    "TCP Query User{0E9AF403-21B7-4DF6-8530-2C167451FC98}C:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe |
    "TCP Query User{5A00B1CE-D362-4462-9237-28607F321694}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "TCP Query User{823FDDE9-600A-412A-A03C-158007B492F9}C:\program files\tixati\tixati.exe" = protocol=6 | dir=in | app=c:\program files\tixati\tixati.exe |
    "TCP Query User{E0485C78-EC7B-468D-B05C-E64E9F4E8012}C:\users\bert\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\bert\appdata\roaming\spotify\spotify.exe |
    "UDP Query User{0E97A21D-D264-4C66-82BE-8C5ED7187A99}C:\program files\tixati\tixati.exe" = protocol=17 | dir=in | app=c:\program files\tixati\tixati.exe |
    "UDP Query User{16DB5D2A-997B-4F95-B7A1-40FC470FCDE6}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
    "UDP Query User{47459A55-B296-44B4-9887-904B129F3D4F}C:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\crysis 2 maximum edition\bin32\crysis2.exe |
    "UDP Query User{E95E7077-50BA-413E-9AA5-32F79B06FDC6}C:\users\bert\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\bert\appdata\roaming\spotify\spotify.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color:9bb2f52310]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
    "{26A24AE4-039D-4CA4-87B4-2F86417025FF}" = Java 7 Update 25 (64-bit)
    "{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
    "{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
    "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
    "{55B348BE-A3BE-9AE7-58BD-BE45B9A28F82}" = AMD Media Foundation Decoders
    "{5B73E1AA-CA9D-E76A-2F2D-E0EFB41CE087}" = AMD Accelerated Video Transcoding
    "{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding
    "{5F611ADA-B98C-4DBB-ADDE-414F08457ECF}" = Windows Live Family Safety
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{833F5E6D-6E01-11D1-978E-6DFBCEF72570}" = AMD Steady Video Plug-In
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
    "{AEB3EABF-143B-45AC-83E3-2DE9B51D60E2}" = AMD APP CPU SDK Runtime
    "{C8807716-1F6F-5C43-3C32-7295A45CF060}" = AMD Catalyst Install Manager
    "{CC1FE395-D90F-712C-E013-EBDCC30433B1}" = AMD Fuel
    "{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
    "{E54A949B-C4AE-28B6-EC97-FCB9E402D338}" = ccc-utility64
    "{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
    "B81055EA372C9E3EA5000B4BD9585D992D51F1DE" = Windows-stuurprogrammapakket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)
    "CCleaner" = CCleaner
    "EPSON PX710W Series" = Printer EPSON PX710W Series verwijderen
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "TeamSpeak 3 Client" = TeamSpeak 3 Client

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
    "{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
    "{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
    "{06EED60F-7FFC-43A7-936E-AA4A8BD948B4}" = Windows Live Writer
    "{08013FB5-DF8B-4D29-9B5E-B3DE88EBA6CA}" = EpsonNet Config V4
    "{08597792-778c-4af3-8e60-0d7a09ecf120}_is1" = Media converter
    "{0AD576A7-EDCE-469E-ADD7-1AC9DB200C6B}" = Windows Live Mail
    "{11F2C5EC-35AA-7237-B62B-A4F041859C2A}" = CCC Help Spanish
    "{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
    "{18272881-CFC0-434D-A975-E5BE44206AA0}" = Windows Live UX Platform Language Pack
    "{1B705E8F-9893-4486-B5D7-4F7FEB9C871E}_is1" = Euro Truck Simulator 2
    "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
    "{1EA7C505-E6DA-4B85-9432-EBD3C70D510D}" = Windows Live Messenger
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
    "{229EDE35-4677-BDE6-70ED-A5A4C711DDC3}" = CCC Help Norwegian
    "{23A3E560-069F-4CFC-8F6C-1B526EC735FC}" = Windows Live Writer Resources
    "{2470F2F2-8491-5A0B-B8F5-8B72A8D74597}" = Catalyst Control Center InstallProxy
    "{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 25
    "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
    "{27B56E28-94B2-BDF8-D209-EC8D2FF4838E}" = Catalyst Control Center Graphics Previews Common
    "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
    "{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
    "{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
    "{33D4FA83-02C0-93B3-08ED-5D7378930CFA}" = CCC Help Turkish
    "{37D0F3C2-8FFD-134D-FBDF-2D711E169D78}" = AMD VISION Engine Control Center
    "{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
    "{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
    "{3D44D783-D027-4135-AC39-81E320ED2D3A}" = Windows Live Family Safety
    "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
    "{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
    "{42FECCEF-63CD-DF98-D6BC-DDBB27E4A580}" = CCC Help Japanese
    "{446CC8CE-0E90-44F7-ADD0-774B243EF090}" = Galerie de photos
    "{46594DA4-2D0A-B2D4-C0E0-A5CCA3260025}" = CCC Help Hungarian
    "{485B8152-C59F-8569-15BC-46BDA2A1E4A9}" = CCC Help Polish
    "{490F47E6-585C-531A-1BF8-4DE44ED9AED7}" = CCC Help Russian
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
    "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.5
    "{50F87176-7DB3-4C75-D9DC-25CB4561D0F8}" = CCC Help Danish
    "{52E706AA-B4E9-423A-1651-62E61E06DF9A}" = CCC Help Greek
    "{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
    "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
    "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
    "{5BABDA39-61CF-41EE-992D-4054B6649A9B}" = Movie Maker
    "{5FB51C12-62AE-0990-E419-C6F62B776E5C}" = CCC Help Portuguese
    "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
    "{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
    "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
    "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
    "{66B46617-A156-F25B-3CC0-5E46343AEA95}" = CCC Help Thai
    "{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
    "{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
    "{6C772996-BFF3-3C8C-860B-B3D48FF05D65}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    "{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{71B53BA8-4BE3-49AF-BC3E-07F392006300}" = USB PnP Sound Device
    "{7204BDEE-1A48-4D95-A964-44A9250B439E}" = Facebook Messenger 2.1.4814.0
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{743FD554-A73F-4FE8-BE7B-C283D16297F9}" = Photo Common
    "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
    "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
    "{7B0C5EF6-DE4C-4E20-8889-C17604FFE5CD}" = Windows Live Family Safety
    "{81543139-18AE-703B-D3B1-F6B3A0CB2EAC}" = CCC Help English
    "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C9377F-5ED1-4AD8-B113-7C876AEAF3AB}" = Windows Live Messenger
    "{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    "{85CE9026-C02A-46B4-B08C-4C77CCCC54FF}" = Windows Live Family Safety
    "{86C40513-B5A4-476E-9EAB-EC118DCF4502}" = Windows Live Writer
    "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
    "{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
    "{8AAEB5A5-A397-46B6-8AF3-B6DC790C4E48}" = Windows Live Messenger
    "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
    "{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
    "{8e70e4e1-06d7-470b-9f74-a51bef21088e}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    "{8FA20FAC-719F-7CCD-5790-6B59D691C370}" = CCC Help Chinese Traditional
    "{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
    "{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "{940B28E7-320B-5AC8-0A8A-32D6A7B404A1}" = CCC Help Swedish
    "{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
    "{989FB5FD-9B00-4B32-8663-849CB1370DD1}" = Google Drive
    "{99C382AB-CA1D-8577-66D3-AA850DB5FD00}" = CCC Help Korean
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
    "{A17946CA-18E5-4CF0-8D55-A56D804718F8}" = Movie Maker
    "{A5DC64EE-2FC4-4C35-9975-639DD8499369}" = Windows Live Family Safety
    "{A68C4D16-8046-5333-CB64-5E622C795785}" = CCC Help Dutch
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.7)
    "{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
    "{AE8044B5-FCA3-4EBE-AC78-0FB3A6E8DC76}" = Movie Maker
    "{B26438B4-BF51-49C3-9567-7F14A5E40CB9}" = Dolby Home Theater v4
    "{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
    "{B72BF443-ABD6-4EDC-ACD5-CCB72DBEC33D}" = AVG PC TuneUp Language Pack (nl-NL)
    "{B77D2795-23C0-4DBD-B7B5-CFB542D1FA3F}" = Windows Live Writer Resources
    "{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
    "{B80D3EA9-A252-4AE5-AC51-81729F5C586F}" = Windows Live Mail
    "{BE0B654E-FC60-40AE-F60B-06526508B5FD}" = CCC Help Italian
    "{BE0E1491-B2DC-6447-217C-342D8F7100EA}" = CCC Help Czech
    "{C034A6F9-6569-491B-B3BF-F5D15221A708}" = Windows Live Essentials
    "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
    "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
    "{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
    "{C595F480-788A-4F8F-8277-1A91F32CA879}" = Windows Live Writer
    "{C5EADF55-3B49-B545-E16F-402B443DDC77}" = CCC Help German
    "{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
    "{CBDFF724-E925-2964-E647-0A83D2F9165C}" = CCC Help French
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
    "{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}" = AVG PC TuneUp
    "{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
    "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
    "{D5341564-7B93-ADAC-E737-C24AA85CC5FF}" = CCC Help Chinese Standard
    "{D615D099-5C0F-41E0-B69E-B7D1CDC51B61}" = Philips Media Converter
    "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
    "{D888F114-7537-4D48-AF03-5DA9C82D7540}" = Photo Common
    "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
    "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
    "{E3FB1E5A-1C24-D581-6BC8-6F8AC2D343AD}" = CCC Help Finnish
    "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "{E77DA909-3532-4C95-AFEB-06310E88462A}" = System Requirements Lab CYRI
    "{E824E81C-80A4-3DFF-B5F9-4842A9FF5F7F}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
    "{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
    "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E79BE5-20F5-82F4-6579-2A91AED3F066}" = Catalyst Control Center Localization All
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
    "{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
    "{F54030F3-14B6-432D-9361-78DCB1473920}" = Photo Common
    "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
    "{F67CA22C-C11F-4573-8406-57F75BA06B51}" = Photo Gallery
    "{FA75723A-BF4A-40A2-BFCB-BBC320C27DC9}" = Windows Live Mail
    "{FC6C7107-7D72-41A1-A031-3CE751159BAB}" = Photo Gallery
    "{FE48654B-F9AA-40ED-BEF3-48F3FE2FA847}" = Philips Media Converter
    "{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
    "{FEFD91C5-A25D-48D9-89DA-0FB7BB8B3EF7}" = Windows Live Writer Resources
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "avast" = avast! Internet Security
    "AVG PC TuneUp" = AVG PC TuneUp
    "Battlelog Web Plugins" = Battlelog Web Plugins
    "Downloader" = Downloader
    "EPSON Scanner" = EPSON Scan
    "ESN Sonar-0.70.4" = ESN Sonar
    "Fraps" = Fraps
    "Google Chrome" = Google Chrome
    "InstallShield_{050C1C8E-4A4D-4C2F-B9AE-67E60EE91B7F}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    "InstallShield_{3BD633E0-4BF8-4499-9149-88F0767D449C}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    "InstallShield_{8503C901-85D7-4262-88D2-8D8B2A7B08B8}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    "InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    "InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
    "InstallShield_{E5141379-B2D9-4BBC-BB2A-5805541571DD}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versie 1.75.0.1300
    "ManiaPlanet_is1" = ManiaPlanet
    "Opera 12.15.1748" = Opera 12.15
    "Origin" = Origin
    "Philips Songbird" = Philips Songbird
    "PowerISO" = PowerISO
    "R1JJRDI=_is1" = GRID 2 © Codemasters version 1
    "Steam App 10180" = Call of Duty: Modern Warfare 2
    "Steam App 4850" = Cossacks: Back to War
    "tixati" = Tixati
    "Totalcmd" = Total Commander (Remove or Repair)
    "Uplay" = Uplay
    "uTorrent" = µTorrent
    "WinLiveSuite" = Windows Live Essentials
    "Xfire" = Xfire

    ========== HKEY_USERS Uninstall List ==========[/color:9bb2f52310]

    [HKEY_USERS\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "SkyDriveSetup.exe" = Microsoft SkyDrive
    "Spotify" = Spotify

    ========== Last 20 Event Log Errors ==========[/color:9bb2f52310]

    [ Application Events ]
    Error - 16-5-2013 1:50:12 | Computer Name = Bert-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: TuneUpUtilitiesApp64.exe, versie: 12.0.4000.108,
    tijdstempel: 0x5035f809 Naam van module met fout: TuneUpUtilitiesApp64.exe, versie:
    12.0.4000.108, tijdstempel: 0x5035f809 Uitzonderingscode: 0xc0000417 Foutoffset:
    0x00000000000392b0 Id van proces met fout: 0xf84 Starttijd van toepassing met fout:
    0x01ce51f93522f2cf Pad naar toepassing met fout: C:\Program Files (x86)\AVG\AVG
    PC TuneUp\TuneUpUtilitiesApp64.exe Pad naar module met fout: C:\Program Files (x86)\AVG\AVG
    PC TuneUp\TuneUpUtilitiesApp64.exe Rapport-id: 78ca127e-bdec-11e2-8f8a-902b3496061b

    Error - 16-5-2013 1:51:33 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 17-5-2013 16:52:11 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 19-5-2013 13:00:00 | Computer Name = Bert-PC | Source = Windows Backup | ID = 4103
    Description =

    Error - 21-5-2013 16:07:33 | Computer Name = Bert-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: setup.tmp, versie: 51.1052.0.0, tijdstempel:
    0x506a75b5 Naam van module met fout: unarc.dll, versie: 0.0.0.0, tijdstempel: 0x4e901f46
    Uitzonderingscode:
    0xc00000fd Foutoffset: 0x00002885 Id van proces met fout: 0x3f0 Starttijd van toepassing
    met fout: 0x01ce565e48e88b3a Pad naar toepassing met fout: C:\Users\Bert\AppData\Local\Temp\is-QAIC6.tmp\setup.tmp
    Pad
    naar module met fout: C:\Users\Bert\AppData\Local\Temp\is-JKKF1.tmp\unarc.dll Rapport-id:
    122f1f7d-c252-11e2-ab8d-902b3496061b

    Error - 22-5-2013 1:18:19 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 22-5-2013 13:32:06 | Computer Name = Bert-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: engine.exe, versie: 2.0.0.0, tijdstempel:
    0x426e2f24 Naam van module met fout: Upload.dll_unloaded, versie: 0.0.0.0, tijdstempel:
    0x41fa0b45 Uitzonderingscode: 0xc0000005 Foutoffset: 0x082c8ed1 Id van proces met
    fout: 0xfb4 Starttijd van toepassing met fout: 0x01ce57123f45debb Pad naar toepassing
    met fout: C:\Program Files (x86)\GSC Game World\Cossacks II\Data\engine.exe Pad
    naar module met fout: Upload.dll Rapport-id: 856a0ebe-c305-11e2-9192-902b3496061b

    Error - 22-5-2013 13:32:33 | Computer Name = Bert-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: engine.exe, versie: 2.0.0.0, tijdstempel:
    0x426e2f24 Naam van module met fout: Upload.dll_unloaded, versie: 0.0.0.0, tijdstempel:
    0x41fa0b45 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00398ed1 Id van proces met
    fout: 0x100c Starttijd van toepassing met fout: 0x01ce57124d9202a8 Pad naar toepassing
    met fout: C:\Program Files (x86)\GSC Game World\Cossacks II\Data\engine.exe Pad
    naar module met fout: Upload.dll Rapport-id: 959708a2-c305-11e2-9192-902b3496061b

    Error - 22-5-2013 13:35:12 | Computer Name = Bert-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 22-5-2013 13:54:47 | Computer Name = Bert-PC | Source = Application Error | ID = 1000
    Description = Naam van toepassing met fout: engine.exe, versie: 2.0.0.0, tijdstempel:
    0x426e2f24 Naam van module met fout: Upload.dll_unloaded, versie: 0.0.0.0, tijdstempel:
    0x41fa0b45 Uitzonderingscode: 0xc0000005 Foutoffset: 0x00398fb7 Id van proces met
    fout: 0xe3c Starttijd van toepassing met fout: 0x01ce5713a4f9e5a8 Pad naar toepassing
    met fout: C:\Program Files (x86)\GSC Game World\Cossacks II\Data\engine.exe Pad
    naar module met fout: Upload.dll Rapport-id: b07d9910-c308-11e2-b5cb-902b3496061b

    [ System Events ]
    Error - 19-6-2013 16:27:30 | Computer Name = Bert-PC | Source = DCOM | ID = 10016
    Description =

    Error - 21-6-2013 7:52:14 | Computer Name = Bert-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys kan niet worden geladen
    vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
    om een compatibele versie van het stuurprogramma.

    Error - 21-6-2013 7:52:55 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7024
    Description = De HomeGroup Listener-service is gestopt met de specifieke servicefout
    %%-2147023143.

    Error - 21-6-2013 9:01:42 | Computer Name = Bert-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys kan niet worden geladen
    vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
    om een compatibele versie van het stuurprogramma.

    Error - 21-6-2013 9:02:16 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7024
    Description = De HomeGroup Listener-service is gestopt met de specifieke servicefout
    %%-2147023143.

    Error - 21-6-2013 12:50:08 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7009
    Description = Time-out (30000 seconden) tijdens het wachten op het verbinden van
    deze service: Steam Client Service.

    Error - 21-6-2013 12:50:08 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7000
    Description = De Steam Client Service-service kan vanwege de volgende fout niet
    worden gestart: %%1053

    Error - 23-6-2013 2:04:35 | Computer Name = Bert-PC | Source = Application Popup | ID = 1060
    Description = \SystemRoot\SysWow64\Drivers\GEARAspiWDM.sys kan niet worden geladen
    vanwege incompatibiliteit met dit systeem. Vraag de leverancier van de software
    om een compatibele versie van het stuurprogramma.

    Error - 23-6-2013 2:05:11 | Computer Name = Bert-PC | Source = Service Control Manager | ID = 7024
    Description = De HomeGroup Listener-service is gestopt met de specifieke servicefout
    %%-2147023143.

    Error - 24-6-2013 1:10:01 | Computer Name = Bert-PC | Source = DCOM | ID = 10010
    Description =


    < End of report >
  • OTL logfile created on: 5-7-2013 10:42:28 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bert\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    7,98 Gb Total Physical Memory | 6,71 Gb Available Physical Memory | 84,06% Memory free
    15,96 Gb Paging File | 14,16 Gb Available in Paging File | 88,73% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 224,13 Gb Total Space | 109,03 Gb Free Space | 48,65% Space Free | Partition Type: NTFS
    Drive D: | 1863,01 Gb Total Space | 1649,25 Gb Free Space | 88,53% Space Free | Partition Type: NTFS

    Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:66292ca6b2]

    PRC - [2013-07-05 10:39:46 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\Bert\Downloads\OTL.exe
    PRC - [2013-06-27 14:23:57 | 001,104,384 | —- | M] (Spotify Ltd) – C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013-05-09 10:58:30 | 004,858,968 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013-05-09 10:58:30 | 000,046,808 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013-05-09 10:58:27 | 000,137,960 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2012-02-08 11:49:16 | 000,380,416 | —- | M] () – C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    PRC - [2012-01-18 07:44:52 | 000,450,848 | —- | M] (Logitech Inc.) – C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe


    ========== Modules (No Company Name) ==========[/color:66292ca6b2]

    MOD - [2012-02-08 11:49:16 | 000,380,416 | —- | M] () – C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe


    ========== Services (SafeList) ==========[/color:66292ca6b2]

    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:58:30 | 000,046,808 | —- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:58:27 | 000,137,960 | —- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\afwServ.exe – (avast! Firewall)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-03-29 03:34:18 | 000,241,152 | —- | M] (AMD) [Auto | Running] – C:\Windows\SysNative\atiesrxx.exe – (AMD External Events Utility)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-12-19 17:32:12 | 000,361,984 | —- | M] (Advanced Micro Devices, Inc.) [Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe – (AMD FUEL Service)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:27 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV - [2013-06-21 13:53:35 | 000,256,904 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2013-06-07 00:06:24 | 000,543,656 | —- | M] (Valve Corporation) [On_Demand | Stopped] – C:\Program Files (x86)\Common Files\Steam\SteamService.exe – (Steam Client Service)
    SRV - [2013-06-03 16:34:46 | 000,162,408 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files (x86)\Skype\Updater\Updater.exe – (SkypeUpdate)
    SRV - [2013-05-10 09:57:22 | 000,065,640 | —- | M] (Adobe Systems Incorporated) [Disabled | Stopped] – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe – (AdobeARMservice)
    SRV - [2013-04-04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) [Auto | Stopped] – C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe – (MBAMService)
    SRV - [2013-04-04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) [Auto | Stopped] – C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe – (MBAMScheduler)
    SRV - [2012-08-23 12:31:24 | 002,148,216 | —- | M] (AVG) [Auto | Running] – C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe – (TuneUp.UtilitiesSvc)
    SRV - [2012-01-18 07:44:52 | 000,450,848 | —- | M] (Logitech Inc.) [Auto | Running] – C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe – (UMVPFSrv)
    SRV - [2010-03-18 22:16:28 | 000,130,384 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | —- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)
    SRV - [2007-12-17 05:00:00 | 000,163,840 | —- | M] (SEIKO EPSON CORPORATION) [Auto | Running] – C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE – (EPSON_EB_RPCV4_01)
    SRV - [2007-01-11 05:02:00 | 000,126,464 | —- | M] (SEIKO EPSON CORPORATION) [Auto | Running] – C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE – (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========[/color:66292ca6b2]

    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-06-27 22:48:27 | 001,030,952 | —- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\SysNative\drivers\aswSnx.sys – (aswSnx)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-06-27 22:48:27 | 000,378,944 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswSP.sys – (aswSP)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-06-27 22:48:27 | 000,189,936 | —- | M] () [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswVmm.sys – (aswVmm)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:07 | 000,072,016 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswRdr2.sys – (aswRdr)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:07 | 000,065,336 | —- | M] () [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswRvrt.sys – (aswRvrt)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:07 | 000,064,288 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswTdi.sys – (aswTdi)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,270,824 | —- | M] (AVAST Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis2.sys – (aswNdis2)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,131,232 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswFW.sys – (aswFW)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,080,816 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswMonFlt.sys – (aswMonFlt)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,033,400 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswFsBlk.sys – (aswFsBlk)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-09 10:59:06 | 000,022,600 | —- | M] (AVAST Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswKbd.sys – (aswKbd)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-04-04 14:50:32 | 000,025,928 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysNative\drivers\mbam.sys – (MBAMProtector)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-03-29 04:35:02 | 011,658,752 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmdag.sys – (amdkmdag)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-03-29 03:09:44 | 000,581,120 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmpag.sys – (amdkmdap)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-02-14 13:41:10 | 000,096,768 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\AtihdW76.sys – (AtiHDAudioService)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,057,856 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbFlt.sys – (TsUsbFlt)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,030,208 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbGD.sys – (TsUsbGD)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,029,696 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\terminpt.sys – (terminpt)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:37:07 | 000,019,456 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\rdpvideominiport.sys – (RdpVideoMiniport)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-16 17:54:04 | 001,310,720 | —- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\CM10864.sys – (USBPNPA)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-12-09 11:51:20 | 000,126,944 | —- | M] (Power Software Ltd) [Kernel | System | Running] – C:\Windows\SysNative\drivers\scdemu.sys – (SCDEmu)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-09-21 11:26:08 | 000,012,368 | —- | M] (ALWIL Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis.sys – (aswNdis)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-09-12 16:20:04 | 000,057,856 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\fssfltr.sys – (fssfltr)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-04-09 11:13:58 | 000,057,472 | —- | M] (Advanced Micro Devices) [Kernel | Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys – (AODDriver4.2)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-03-01 08:46:16 | 000,023,408 | —- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] – C:\Windows\SysNative\drivers\fs_rec.sys – (Fs_Rec)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-01-18 07:44:36 | 004,865,568 | —- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lvuvc64.sys – (LVUVC64)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-01-18 07:44:28 | 000,351,136 | —- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lvrs64.sys – (LVRS64)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-10-09 17:29:28 | 000,040,576 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amd_xata.sys – (amd_xata)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-10-09 17:29:26 | 000,080,000 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amd_sata.sys – (amd_sata)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-08-23 15:57:24 | 000,565,352 | —- | M] (Realtek ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Rt64win7.sys – (RTL8167)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-07-29 05:40:00 | 000,079,104 | —- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\EtronXHCI.sys – (EtronXHCI)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-07-29 05:40:00 | 000,056,960 | —- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\EtronHub3.sys – (EtronHub3)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-07-06 12:12:50 | 000,367,976 | —- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\RtHDMIVX.sys – (RTHDMIAzAudService)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-03-11 08:41:12 | 000,107,904 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdsata.sys – (amdsata)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-03-11 08:41:12 | 000,027,008 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdxata.sys – (amdxata)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:47 | 000,078,720 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HpSAMD.sys – (HpSAMD)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:52:20 | 000,194,128 | —- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsbs.sys – (amdsbs)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:48:04 | 000,065,600 | —- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lsi_sas2.sys – (LSI_SAS2)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:45:55 | 000,024,656 | —- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\stexstor.sys – (stexstor)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:35:02 | 000,281,088 | —- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\e1y60x64.sys – (e1yexpress)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:34:33 | 003,286,016 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\evbda.sys – (ebdrv)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:34:28 | 000,468,480 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\bxvbda.sys – (b06bdrv)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:34:23 | 000,270,848 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\b57nd60a.sys – (b57nd60a)
    DRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-06-10 22:31:59 | 000,031,232 | —- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hcw85cir.sys – (hcw85cir)
    DRV - [2012-07-04 16:26:12 | 000,011,880 | —- | M] (TuneUp Software) [Kernel | On_Demand | Running] – C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys – (TuneUpUtilitiesDrv)
    DRV - [2011-07-15 13:35:20 | 000,015,664 | —- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys – (GEARAspiWDM)
    DRV - [2009-07-14 03:19:10 | 000,019,008 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\wimmount.sys – (WIMMount)


    ========== Standard Registry (SafeList) ==========[/color:66292ca6b2]


    ========== Internet Explorer ==========[/color:66292ca6b2]

    IE:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.diesiedleronline.de/de/startseite
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://nl.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 8E CF E6 AB FA CD 01 [binary data]
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========[/color:66292ca6b2]

    FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32
    pDeployJava1.dll (Oracle Corporation)
    FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2
    pjp2.dll (Oracle Corporation)
    FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4
    pesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3
    pesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader
    pdd.dll (Metaboli)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64
    pDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2
    pjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR
    ppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Bert\AppData\Local\Facebook\Messenger\2.1.4814.0
    pFbDesktopPlugin.dll (Facebook, Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher
    puplaypc.dll ()


    [2013-03-27 13:21:32 | 000,000,000 | —D | M] (No name found) – C:\Users\Bert\AppData\Roaming\mozilla\Extensions
    [2013-03-27 13:21:32 | 000,000,000 | —D | M] (No name found) – C:\Users\Bert\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com

    ========== Chrome ==========[/color:66292ca6b2]

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.diesiedleronline.de/de/startseite
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser
    ppdf32.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123
    pGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U5 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2
    pjp2.dll
    CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Java Deployment Toolkit 7.0.50.5 (Enabled) = C:\Windows\SysWOW64
    pDeployJava1.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0
    pctrl.dll
    CHR - Extension: Google Documenten = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Zoeken = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: GFACE Experience Plugin = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol\0.33.0_0\
    CHR - Extension: avast! Online Security = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
    CHR - Extension: Image Search by Cooliris = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllgofbnhaihnfbokejhcndhoogagdmk\1.0.3_0\
    CHR - Extension: Qtube = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhakcmpgccbfnmamojhjhaflhnfdooaa\1.11_0\
    CHR - Extension: Google Reader = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm\4.4_0\
    CHR - Extension: Gmail = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Abstract-Blue = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa\1.0_0\

    O1 HOSTS File: ([2009-06-10 23:00:26 | 000,000,824 | —- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
    O2:[b:66292ca6b2]64bit:[/b:66292ca6b2] - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
    O3:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
    O4:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
    O4 - HKLM..\Run: [AMD Catalyst] C:\ProgramData\Catalyst\CCC\colorrgb.exe ()
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002..\Run: [Spotify Web Helper] C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O13[b:66292ca6b2]64bit:[/b:66292ca6b2] - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 212.54.40.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B629CB8-C6D6-4AE4-9638-DE27D7734B4B}: DhcpNameServer = 212.54.35.25 212.54.40.25
    O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\livecall - No CLSID value found
    O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\msnim - No CLSID value found
    O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\skype4com - No CLSID value found
    O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:[b:66292ca6b2]64bit:[/b:66292ca6b2] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
    O21:[b:66292ca6b2]64bit:[/b:66292ca6b2] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O27:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{79f3865a-96cb-11e2-a15f-902b3496061b}\Shell - "" = AutoRun
    O33 - MountPoints2\{79f3865a-96cb-11e2-a15f-902b3496061b}\Shell\AutoRun\command - "" = H:\PMCsetup.exe
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Cossacks2Setup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..comfile [open] – "%1" %*
    O35:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\..exefile [open] – "%1" %*
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\…com [@ = comfile] – "%1" %*
    O37:[b:66292ca6b2]64bit:[/b:66292ca6b2] - HKLM\…exe [@ = exefile] – "%1" %*
    O37 - HKLM\…com [@ = comfile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    MsConfig:64bit - StartUpFolder: C:^Users^Bert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - C:\Users\Bert\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE - (Facebook)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]Adobe ARM[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]BlueStacks Agent[/b:66292ca6b2] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]boincmgr[/b:66292ca6b2] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]boinctray[/b:66292ca6b2] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]Dolby Home Theater v4[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]EADM[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]EPSON PX710W Series[/b:66292ca6b2] - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFSE.EXE (SEIKO EPSON CORPORATION)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]Facebook Update[/b:66292ca6b2] - hkey= - key= - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]msnmsgr[/b:66292ca6b2] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]PWRISOVM.EXE[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]RtHDVBg_Dolby[/b:66292ca6b2] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]RTHDVCPL[/b:66292ca6b2] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]Spotify[/b:66292ca6b2] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]Spotify Web Helper[/b:66292ca6b2] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    MsConfig:64bit - StartUpReg: [b:66292ca6b2]Steam[/b:66292ca6b2] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    ========== Files/Folders - Created Within 30 Days ==========[/color:66292ca6b2]

    [2013-07-04 18:52:26 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Local\Downloader
    [2013-07-04 18:52:11 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader
    [2013-07-04 18:52:11 | 000,000,000 | —D | C] – C:\Program Files (x86)\Downloader
    [2013-07-02 10:38:20 | 000,000,000 | —D | C] – C:\Users\Bert\matrixiicache1
    [2013-07-01 19:03:35 | 000,000,000 | —D | C] – C:\ProgramData\SystemRequirementsLab
    [2013-06-30 17:05:55 | 000,000,000 | —D | C] – C:\Program Files (x86)\EZDownloader
    [2013-06-30 17:05:42 | 000,000,000 | —D | C] – C:\ProgramData\InstallMate
    [2013-06-30 11:53:54 | 000,000,000 | —D | C] – C:\Users\Bert\Documents\theHunter
    [2013-06-30 11:53:50 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\theHunter
    [2013-06-30 11:53:50 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Local\theHunter
    [2013-06-30 11:38:53 | 000,000,000 | —D | C] – C:\ProgramData\Hunter
    [2013-06-24 21:18:20 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\Epson
    [2013-06-24 20:08:50 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\tabagames
    [2013-06-24 19:59:07 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
    [2013-06-22 20:25:47 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
    [2013-06-22 20:24:47 | 000,000,000 | —D | C] – C:\Program Files (x86)\Euro Truck Simulator 2
    [2013-06-22 07:59:28 | 000,312,232 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\javaws.exe
    [2013-06-22 07:59:25 | 000,189,352 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\javaw.exe
    [2013-06-22 07:59:25 | 000,188,840 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\java.exe
    [2013-06-22 07:59:25 | 000,108,968 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2013-06-22 07:59:22 | 000,000,000 | —D | C] – C:\Program Files\Java
    [2013-06-21 15:00:36 | 000,000,000 | —D | C] – C:\ProgramData\ATI
    [2013-06-21 15:00:34 | 000,000,000 | —D | C] – C:\Program Files (x86)\AMD AVT
    [2013-06-21 15:00:26 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2013-06-21 13:55:26 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\Milestone
    [2013-06-20 20:25:51 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\uTorrent
    [2013-06-19 18:33:01 | 000,263,592 | —- | C] (Oracle Corporation) – C:\Windows\SysWow64\javaws.exe
    [2013-06-15 21:43:14 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\SpinTires
    [2013-06-15 13:43:01 | 000,526,336 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\ieui.dll
    [2013-06-15 13:43:01 | 000,391,168 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\ieui.dll
    [2013-06-14 20:42:09 | 000,000,000 | —D | C] – C:\Users\Bert\Documents\Rockstar Games
    [2013-06-14 20:39:53 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Local\Rockstar Games
    [2013-06-14 10:03:27 | 000,000,000 | —D | C] – C:\Users\Bert\Documents\ManiaPlanet
    [2013-06-14 10:03:08 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
    [2013-06-14 10:02:47 | 000,000,000 | —D | C] – C:\ProgramData\ManiaPlanet
    [2013-06-14 10:02:47 | 000,000,000 | —D | C] – C:\Program Files (x86)\ManiaPlanet
    [2013-06-13 03:00:47 | 000,136,704 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\iesysprep.dll
    [2013-06-13 03:00:47 | 000,109,056 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iesysprep.dll
    [2013-06-13 03:00:47 | 000,089,600 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013-06-13 03:00:47 | 000,071,680 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013-06-13 03:00:47 | 000,067,072 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\iesetup.dll
    [2013-06-13 03:00:47 | 000,061,440 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iesetup.dll
    [2013-06-13 03:00:47 | 000,051,712 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\ie4uinit.exe
    [2013-06-13 03:00:47 | 000,039,936 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\iernonce.dll
    [2013-06-13 03:00:47 | 000,033,280 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iernonce.dll
    [2013-06-13 03:00:46 | 000,603,136 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\msfeeds.dll
    [2013-06-13 03:00:45 | 003,958,784 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript9.dll
    [2013-06-13 03:00:45 | 000,855,552 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript.dll
    [2013-06-13 03:00:45 | 000,690,688 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\jscript.dll
    [2013-06-12 17:31:55 | 000,751,104 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\win32spl.dll
    [2013-06-12 17:31:55 | 000,492,544 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\win32spl.dll
    [2013-06-12 17:31:54 | 000,030,720 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\cryptdlg.dll
    [2013-06-12 17:31:54 | 000,024,576 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\cryptdlg.dll
    [2013-06-12 17:31:52 | 001,424,384 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\WindowsCodecs.dll
    [2013-06-12 17:31:51 | 001,464,320 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\crypt32.dll
    [2013-06-12 17:31:51 | 001,192,448 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\certutil.exe
    [2013-06-12 17:31:51 | 000,903,168 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\certutil.exe
    [2013-06-12 17:31:50 | 000,139,776 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\cryptnet.dll
    [2013-06-12 17:31:50 | 000,052,224 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\certenc.dll
    [2013-06-12 17:31:50 | 000,043,008 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\certenc.dll
    [2013-06-12 17:31:48 | 001,887,232 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\d3d11.dll
    [2013-06-12 17:31:48 | 001,505,280 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\d3d11.dll
    [2013-06-10 21:29:53 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
    [2013-06-08 14:17:54 | 000,000,000 | —D | C] – C:\hitsplat
    [2013-06-07 13:14:45 | 000,000,000 | —D | C] – C:\Users\Bert\matrixiicache
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========[/color:66292ca6b2]

    [2013-07-05 10:40:39 | 000,001,418 | —- | M] () – C:\Users\Bert\Desktop\OTL - Snelkoppeling.lnk
    [2013-07-05 10:23:00 | 000,000,924 | —- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job
    [2013-07-05 10:17:00 | 000,001,052 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-07-05 10:17:00 | 000,000,940 | —- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-07-05 08:17:00 | 000,001,048 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-07-05 07:10:46 | 000,067,584 | –S- | M] () – C:\Windows\bootstat.dat
    [2013-07-04 18:58:53 | 000,000,902 | —- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job
    [2013-07-04 18:57:20 | 000,001,094 | —- | M] () – C:\Users\Public\Desktop\ManiaPlanet.lnk
    [2013-07-03 19:40:17 | 000,025,616 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-07-03 19:40:17 | 000,025,616 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-07-03 19:37:39 | 001,663,048 | —- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
    [2013-07-03 19:37:39 | 000,743,092 | —- | M] () – C:\Windows\SysNative\perfh013.dat
    [2013-07-03 19:37:39 | 000,651,938 | —- | M] () – C:\Windows\SysNative\perfh009.dat
    [2013-07-03 19:37:39 | 000,152,208 | —- | M] () – C:\Windows\SysNative\perfc013.dat
    [2013-07-03 19:37:39 | 000,120,870 | —- | M] () – C:\Windows\SysNative\perfc009.dat
    [2013-07-03 19:33:11 | 2132,709,375 | -HS- | M] () – C:\hiberfil.sys
    [2013-07-02 11:48:16 | 000,000,024 | —- | M] () – C:\Users\Bert\random.dat
    [2013-07-02 11:33:29 | 000,000,043 | —- | M] () – C:\Users\Bert\matrixii_cl_matrix_LIVE.dat
    [2013-07-02 11:02:33 | 000,000,044 | —- | M] () – C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat
    [2013-06-27 22:48:27 | 001,030,952 | —- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSnx.sys
    [2013-06-27 22:48:27 | 000,378,944 | —- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSP.sys
    [2013-06-27 22:48:27 | 000,189,936 | —- | M] () – C:\Windows\SysNative\drivers\aswVmm.sys
    [2013-06-27 22:48:27 | 000,000,175 | —- | M] () – C:\Windows\SysNative\drivers\aswVmm.sys.sum
    [2013-06-27 22:48:27 | 000,000,175 | —- | M] () – C:\Windows\SysNative\drivers\aswSP.sys.sum
    [2013-06-27 22:48:27 | 000,000,175 | —- | M] () – C:\Windows\SysNative\drivers\aswSnx.sys.sum
    [2013-06-24 21:17:19 | 000,000,858 | —- | M] () – C:\Users\Public\Desktop\Print CD.lnk
    [2013-06-22 20:25:47 | 000,001,343 | —- | M] () – C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
    [2013-06-22 07:59:23 | 001,093,032 | —- | M] (Oracle Corporation) – C:\Windows\SysNative
    pDeployJava1.dll
    [2013-06-22 07:59:23 | 000,972,712 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\deployJava1.dll
    [2013-06-22 07:59:23 | 000,312,232 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\javaws.exe
    [2013-06-22 07:59:23 | 000,189,352 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\javaw.exe
    [2013-06-22 07:59:23 | 000,188,840 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\java.exe
    [2013-06-22 07:59:23 | 000,108,968 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2013-06-21 13:53:34 | 000,692,104 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013-06-21 13:53:34 | 000,071,048 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013-06-20 20:26:52 | 000,000,866 | —- | M] () – C:\Users\Public\Desktop\µTorrent.lnk
    [2013-06-20 20:26:52 | 000,000,866 | —- | M] () – C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013-06-20 18:19:04 | 000,002,190 | —- | M] () – C:\Users\Public\Desktop\Google Chrome.lnk
    [2013-06-18 15:28:11 | 000,002,764 | —- | M] () – C:\Users\Bert\Documents\FinalSetList.rtf
    [2013-06-14 10:15:49 | 000,000,312 | —- | M] () – C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf
    [2013-06-14 03:01:51 | 001,640,272 | —- | M] () – C:\Windows\SysWow64\PerfStringBackup.INI
    [2013-06-12 21:48:23 | 000,867,240 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64
    pDeployJava1.dll
    [2013-06-12 21:48:17 | 000,789,416 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\deployJava1.dll
    [2013-06-12 21:47:57 | 000,096,168 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013-06-12 21:43:48 | 000,263,592 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\javaws.exe
    [2013-06-12 21:43:44 | 000,175,016 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\javaw.exe
    [2013-06-12 21:43:25 | 000,175,016 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\java.exe
    [2013-06-10 21:29:53 | 000,000,517 | —- | M] () – C:\Users\Public\Desktop\Fraps.lnk
    [2013-06-08 16:08:18 | 000,000,043 | —- | M] () – C:\Users\Bert\jagex_cl_runescape_LIVE.dat
    [2013-06-08 16:06:58 | 000,526,336 | —- | M] (Microsoft Corporation) – C:\Windows\SysNative\ieui.dll
    [2013-06-08 13:40:02 | 000,391,168 | —- | M] (Microsoft Corporation) – C:\Windows\SysWow64\ieui.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========[/color:66292ca6b2]

    [2013-07-05 10:40:20 | 000,001,418 | —- | C] () – C:\Users\Bert\Desktop\OTL - Snelkoppeling.lnk
    [2013-07-02 10:38:20 | 000,000,044 | —- | C] () – C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat
    [2013-06-27 22:48:27 | 000,000,175 | —- | C] () – C:\Windows\SysNative\drivers\aswVmm.sys.sum
    [2013-06-26 22:49:40 | 000,000,175 | —- | C] () – C:\Windows\SysNative\drivers\aswSnx.sys.sum
    [2013-06-26 22:49:39 | 000,000,175 | —- | C] () – C:\Windows\SysNative\drivers\aswSP.sys.sum
    [2013-06-24 21:17:19 | 000,000,858 | —- | C] () – C:\Users\Public\Desktop\Print CD.lnk
    [2013-06-22 20:25:47 | 000,001,343 | —- | C] () – C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
    [2013-06-20 20:26:52 | 000,000,866 | —- | C] () – C:\Users\Public\Desktop\µTorrent.lnk
    [2013-06-20 20:26:52 | 000,000,866 | —- | C] () – C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013-06-16 13:22:55 | 000,002,764 | —- | C] () – C:\Users\Bert\Documents\FinalSetList.rtf
    [2013-06-14 10:15:49 | 000,000,312 | —- | C] () – C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf
    [2013-06-14 10:03:08 | 000,001,094 | —- | C] () – C:\Users\Public\Desktop\ManiaPlanet.lnk
    [2013-06-10 21:29:53 | 000,000,517 | —- | C] () – C:\Users\Public\Desktop\Fraps.lnk
    [2013-06-08 16:08:18 | 000,000,043 | —- | C] () – C:\Users\Bert\jagex_cl_runescape_LIVE.dat
    [2013-06-07 13:14:45 | 000,000,043 | —- | C] () – C:\Users\Bert\matrixii_cl_matrix_LIVE.dat
    [2013-05-28 08:44:35 | 000,053,248 | —- | C] () – C:\Windows\SysWow64\unrar.dll
    [2013-05-05 10:45:51 | 000,840,264 | —- | C] () – C:\Windows\SysWow64\pbsvc.exe
    [2013-05-03 13:37:34 | 000,000,527 | —- | C] () – C:\Windows\eReg.dat
    [2013-04-26 18:04:04 | 000,723,230 | —- | C] () – C:\Windows\unins000.exe
    [2013-04-26 18:04:04 | 000,143,173 | —- | C] () – C:\Windows\unins000.dat
    [2013-04-13 18:52:09 | 000,036,892 | —- | C] () – C:\Windows\SysWow64\bassmod.dll
    [2013-04-05 11:07:22 | 000,143,360 | —- | C] () – C:\Windows\Vmix108.dll
    [2013-04-05 11:07:22 | 000,000,169 | —- | C] () – C:\Windows\Cm108.ini.cfl
    [2013-04-05 11:07:14 | 000,001,459 | —- | C] () – C:\Windows\Cm108.ini.cfg
    [2013-04-05 11:07:14 | 000,000,237 | —- | C] () – C:\Windows\Cm108.ini.imi
    [2013-04-05 11:07:13 | 000,001,353 | —- | C] () – C:\Windows\cm108.ini
    [2013-04-01 13:45:57 | 000,000,043 | —- | C] () – C:\Users\Bert\jagex_cl_oldschool_LIVE.dat
    [2013-04-01 13:45:57 | 000,000,024 | —- | C] () – C:\Users\Bert\random.dat
    [2013-03-29 04:13:14 | 000,798,734 | —- | C] () – C:\Windows\SysWow64\amdocl_ld32.exe
    [2013-03-29 04:13:12 | 000,995,342 | —- | C] () – C:\Windows\SysWow64\amdocl_as32.exe
    [2013-03-23 13:15:18 | 000,003,584 | —- | C] () – C:\Users\Bert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013-03-23 11:39:06 | 000,015,405 | —- | C] () – C:\Users\Bert\.TransferManager.db
    [2013-03-21 06:10:18 | 000,042,880 | —- | C] () – C:\Windows\SysWow64\xfcodec.dll
    [2013-01-28 09:33:11 | 000,000,000 | —- | C] () – C:\Windows\ativpsrm.bin
    [2013-01-26 20:41:36 | 000,582,656 | —- | C] () – C:\Users\Bert\AppData\Local\file__0.localstorage
    [2013-01-25 20:50:55 | 000,000,331 | —- | C] () – C:\Windows\game.ini
    [2013-01-24 19:47:30 | 000,000,010 | —- | C] () – C:\Windows\GSetup.ini
    [2012-11-27 01:18:46 | 000,038,912 | —- | C] () – C:\Windows\SysWow64\kdbsdk32.dll
    [2012-09-28 03:29:54 | 000,204,952 | —- | C] () – C:\Windows\SysWow64\ativvsvl.dat
    [2012-09-28 03:29:54 | 000,157,144 | —- | C] () – C:\Windows\SysWow64\ativvsva.dat
    [2012-06-22 13:19:01 | 001,640,272 | —- | C] () – C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-01-18 07:44:00 | 010,920,984 | —- | C] () – C:\Windows\SysWow64\LogiDPP.dll
    [2012-01-18 07:44:00 | 000,336,408 | —- | C] () – C:\Windows\SysWow64\DevManagerCore.dll
    [2012-01-18 07:44:00 | 000,104,472 | —- | C] () – C:\Windows\SysWow64\LogiDPPApp.exe
    [2011-09-28 17:44:14 | 000,179,271 | —- | C] () – C:\Windows\SysWow64\xlive.dll.cat
    [2011-09-13 00:06:16 | 000,003,917 | —- | C] () – C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========[/color:66292ca6b2]

    [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll – [2013-02-27 07:52:56 | 014,172,672 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll – [2013-02-27 06:55:05 | 012,872,704 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll – [2009-07-14 03:40:51 | 000,909,312 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll – [2010-11-21 05:24:25 | 000,606,208 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll – [2009-07-14 03:41:56 | 000,505,856 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========[/color:66292ca6b2]

    [2013-01-25 17:25:52 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\AVG
    [2013-03-21 20:28:43 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Belastingdienst
    [2013-06-27 09:21:35 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Epson
    [2013-04-21 10:18:26 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\ERS Game Studios
    [2013-03-23 12:39:05 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\GetRightToGo
    [2013-01-25 16:42:43 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\GHISLER
    [2013-06-21 13:55:26 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Milestone
    [2013-03-26 09:53:54 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\OpenCandy
    [2013-01-25 17:38:54 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Opera
    [2013-06-11 08:31:26 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Origin
    [2013-03-27 13:22:20 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Philips
    [2013-03-27 13:21:29 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Philips-Songbird
    [2013-03-23 14:26:35 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\PowerISO
    [2013-06-15 22:17:37 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\SpinTires
    [2013-06-27 14:27:38 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Spotify
    [2013-01-28 21:46:56 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\SystemRequirementsLab
    [2013-06-24 20:08:50 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\tabagames
    [2013-06-30 11:53:50 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\theHunter
    [2013-07-01 10:15:20 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\tixati
    [2013-04-08 09:57:55 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\TS3Client
    [2013-06-24 20:01:41 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\uTorrent
    [2013-03-28 15:17:55 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========[/color:66292ca6b2]



    ========== Custom Scans ==========[/color:66292ca6b2]

    < services.* >[/color:66292ca6b2]
    [2009-07-14 07:08:49 | 000,000,006 | -H– | C] () – C:\Windows\Tasks\SA.DAT
    [2009-07-14 07:08:49 | 000,022,756 | —- | C] () – C:\Windows\Tasks\SCHEDLGU.TXT
    [2013-01-25 05:29:10 | 000,001,048 | —- | C] () – C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2013-01-25 05:29:10 | 000,001,052 | —- | C] () – C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2013-03-21 14:18:53 | 000,000,940 | —- | C] () – C:\Windows\Tasks\Adobe Flash Player Updater.job
    [2013-03-31 16:18:51 | 000,000,902 | —- | C] () – C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job
    [2013-03-31 16:18:51 | 000,000,924 | —- | C] () – C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job

    < explorer.exe >[/color:66292ca6b2]

    < winlogon.exe >[/color:66292ca6b2]

    < Userinit.exe >[/color:66292ca6b2]

    < svchost.exe >[/color:66292ca6b2]

    ========== Base Services ==========[/color:66292ca6b2]
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:40:01 | 000,072,192 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\aelupsvc.dll – (AeLookupSvc)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-02-27 07:47:10 | 000,070,144 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\appinfo.dll – (Appinfo)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:38:55 | 000,079,360 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\alg.exe – (ALG)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:51 | 000,849,920 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\qmgr.dll – (BITS)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:00 | 000,705,024 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\BFE.DLL – (BFE)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-11-17 08:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\lsass.exe – (KeyIso)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:40:50 | 000,402,944 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\es.dll – (EventSystem)
    SRV - [2009-07-14 03:15:19 | 000,271,360 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\es.dll – (EventSystem)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:38:23 | 000,136,704 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\browser.dll – (Browser)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-05-13 07:51:01 | 000,184,320 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\cryptsvc.dll – (CryptSvc)
    SRV - [2013-05-13 06:45:55 | 000,140,288 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\cryptsvc.dll – (CryptSvc)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:01 | 000,512,000 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (DcomLaunch)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:00 | 000,317,952 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dhcpcore.dll – (Dhcp)
    SRV - [2010-11-21 05:24:09 | 000,254,464 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\dhcpcore.dll – (Dhcp)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-03-03 08:24:16 | 000,183,296 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dnsrslvr.dll – (Dnscache)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:40:35 | 000,111,104 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\eapsvc.dll – (EapHost)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:00 | 000,038,912 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\hidserv.dll – (hidserv)
    SRV - [2009-07-14 03:15:24 | 000,049,152 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\hidserv.dll – (hidserv)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:10 | 000,359,424 | —- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\SysNative\ipnathlp.dll – (SharedAccess)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:48 | 000,501,248 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\IPSECSVC.DLL – (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:54 | 000,524,288 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\swprv.dll – (swprv)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:26 | 000,067,584 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\SysNative\mmcss.dll – (MMCSS)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:52 | 000,360,448 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative
    etman.dll – (Netman)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:52 | 000,459,776 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative
    etprofm.dll – (netprofm)
    SRV - [2009-07-14 03:16:03 | 000,360,448 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64
    etprofm.dll – (netprofm)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2013-01-24 20:40:40 | 000,303,104 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative
    lasvc.dll – (NlaSvc)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:53 | 000,025,600 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative
    sisvc.dll – (nsi)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-05-24 13:42:55 | 000,404,480 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\umpnpmgr.dll – (PlugPlay)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2012-02-11 08:36:02 | 000,559,104 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\spoolsv.exe – (Spooler)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-11-17 08:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\lsass.exe – (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:53 | 000,099,328 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\rasauto.dll – (RasAuto)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:17 | 000,344,064 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\rasmans.dll – (RasMan)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:01 | 000,512,000 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (RpcSs)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:16 | 000,030,720 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\seclogon.dll – (seclogon)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2011-11-17 08:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\lsass.exe – (SamSs)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2009-07-14 03:41:58 | 000,097,280 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wscsvc.dll – (wscsvc)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:48 | 000,236,032 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\srvsvc.dll – (LanmanServer)
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:23:55 | 000,370,688 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\shsvcs.dll – (ShellHWDetection)
    SRV - [2010-11-21 05:24:03 | 000,328,192 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\shsvcs.dll – (ShellHWDetection)
    No service found with a name of slsvc
    SRV:[b:66292ca6b2]64bit:[/b:66292ca6b2] - [2010-11-21 05:24:16 | 001,110,016 | —- | M]
  • Graag de drie logs in één keer posten.

    [b:c090b495a3]Stap •1•[/b:c090b495a3][/color:c090b495a3]
    [b:c090b495a3]Welk programma[/b:c090b495a3]: [b:c090b495a3]AdwCleaner[/b:c090b495a3][/color:c090b495a3]
    [b:c090b495a3]Waarvoor/waarom[/b:c090b495a3]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
    [b:c090b495a3]Moeilijkheidsgraad[/b:c090b495a3]: Geen.
    [b:c090b495a3]Downloadlokatie[/b:c090b495a3]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:c090b495a3]Download[/b:c090b495a3]: [b:c090b495a3]AdwCleaner by Xplode[/b:c090b495a3][/color:c090b495a3].

    [b:c090b495a3]Opmerkingen[/b:c090b495a3]:
    [list:c090b495a3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:c090b495a3]Dat na opstarten van [b:c090b495a3]AdwCleaner[/b:c090b495a3] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:c090b495a3]
    [b:c090b495a3]AdwCleaner opstarten[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3][b:c090b495a3]Windows 2000[/color:c090b495a3][/b:c090b495a3] en [b:c090b495a3]Windows XP[/b:c090b495a3][/color:c090b495a3]: dubbelklik op adwcleaner.exe.
    [*:c090b495a3][b:c090b495a3]Windows Vista[/b:c090b495a3][/color:c090b495a3], [b:c090b495a3]Windows 7[/b:c090b495a3][/color:c090b495a3] en [b:c090b495a3]Windows 8[/b:c090b495a3][/color:c090b495a3]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:c090b495a3]
    [b:c090b495a3]AdwCleaner is opgestart[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3]Klik op de knop [b:c090b495a3]Verwijderen[/b:c090b495a3]
    [*:c090b495a3]Klik bij [b:c090b495a3]AdwCleaner – Afsluiting van de programma's[/b:c090b495a3] op [b:c090b495a3]OK[/b:c090b495a3]
    [*:c090b495a3]Klik bij [b:c090b495a3]AdwCleaner – Herstarten noodzakelijk[/b:c090b495a3] op [b:c090b495a3]OK[/b:c090b495a3][/list:u:c090b495a3]
    [b:c090b495a3]AdwCleaner logbestand[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3]Nadat de PC opnieuw is opgestart, opent een logfile.
    [*:c090b495a3]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:c090b495a3]

    [b:c090b495a3]Stap •2•[/b:c090b495a3][/color:c090b495a3]
    [b:c090b495a3]Welk programma[/b:c090b495a3]: [b:c090b495a3]Junkware Removal Tool by Thisisu[/b:c090b495a3][/color:c090b495a3]
    [b:c090b495a3]Waarvoor/waarom[/b:c090b495a3]: Scanner om Windows o.a. te ontdoen van malafide toolbars.
    [b:c090b495a3]Moeilijkheidsgraad[/b:c090b495a3]: Geen.
    [b:c090b495a3]Downloadlokatie[/b:c090b495a3]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:c090b495a3]Download[/b:c090b495a3]: [b:c090b495a3]JRT.exe[/b:c090b495a3][/color:c090b495a3]
    .
    [b:c090b495a3]Opmerkingen[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
    [*:c090b495a3]Het is raadzaam de actieve beveiligingssoftware te de-activeren, zodat mogelijke conflicten met JRT.exe uitgsloten worden.:
    [*:c090b495a3][b:c090b495a3]Hier[/color:c090b495a3][/b:c090b495a3] en [b:c090b495a3]hier[/color:c090b495a3][/b:c090b495a3] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.
    [*:c090b495a3]Dat tijdens de scan van [b:c090b495a3]JRT.exe[/b:c090b495a3] tijdelijk de snelkoppelingen verdwijnen van het bureaublad, is normaal.[/list:u:c090b495a3]
    [b:c090b495a3]Junkware Removal Tool by Thisisu opstarten[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3][b:c090b495a3]Windows 2000[/color:c090b495a3][/b:c090b495a3] en [b:c090b495a3]Windows XP[/b:c090b495a3][/color:c090b495a3]: dubbelklik op [b:c090b495a3]JRT.exe[/b:c090b495a3].
    [*:c090b495a3][b:c090b495a3]Windows Vista[/b:c090b495a3][/color:c090b495a3], [b:c090b495a3]Windows 7[/b:c090b495a3][/color:c090b495a3] en [b:c090b495a3]Windows 8[/b:c090b495a3][/color:c090b495a3]: via rechtsklik op [b:c090b495a3]JRT.exe[/b:c090b495a3] en kies voor "Als Administrator uitvoeren".
    [*:c090b495a3][b:c090b495a3]JRT.exe[/b:c090b495a3] zal daarna Windows gaan scannen.
    [*:c090b495a3]Deze scan kan afhankelijk van de systeemspecificaties soms vrij lang duren, wees dus geduldig.
    [*:c090b495a3]Indien de scan voltooid is, zal een logje ([b:c090b495a3]JRT.txt[/b:c090b495a3]) op het bureaublad opgeslagen worden en automatisch openen.
    [*:c090b495a3]Post de inhoud van dit log in je volgende bericht.[/list:u:c090b495a3]

    [b:c090b495a3]Stap •3•[/b:c090b495a3][/color:c090b495a3]
    [b:c090b495a3]Welk programma[/b:c090b495a3]: [b:c090b495a3]RogueKiller[/b:c090b495a3][/color:c090b495a3]
    [b:c090b495a3]Waarvoor/waarom[/b:c090b495a3]: gratis specialistische scanner om lopende processen te scannen en om malware processen te kunnen uitschakelen.
    [b:c090b495a3]Moeilijkheidsgraad[/b:c090b495a3]: geen.
    [b:c090b495a3]Download: [img:c090b495a3]http://www.imgdumper.nl/uploads6/51a5d25f9546d/51a5d25f95083-roguekiller.png[/img:c090b495a3] RogueKiller 32 bit (x86)[/color:c090b495a3] of [img:c090b495a3]http://www.imgdumper.nl/uploads6/51a5d25f9546d/51a5d25f95083-roguekiller.png[/img:c090b495a3] RogueKiller 64 bit (x64)[/color:c090b495a3][/b:c090b495a3]
    [b:c090b495a3]RogueKiller opstarten[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3]Sluit nu eerst alle nog openstaande programmavensters!
    [*:c090b495a3][b:c090b495a3]Windows 2000[/color:c090b495a3][/b:c090b495a3] en [b:c090b495a3]Windows XP[/b:c090b495a3][/color:c090b495a3]: dubbelklik op RogueKiller.exe.
    [*:c090b495a3][b:c090b495a3]Windows Vista[/b:c090b495a3][/color:c090b495a3], [b:c090b495a3]Windows 7[/b:c090b495a3][/color:c090b495a3] en [b:c090b495a3]Windows 8[/b:c090b495a3][/color:c090b495a3]: rechtsklik op RogueKiller.exe en dan kiezen voor Als Administrator uitvoeren.[/list:u:c090b495a3]
    [b:c090b495a3]Scannen[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3][b:c090b495a3]Sluit voordat RogueKiller gaat scannen, eerst alle andere openstaande vensters![/b:c090b495a3]
    [*:c090b495a3]Na opstarten begint RogueKiller meteen een pre-scan, dus wacht tot de scan klaar is.
    [*:c090b495a3]Let op - activeer de volgende opties in RogueKiller:
    [list:c090b495a3]
    [*:c090b495a3] MBR Scan
    [*:c090b495a3] Check Faked
    [*:c090b495a3] Anti-Rootkit[/list:u:c090b495a3]
    [*:c090b495a3]Klik vervolgens op de knop [b:c090b495a3]Scan[/b:c090b495a3]
    [*:c090b495a3]Wacht tot het einde van de scan.
    [*:c090b495a3]Een log wordt aangemaakt en geplaatst op het bureaublad.[/list:u:c090b495a3]
    [b:c090b495a3]Hoe nu verder[/b:c090b495a3]:
    [list:c090b495a3][*:c090b495a3][b:c090b495a3]Doe verder nog niks maar plaats eerst de inhoud van dat log in jouw volgende bericht.[/color:c090b495a3][/b:c090b495a3][/list:u:c090b495a3]
  • # AdwCleaner v2.304 - Verslag gemaakt op 05/07/2013 om 12:42:26
    # Geactualiseerd op 03/07/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
    # Gebruiker : Bert - BERT-PC
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Bert\Downloads\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    Map Verwijderd : C:\ProgramData\InstallMate
    Map Verwijderd : C:\Users\Bert\AppData\Local\Wondershare
    Map Verwijderd : C:\Users\Bert\AppData\Roaming\OpenCandy

    ***** [Register] *****

    Sleutel Verwijderd : HKCU\Software\SmartBar
    Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
    Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Sleutel Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
    Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Waarde Verwijderd : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
    Waarde Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

    ***** [Browsers] *****

    -\\ Internet Explorer v10.0.9200.16611

    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 –> hxxp://www.google.com
    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 –> hxxp://www.google.com
    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 –> hxxp://www.google.com
    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 –> hxxp://www.google.com
    Vervangen : [HKCU\Software\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 –> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl - Default] = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=NL&userid=ff1b389a-b345-4724-b5b1-a8b019f5a6b0&searchtype=ds&q={searchTerms}&installDate=26/03/2013 –> hxxp://www.google.com

    -\\ Google Chrome v27.0.1453.116

    File : C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Verwijderd [l.3861] : urls_to_restore_on_startup = [ "hxxps://www.google.nl/", [ "hxxp://search.conduit.com/?ctid=C[…]

    -\\ Opera v12.15.1748.0

    File : C:\Users\Bert\AppData\Roaming\Opera\Opera\operaprefs.ini

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [3542 octets] - [05/07/2013 12:42:26]

    ########## EOF - C:\AdwCleaner[S1].txt - [3602 octets] ##########


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 7 Home Premium x64
    Ran by Bert on vr 05-07-2013 at 12:48:16,20
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{019CA7EE-5527-46B7-9DEA-BA6992FE5ED1}
    Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{1C7F5D42-6557-4860-B9B8-9A18548D4F3C}
    Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{1CFB0F6B-75C3-47CB-AE65-5107FD5EBF8C}
    Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{5F09684F-62D4-4D78-B5E8-A06EB266EA9C}
    Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{68F3531E-6354-4B57-8AE2-8DF8C0C0D4FC}
    Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{8C5359CB-BB7E-46C8-8B18-D82DA03F694B}
    Successfully deleted: [Empty Folder] C:\Users\Bert\appdata\local\{F2F6D39F-780C-41F6-97E6-D24DF6F1058B}



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on vr 05-07-2013 at 12:50:59,26
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    RogueKiller V8.6.2 _x64_ [Jul 2 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : hxxp://www.adlice.com/forum/
    Website : hxxp://www.adlice.com/softwares
    oguekiller/
    Blog : http://tigzyrk.blogspot.com/

    besturingssysteem : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Gestart vanuit : Normale modus
    Gebruiker : Bert [Administrator rechten]
    Modus : Scan – Datum : 07/05/2013 12:52:36
    | ARK || FAK || MBR |

    ¤¤¤ Kwaadaardige processen : 0 ¤¤¤

    ¤¤¤ Register verwijzingen : 7 ¤¤¤
    [RUN][SUSP PATH] HKLM\[…]\Wow6432Node\[…]\Run : AMD Catalyst (C:\ProgramData\Catalyst\CCC\colorrgb.exe [-]) -> gevonden
    [HJ POL] HKCU\[…]\System : DisableTaskMgr (0) -> gevonden
    [HJ POL] HKCU\[…]\System : DisableRegistryTools (0) -> gevonden
    [HJ POL] HKLM\[…]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
    [HJ POL] HKLM\[…]\Wow6432Node\[…]\System : ConsentPromptBehaviorAdmin (0) -> gevonden
    [HJ DESK] HKLM\[…]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> gevonden
    [HJ DESK] HKLM\[…]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> gevonden

    ¤¤¤ geplande taken : 0 ¤¤¤

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ webbrowsers : 0 ¤¤¤

    ¤¤¤ Speciale Files / Folders: ¤¤¤

    ¤¤¤ Driver : [Niet geladen 0x0] ¤¤¤

    ¤¤¤ Externe Hives: ¤¤¤

    ¤¤¤ Infectie : ¤¤¤

    ¤¤¤ HOSTS Bestand: ¤¤¤
    –> %SystemRoot%\System32\drivers\etc\hosts




    ¤¤¤ MBR Controle: ¤¤¤

    +++++ PhysicalDrive0: M4-CT256 M4SSD2 SATA Disk Device +++++
    — User —
    [MBR] e33cb6f0ce1e4ab46a3e73571abb1880
    [BSP] 076d677b30f76797af44975d020f07c9 : Windows 7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 350 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 718848 | Size: 229510 Mo
    2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 470755328 | Size: 14336 Mo
    User = LL1 … OK!
    User = LL2 … OK!

    +++++ PhysicalDrive1: M4-CT256 M4SSD2 SATA Disk Device +++++
    — User —
    [MBR] 43231d686d1a1d4672e0605bd93b4f30
    [BSP] 3eea5ef7fbc3da3ecda469111b39788b : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1907727 Mo
    User = LL1 … OK!
    User = LL2 … OK!

    Gereed : << RKreport[0]_S_07052013_125236.txt >>
  • Wat RK toont zijn standaard gegevens.

    We kijken verder:

    [b:841c6df2f1]Welk programma[/b:841c6df2f1]: [img:841c6df2f1]http://www.imgdumper.nl/uploads6/51c590ce3cf4a/51c590ce361e7-ComboFix_resized_2.png[/img:841c6df2f1][b:841c6df2f1] ComboFix[/b:841c6df2f1][/color:841c6df2f1]
    [b:841c6df2f1]Waarvoor/waarom[/b:841c6df2f1]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:841c6df2f1]Moeilijkheidsgraad[/b:841c6df2f1]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:841c6df2f1]Downloadlokatie[/b:841c6df2f1]: Dit programma absoluut naar het bureaublad downloaden!
    [b:841c6df2f1]Download ComboFix via één van deze locaties[/b:841c6df2f1]:
    [list:841c6df2f1][*:841c6df2f1][b:841c6df2f1]Bleepingcomputer[/b:841c6df2f1]
    [*:841c6df2f1][b:841c6df2f1]ForoSpyware[/b:841c6df2f1]
    [*:841c6df2f1][b:841c6df2f1]Geekstogo[/b:841c6df2f1][/list:u:841c6df2f1]
    [b:841c6df2f1]Hier[/color:841c6df2f1][/b:841c6df2f1] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:841c6df2f1]Hier[/color:841c6df2f1][/b:841c6df2f1] en [b:841c6df2f1]hier[/color:841c6df2f1][/b:841c6df2f1] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:841c6df2f1]Opmerkingen[/b:841c6df2f1]:
    [list:841c6df2f1][*:841c6df2f1] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:841c6df2f1]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:841c6df2f1]
    [b:841c6df2f1]ComboFix opstarten[/b:841c6df2f1]:
    [list:841c6df2f1][*:841c6df2f1][b:841c6df2f1]Windows 2000[/color:841c6df2f1][/b:841c6df2f1] en [b:841c6df2f1]Windows XP[/b:841c6df2f1][/color:841c6df2f1]: dubbelklik op ComboFix.exe.
    [*:841c6df2f1][b:841c6df2f1]Windows Vista[/b:841c6df2f1][/color:841c6df2f1], [b:841c6df2f1]Windows 7[/b:841c6df2f1][/color:841c6df2f1] en [b:841c6df2f1]Windows 8[/b:841c6df2f1][/color:841c6df2f1]: via rechtsklik op [b:841c6df2f1]ComboFix.exe[/b:841c6df2f1] en kies voor "Als Administrator uitvoeren".[/list:u:841c6df2f1]
    [b:841c6df2f1]ComboFix is opgestart[/b:841c6df2f1]:
    [list:841c6df2f1][*:841c6df2f1]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:841c6df2f1]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:841c6df2f1]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:841c6df2f1]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:841c6df2f1]Post de inhoud van dit logbestand in je volgende bericht.
    [*:841c6df2f1]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:841c6df2f1]
    [b:841c6df2f1]Belangrijke opmerking[/b:841c6df2f1]:
    [list:841c6df2f1][*:841c6df2f1][b:841c6df2f1]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:841c6df2f1][/b:841c6df2f1]
    [*:841c6df2f1][b:841c6df2f1]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:841c6df2f1][/b:841c6df2f1]
    [*:841c6df2f1][b:841c6df2f1]Start dan de computer opnieuw op.[/color:841c6df2f1][/b:841c6df2f1][/list:u:841c6df2f1]
  • ComboFix 13-07-04.01 - Bert 05-07-2013 15:59:23.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8173.6624 [GMT 2:00]
    Gestart vanuit: C:\Users\Bert\Downloads\ComboFix.exe
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\ProgramData\Catalyst
    C:\ProgramData\Catalyst\CCC\1.bat
    C:\ProgramData\Catalyst\CCC\1.exe
    C:\ProgramData\Catalyst\CCC\123.bat
    C:\ProgramData\Catalyst\CCC\checkOS.txt
    C:\ProgramData\Catalyst\CCC\colorrgb.exe
    C:\ProgramData\Catalyst\CCC\mnr.exe
    C:\ProgramData\Catalyst\CCC\OpenCL.exe
    C:\ProgramData\Catalyst\CCC\start.reg
    C:\ProgramData\Catalyst\CCC\stop.bat
    C:\ProgramData\Catalyst\CCC\StringCheck.txt
    C:\ProgramData\Catalyst\CCC\upd.exe
    C:\ProgramData\Catalyst\CCC\upd1.exe
    C:\Windows\pkunzip.pif
    C:\Windows\pkzip.pif
    C:\Windows\SysWow64\frapsvid.dll


    (((((((((((((((((((( Bestanden Gemaakt van 2013-06-05 to 2013-07-05 ))))))))))))))))))))))))))))))


    2013-07-05 10:48:15 . 2013-07-05 10:48:15 ——– d—–w- C:\Windows\ERUNT
    2013-07-05 10:48:12 . 2013-07-05 10:48:12 ——– d—–w- C:\JRT
    2013-07-04 16:52:26 . 2013-07-04 16:52:40 ——– d—–w- C:\Users\Bert\AppData\Local\Downloader
    2013-07-04 16:52:11 . 2013-07-04 16:52:11 ——– d—–w- C:\Program Files (x86)\Downloader
    2013-07-02 06:17:11 . 2013-06-12 03:08:52 9552976 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{88FCA82C-D7E1-48B5-A94F-5330B7F23F45}\mpengine.dll
    2013-07-01 17:03:35 . 2013-07-01 17:03:35 ——– d—–w- C:\ProgramData\SystemRequirementsLab
    2013-06-30 15:05:55 . 2013-06-30 19:27:33 ——– d—–w- C:\Program Files (x86)\EZDownloader
    2013-06-30 09:53:50 . 2013-06-30 09:53:50 ——– d—–w- C:\Users\Bert\AppData\Roaming\theHunter
    2013-06-30 09:53:50 . 2013-06-30 09:53:50 ——– d—–w- C:\Users\Bert\AppData\Local\theHunter
    2013-06-30 09:38:53 . 2013-06-30 09:38:53 ——– d—–w- C:\ProgramData\Hunter
    2013-06-24 19:18:20 . 2013-06-27 07:21:35 ——– d—–w- C:\Users\Bert\AppData\Roaming\Epson
    2013-06-24 18:08:50 . 2013-06-24 18:08:50 ——– d—–w- C:\Users\Bert\AppData\Roaming\tabagames
    2013-06-22 18:24:47 . 2013-06-23 07:05:06 ——– d—–w- C:\Program Files (x86)\Euro Truck Simulator 2
    2013-06-22 05:59:28 . 2013-06-22 05:59:23 312232 —-a-w- C:\Windows\system32\javaws.exe
    2013-06-22 05:59:25 . 2013-06-22 05:59:23 189352 —-a-w- C:\Windows\system32\javaw.exe
    2013-06-22 05:59:25 . 2013-06-22 05:59:23 188840 —-a-w- C:\Windows\system32\java.exe
    2013-06-22 05:59:25 . 2013-06-22 05:59:23 108968 —-a-w- C:\Windows\system32\WindowsAccessBridge-64.dll
    2013-06-22 05:59:22 . 2013-06-22 05:59:22 ——– d—–w- C:\Program Files\Java
    2013-06-21 13:00:36 . 2013-06-21 13:00:36 ——– d—–w- C:\ProgramData\ATI
    2013-06-21 13:00:34 . 2013-06-21 13:00:34 ——– d—–w- C:\Program Files (x86)\AMD AVT
    2013-06-21 11:55:26 . 2013-06-21 11:55:26 ——– d—–w- C:\Users\Bert\AppData\Roaming\Milestone
    2013-06-20 18:25:51 . 2013-06-24 18:01:41 ——– d—–w- C:\Users\Bert\AppData\Roaming\uTorrent
    2013-06-15 19:43:14 . 2013-06-15 20:17:37 ——– d—–w- C:\Users\Bert\AppData\Roaming\SpinTires
    2013-06-15 11:43:02 . 2013-06-08 14:08:00 279040 —-a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2013-06-15 11:43:02 . 2013-06-08 12:28:46 2706432 —-a-w- C:\Windows\system32\mshtml.tlb
    2013-06-15 11:43:02 . 2013-06-08 11:41:58 218112 —-a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2013-06-15 11:43:02 . 2013-06-08 11:13:19 2706432 —-a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-06-15 11:43:01 . 2013-06-08 14:08:10 1365504 —-a-w- C:\Windows\system32\urlmon.dll
    2013-06-15 11:43:01 . 2013-06-08 14:06:58 526336 —-a-w- C:\Windows\system32\ieui.dll
    2013-06-15 11:43:01 . 2013-06-08 14:06:58 2648064 —-a-w- C:\Windows\system32\iertutil.dll
    2013-06-15 11:42:59 . 2013-06-08 14:06:57 15404544 —-a-w- C:\Windows\system32\ieframe.dll
    2013-06-15 11:42:58 . 2013-06-08 14:07:17 19233792 —-a-w- C:\Windows\system32\mshtml.dll
    2013-06-14 18:39:53 . 2013-06-14 18:39:53 ——– d—–w- C:\Users\Bert\AppData\Local\Rockstar Games
    2013-06-14 08:02:47 . 2013-07-05 07:00:55 ——– d—–w- C:\ProgramData\ManiaPlanet
    2013-06-14 08:02:47 . 2013-07-04 16:57:20 ——– d—–w- C:\Program Files (x86)\ManiaPlanet
    2013-06-12 15:31:55 . 2013-05-08 06:39:01 1910632 —-a-w- C:\Windows\system32\drivers\tcpip.sys
    2013-06-08 12:17:54 . 2013-06-08 12:17:55 ——– d—–w- C:\hitsplat
    2013-06-07 11:14:45 . 2013-06-07 11:14:45 ——– d—–w- C:\Users\Bert\matrixiicache
    .


    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2013-06-27 20:48:27 . 2013-03-21 06:04:54 189936 —-a-w- C:\Windows\system32\drivers\aswVmm.sys
    2013-06-27 20:48:27 . 2013-01-25 14:35:27 378944 —-a-w- C:\Windows\system32\drivers\aswSP.sys
    2013-06-27 20:48:27 . 2013-01-25 14:35:27 1030952 —-a-w- C:\Windows\system32\drivers\aswSnx.sys
    2013-06-22 05:59:23 . 2012-06-22 12:05:27 972712 —-a-w- C:\Windows\system32\deployJava1.dll
    2013-06-22 05:59:23 . 2012-06-22 12:05:27 1093032 —-a-w- C:\Windows\system32
    pDeployJava1.dll
    2013-06-21 11:53:34 . 2013-03-21 12:18:53 692104 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-21 11:53:34 . 2012-06-22 12:06:14 71048 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-13 01:01:35 . 2012-06-22 10:55:13 75825640 —-a-w- C:\Windows\system32\MRT.exe
    2013-06-12 19:48:23 . 2012-06-22 12:05:09 867240 —-a-w- C:\Windows\SysWow64
    pDeployJava1.dll
    2013-06-12 19:48:17 . 2012-06-22 12:05:09 789416 —-a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-12 19:47:57 . 2013-05-02 05:28:51 96168 —-a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-03 07:14:45 . 2013-06-03 07:14:42 38688 —-a-w- C:\Windows\system32\cc_20130603_091441.reg
    2013-05-28 06:44:35 . 2013-05-28 06:44:35 53248 —-a-w- C:\Windows\SysWow64\unrar.dll
    2013-05-14 06:32:56 . 2011-03-29 01:36:46 22240 —-a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-11 14:17:08 . 2013-01-25 18:50:57 189248 —-a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-05-09 08:59:07 . 2013-03-21 06:04:54 65336 —-a-w- C:\Windows\system32\drivers\aswRvrt.sys
    2013-05-09 08:59:07 . 2013-01-25 14:35:27 72016 —-a-w- C:\Windows\system32\drivers\aswRdr2.sys
    2013-05-09 08:59:07 . 2013-01-25 14:35:27 64288 —-a-w- C:\Windows\system32\drivers\aswTdi.sys
    2013-05-09 08:59:06 . 2013-01-25 17:39:20 131232 —-a-w- C:\Windows\system32\drivers\aswFW.sys
    2013-05-09 08:59:06 . 2013-01-25 17:39:18 270824 —-a-w- C:\Windows\system32\drivers\aswNdis2.sys
    2013-05-09 08:59:06 . 2013-01-25 17:39:18 22600 —-a-w- C:\Windows\system32\drivers\aswKbd.sys
    2013-05-09 08:59:06 . 2013-01-25 14:35:27 80816 —-a-w- C:\Windows\system32\drivers\aswMonFlt.sys
    2013-05-09 08:59:06 . 2013-01-25 14:35:27 33400 —-a-w- C:\Windows\system32\drivers\aswFsBlk.sys
    2013-05-09 08:58:37 . 2013-01-25 14:35:17 41664 —-a-w- C:\Windows\avastSS.scr
    2013-05-09 08:58:11 . 2013-01-25 14:35:27 287840 —-a-w- C:\Windows\system32\aswBoot.exe
    2013-05-02 00:06:08 . 2010-11-21 03:27:21 278800 ——w- C:\Windows\system32\MpSigStub.exe
    2013-04-30 08:41:24 . 2013-05-05 08:45:51 840264 —-a-w- C:\Windows\SysWow64\pbsvc.exe
    2013-04-26 16:08:14 . 2013-04-26 16:04:04 723230 —-a-w- C:\Windows\unins000.exe
    2013-04-13 05:49:23 . 2013-05-16 05:36:47 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 . 2013-05-16 05:36:47 350208 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 . 2013-05-16 05:36:47 308736 —-a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 . 2013-05-16 05:36:47 111104 —-a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 . 2013-05-16 05:36:47 474624 —-a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 . 2013-05-16 05:36:47 2176512 —-a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 . 2013-04-24 05:48:59 1656680 —-a-w- C:\Windows\system32\drivers
    tfs.sys
    2013-04-10 06:01:54 . 2013-05-16 05:36:48 265064 —-a-w- C:\Windows\system32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 . 2013-05-16 05:36:48 983400 —-a-w- C:\Windows\system32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 . 2013-05-16 05:36:40 3153920 —-a-w- C:\Windows\system32\win32k.sys
    2013-04-08 07:58:14 . 2013-04-08 07:58:10 968 —-a-w- C:\Windows\system32\cc_20130408_095809.reg
    2013-04-07 16:23:28 . 2013-03-23 14:21:14 280904 —-a-w- C:\Windows\SysWow64\PnkBstrB.xtr


    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))


    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-03-23 11:02:17 220632 —-a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-03-23 11:02:17 220632 —-a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-03-23 11:02:17 220632 —-a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Spotify Web Helper"="C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-06-27 12:23:57 1104384]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2013-05-09 08:58:30 4858968]
    "StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 15:06:40 642728]
    "Philips Device Listener"="C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2012-02-08 09:49:16 380416]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 21:06:36 958576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    R3 cpuz135;cpuz135;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys;C:\Windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x]
    R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
    R3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
    R3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys;C:\Windows\SYSNATIVE\drivers\mbam.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\system32\drivers\terminpt.sys;C:\Windows\SYSNATIVE\drivers\terminpt.sys [x]
    R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\system32\drivers\CM10864.sys;C:\Windows\SYSNATIVE\drivers\CM10864.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys;C:\Windows\SYSNATIVE\drivers\amd_sata.sys [x]
    S0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys;C:\Windows\SYSNATIVE\drivers\amd_xata.sys [x]
    S0 aswKbd;aswKbd; [x]
    S0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys;C:\Windows\SYSNATIVE\DRIVERS\aswNdis.sys [x]
    S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
    S0 aswRvrt;aswRvrt; [x]
    S0 aswVmm;aswVmm; [x]
    S1 aswFW;avast! TDI Firewall driver; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
    S2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys;C:\Windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe;C:\Program Files\AVAST Software\Avast\afwServ.exe [x]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
    S2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [x]
    S2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
    S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\Drivers\EtronHub3.sys;C:\Windows\SYSNATIVE\Drivers\EtronHub3.sys [x]
    S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\Drivers\EtronXHCI.sys;C:\Windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x]


    — Andere Services/Drivers In Geheugen —

    *NewlyCreated* - WS2IFSL

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-20 16:17:25 1165776 —-a-w- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe

    Inhoud van de 'Gedeelde Taken' map

    2013-07-05 C:\Windows\Tasks\Adobe Flash Player Updater.job
    - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-21 12:18:53 . 2013-06-21 11:53:35]

    2013-07-04 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job
    - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 14:18:50 . 2013-03-31 14:18:49]

    2013-07-05 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job
    - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-31 14:18:50 . 2013-03-31 14:18:49]

    2013-07-05 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 03:29:10 . 2013-01-25 03:29:10]

    2013-07-05 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-25 03:29:10 . 2013-01-25 03:29:10]


    ——— X64 Entries ———–


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-03-23 11:02:16 244696 —-a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-03-23 11:02:16 244696 —-a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-03-23 11:02:16 244696 —-a-w- C:\Users\Bert\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2013-05-09 08:58:09 133840 —-a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2013-06-06 21:57:26 778192 —-a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-06-06 21:57:26 778192 —-a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
    2013-06-06 21:57:26 778192 —-a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2013-06-06 21:57:26 778192 —-a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2013-06-06 21:57:26 778192 —-a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2013-06-06 21:57:26 778192 —-a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Cm108Sound"="C:\Windows\Syswow64\cm108.dll" [2013-01-16 15:54:04 8757248]

    ——- Bijkomende Scan ——-

    uLocal Page = C:\Windows\system32\blank.htm
    uStart Page = hxxp://www.diesiedleronline.de/de/startseite
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com
    TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

    - - - - ORPHANS VERWIJDERD - - - -

    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
  • [b:80df2f02d9]Welk programma[/b:80df2f02d9]: sUbs [b:80df2f02d9]dds.scr[/b:80df2f02d9]
    [b:80df2f02d9]Waarvoor/waarom[/b:80df2f02d9]: DDS is een diagnosetool en maakt gebruik van scripts.
    [b:80df2f02d9]Moeilijkheidsgraad[/b:80df2f02d9]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:80df2f02d9]Downloadlokatie[/b:80df2f02d9]: Dit programma absoluut naar het bureaublad downloaden of anders eerst daar naar toe verplaatsen!
    [b:80df2f02d9]Download[/b:80df2f02d9] sUBs dds.scr [b:80df2f02d9]hier[/b:80df2f02d9]

    [img:80df2f02d9]http://img.photobucket.com/albums/v666/sUBs/dds_scr.gif[/img:80df2f02d9]

    [b:80df2f02d9]sUBs dds.scr gebruiken[/b:80df2f02d9]:
    [list:80df2f02d9][*:80df2f02d9][b:80df2f02d9]Belangrijk[/color:80df2f02d9][/b:80df2f02d9]: deaktiveer eerst de antivirussoftware en de aktieve spywarescanners!
    [*:80df2f02d9] [b:80df2f02d9]Sluit vervolgens eerst alle nog openstaande programmavensters![/color:80df2f02d9][/b:80df2f02d9]
    [*:80df2f02d9]Windows 2000 en Windows XP: start sUBs dds.scr middels dubbelklik op de snelkoppeling.
    [*:80df2f02d9]Windows Vista en Windows 7: start sUBs dds.scr rechtsklik op de snelkoppeling en dan kiezen voor Als Administrator uitvoeren.
    [*:80df2f02d9] Na de scan worden twee tekstdocumnenten geopend - DDS.txt en Attach.txt - post de inhoud van beide logs.
    [*:80df2f02d9][b:80df2f02d9]Belangrijk[/color:80df2f02d9][/b:80df2f02d9]: heraktiveer weer de antivirussoftware en de aktieve spywarescanners![/list:u:80df2f02d9]
  • Wil het lukken?
  • .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 25-1-2013 4:25:52
    System Uptime: 7-7-2013 1:30:51 (10 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | GA-990FXA-UD3
    Processor: AMD FX™-8350 Eight-Core Processor | Socket M2 | 4000/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 224 GiB total, 108,063 GiB free.
    D: is FIXED (NTFS) - 1863 GiB total, 1649,253 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP143: 25-6-2013 8:03:16 - Windows Update
    RP144: 29-6-2013 7:17:48 - Windows Update
    RP145: 30-6-2013 19:00:07 - Windows Back-up
    RP146: 2-7-2013 8:17:04 - Windows Update
    RP147: 4-7-2013 18:57:21 - DirectX is geïnstalleerd.
    RP148: 6-7-2013 7:19:10 - Windows Update
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20 (x64 edition)
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader X (10.1.7)
    AMD Accelerated Video Transcoding
    AMD APP CPU SDK Runtime
    AMD APP SDK Runtime
    AMD Catalyst Install Manager
    AMD Drag and Drop Transcoding
    AMD Fuel
    AMD Media Foundation Decoders
    AMD Steady Video Plug-In
    AMD VISION Engine Control Center
    µTorrent
    avast! Internet Security
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (nl-NL)
    Battlefield 3™
    Battlelog Web Plugins
    Call of Duty(R) 4 - Modern Warfare(TM)
    Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
    Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
    Call of Duty: Modern Warfare 2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    Cossacks: Back to War
    Crysis® 2
    D3DX10
    Dolby Home Theater v4
    Downloader
    Epson Easy Photo Print 2
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Print CD
    EPSON Scan
    EpsonNet Config V4
    ESN Sonar
    Etron USB3.0 Host Controller
    Euro Truck Simulator 2
    Facebook Messenger 2.1.4814.0
    Fotogalerie
    Fraps
    Galerie de photos
    Google Chrome
    Google Drive
    Google Update Helper
    GRID 2 © Codemasters version 1
    Java 7 Update 25
    Java 7 Update 25 (64-bit)
    Java Auto Updater
    Junk Mail filter update
    Malwarebytes Anti-Malware versie 1.75.0.1300
    ManiaPlanet
    Media converter
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Silverlight
    Microsoft SkyDrive
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106
    Movie Maker
    MSVCRT
    MSVCRT_amd64
    MSVCRT110
    MSVCRT110_amd64
    Opera 12.15
    Origin
    Philips Media Converter
    Philips Songbird
    Photo Common
    Photo Gallery
    PowerISO
    Printer EPSON PX710W Series verwijderen
    Realtek Ethernet Controller Driver
    Realtek HDMI Audio Driver for ATI
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Skype™ 6.5
    Spotify
    Steam
    System Requirements Lab CYRI
    TeamSpeak 3 Client
    Tixati
    Total Commander (Remove or Repair)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2836939)
    Uplay
    USB PnP Sound Device
    Windows-stuurprogrammapakket - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/11/2009 2.0.0010.00002)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Mail
    Windows Live Messenger
    Windows Live MIME IFilter
    Windows Live Photo Common
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Movie Maker 2.6
    Xfire
    .
    ==== End Of File ===========================


    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16611 BrowserJavaVersion: 10.25.2
    Run by Bert at 11:09:15 on 2013-07-07
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.8173.6868 [GMT 2:00]
    .
    AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\system32\atieclxx.exe
    C:\Program Files\AVAST Software\Avast\afwServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
    C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    C:\Windows\System32\WUDFHost.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.diesiedleronline.de/de/startseite
    uSearchAssistant = hxxp://www.google.com
    BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
    BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Aanmeldhulp voor Microsoft-account: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    uRun: [Spotify Web Helper] "C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [Philips Device Listener] "C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    TCP: NameServer = 212.54.35.25 212.54.40.25
    TCP: Interfaces\{3B629CB8-C6D6-4AE4-9638-DE27D7734B4B} : DHCPNameServer = 212.54.35.25 212.54.40.25
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe" –configure-user-settings –verbose-logging –system-level –multi-install –chrome
    x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
    x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
    x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
    x64-Run: [Cm108Sound] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd
    x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-1-24 80000]
    R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-1-24 40576]
    R0 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-1-25 22600]
    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2013-1-25 12368]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2013-1-25 270824]
    R0 aswRvrt;aswRvrt;C:\Windows\System32\drivers\aswRvrt.sys [2013-3-21 65336]
    R0 aswVmm;aswVmm;C:\Windows\System32\drivers\aswVmm.sys [2013-3-21 189936]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2013-1-25 131232]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-25 1030952]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-25 378944]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-3-29 241152]
    R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
    R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-25 33400]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-25 80816]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-5-17 46808]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2013-5-17 137960]
    R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [2012-8-23 2148216]
    R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-2-14 96768]
    R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-7-29 56960]
    R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-7-29 79104]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-1-24 565352]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [2012-7-4 11880]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-25 418376]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-25 701512]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-3-23 57856]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
    S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136]
    S3 LVUVC64;Logitech HD Webcam C270(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-25 25928]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-1-24 19456]
    S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2013-1-24 29696]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-24 57856]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-1-24 30208]
    S3 USBPNPA;USB PnP Sound Device Interface;C:\Windows\System32\drivers\CM10864.sys [2013-4-5 1310720]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-26 1255736]
    .
    =============== Created Last 30 ================
    .
    2013-07-06 05:19:18 9552976 —-a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5392CCE1-7B04-487F-B1A5-E07CAA336437}\mpengine.dll
    2013-07-05 14:03:44 ——– d—–w- C:\$RECYCLE.BIN
    2013-07-05 13:58:46 98816 —-a-w- C:\Windows\sed.exe
    2013-07-05 13:58:46 256000 —-a-w- C:\Windows\PEV.exe
    2013-07-05 13:58:46 208896 —-a-w- C:\Windows\MBR.exe
    2013-07-05 13:58:44 ——– d—–w- C:\ComboFix
    2013-07-05 10:48:15 ——– d—–w- C:\Windows\ERUNT
    2013-07-05 10:48:12 ——– d—–w- C:\JRT
    2013-07-04 16:52:26 ——– d—–w- C:\Users\Bert\AppData\Local\Downloader
    2013-07-04 16:52:11 ——– d—–w- C:\Program Files (x86)\Downloader
    2013-07-02 08:38:20 ——– d—–w- C:\Users\Bert\matrixiicache1
    2013-07-01 17:03:35 ——– d—–w- C:\ProgramData\SystemRequirementsLab
    2013-06-30 15:05:55 ——– d—–w- C:\Program Files (x86)\EZDownloader
    2013-06-30 09:38:53 ——– d—–w- C:\ProgramData\Hunter
    2013-06-22 18:24:47 ——– d—–w- C:\Program Files (x86)\Euro Truck Simulator 2
    2013-06-22 05:59:25 108968 —-a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
    2013-06-21 13:00:34 ——– d—–w- C:\Program Files (x86)\AMD AVT
    2013-06-20 18:25:51 ——– d—–w- C:\Users\Bert\AppData\Roaming\uTorrent
    2013-06-15 11:43:02 279040 —-a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2013-06-15 11:43:02 2706432 —-a-w- C:\Windows\SysWow64\mshtml.tlb
    2013-06-15 11:43:02 2706432 —-a-w- C:\Windows\System32\mshtml.tlb
    2013-06-15 11:43:02 218112 —-a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2013-06-14 08:02:47 ——– d—–w- C:\ProgramData\ManiaPlanet
    2013-06-14 08:02:47 ——– d—–w- C:\Program Files (x86)\ManiaPlanet
    2013-06-12 15:31:55 751104 —-a-w- C:\Windows\System32\win32spl.dll
    2013-06-08 12:17:54 ——– d—–w- C:\hitsplat
    2013-06-07 11:14:45 ——– d—–w- C:\Users\Bert\matrixiicache
    .
    ==================== Find3M ====================
    .
    2013-06-27 20:48:27 189936 —-a-w- C:\Windows\System32\drivers\aswVmm.sys
    2013-06-27 20:48:27 1030952 —-a-w- C:\Windows\System32\drivers\aswSnx.sys
    2013-06-22 05:59:23 972712 —-a-w- C:\Windows\System32\deployJava1.dll
    2013-06-22 05:59:23 1093032 —-a-w- C:\Windows\System32
    pDeployJava1.dll
    2013-06-21 11:53:34 71048 —-a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-06-21 11:53:34 692104 —-a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2013-06-12 19:48:23 867240 —-a-w- C:\Windows\SysWow64
    pDeployJava1.dll
    2013-06-12 19:48:17 789416 —-a-w- C:\Windows\SysWow64\deployJava1.dll
    2013-06-12 19:47:57 96168 —-a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    2013-06-03 07:14:45 38688 —-a-w- C:\Windows\System32\cc_20130603_091441.reg
    2013-05-28 06:44:35 53248 —-a-w- C:\Windows\SysWow64\unrar.dll
    2013-05-17 01:25:57 1767936 —-a-w- C:\Windows\SysWow64\wininet.dll
    2013-05-17 01:25:27 2877440 —-a-w- C:\Windows\SysWow64\jscript9.dll
    2013-05-17 01:25:26 61440 —-a-w- C:\Windows\SysWow64\iesetup.dll
    2013-05-17 01:25:26 109056 —-a-w- C:\Windows\SysWow64\iesysprep.dll
    2013-05-17 00:59:03 2241024 —-a-w- C:\Windows\System32\wininet.dll
    2013-05-17 00:58:10 3958784 —-a-w- C:\Windows\System32\jscript9.dll
    2013-05-17 00:58:08 67072 —-a-w- C:\Windows\System32\iesetup.dll
    2013-05-17 00:58:08 136704 —-a-w- C:\Windows\System32\iesysprep.dll
    2013-05-14 12:23:25 89600 —-a-w- C:\Windows\System32\RegisterIEPKEYs.exe
    2013-05-14 08:40:13 71680 —-a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
    2013-05-13 05:51:01 184320 —-a-w- C:\Windows\System32\cryptsvc.dll
    2013-05-13 05:51:00 1464320 —-a-w- C:\Windows\System32\crypt32.dll
    2013-05-13 05:51:00 139776 —-a-w- C:\Windows\System32\cryptnet.dll
    2013-05-13 05:50:40 52224 —-a-w- C:\Windows\System32\certenc.dll
    2013-05-13 04:45:55 140288 —-a-w- C:\Windows\SysWow64\cryptsvc.dll
    2013-05-13 04:45:55 1160192 —-a-w- C:\Windows\SysWow64\crypt32.dll
    2013-05-13 04:45:55 103936 —-a-w- C:\Windows\SysWow64\cryptnet.dll
    2013-05-13 03:43:55 1192448 —-a-w- C:\Windows\System32\certutil.exe
    2013-05-13 03:08:10 903168 —-a-w- C:\Windows\SysWow64\certutil.exe
    2013-05-13 03:08:06 43008 —-a-w- C:\Windows\SysWow64\certenc.dll
    2013-05-11 14:17:08 189248 —-a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2013-05-10 05:49:27 30720 —-a-w- C:\Windows\System32\cryptdlg.dll
    2013-05-10 03:20:54 24576 —-a-w- C:\Windows\SysWow64\cryptdlg.dll
    2013-05-09 08:59:07 72016 —-a-w- C:\Windows\System32\drivers\aswRdr2.sys
    2013-05-09 08:59:07 65336 —-a-w- C:\Windows\System32\drivers\aswRvrt.sys
    2013-05-09 08:59:06 80816 —-a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2013-05-09 08:59:06 270824 —-a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2013-05-09 08:59:06 22600 —-a-w- C:\Windows\System32\drivers\aswKbd.sys
    2013-05-09 08:59:06 131232 —-a-w- C:\Windows\System32\drivers\aswFW.sys
    2013-05-09 08:58:37 41664 —-a-w- C:\Windows\avastSS.scr
    2013-05-08 06:39:01 1910632 —-a-w- C:\Windows\System32\drivers\tcpip.sys
    2013-05-02 00:06:08 278800 ——w- C:\Windows\System32\MpSigStub.exe
    2013-04-30 08:41:24 840264 —-a-w- C:\Windows\SysWow64\pbsvc.exe
    2013-04-26 16:08:14 723230 —-a-w- C:\Windows\unins000.exe
    2013-04-26 04:55:21 492544 —-a-w- C:\Windows\SysWow64\win32spl.dll
    2013-04-25 23:30:32 1505280 —-a-w- C:\Windows\SysWow64\d3d11.dll
    2013-04-17 07:02:06 1230336 —-a-w- C:\Windows\SysWow64\WindowsCodecs.dll
    2013-04-17 06:24:46 1424384 —-a-w- C:\Windows\System32\WindowsCodecs.dll
    2013-04-13 05:49:23 135168 —-a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-04-13 05:49:19 350208 —-a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2013-04-13 05:49:19 308736 —-a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
    2013-04-13 05:49:19 111104 —-a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
    2013-04-13 04:45:16 474624 —-a-w- C:\Windows\apppatch\AcSpecfc.dll
    2013-04-13 04:45:15 2176512 —-a-w- C:\Windows\apppatch\AcGenral.dll
    2013-04-12 14:45:08 1656680 —-a-w- C:\Windows\System32\drivers
    tfs.sys
    2013-04-10 06:01:54 265064 —-a-w- C:\Windows\System32\drivers\dxgmms1.sys
    2013-04-10 06:01:53 983400 —-a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2013-04-10 03:30:50 3153920 —-a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 11:09:24,58 ===============
  • Laat weten hoe jouw Windows inmiddels draait en doe ook onderstaande:

    [b:7b0bb5db3b]Welk programma[/b:7b0bb5db3b]: [b:7b0bb5db3b]OTL.exe[/b:7b0bb5db3b][/color:7b0bb5db3b]
    [b:7b0bb5db3b]Waarvoor/waarom[/b:7b0bb5db3b]: multifunktioneel tool - analyse en fix
    [b:7b0bb5db3b]Moeilijkheidsgraad[/b:7b0bb5db3b]: geen.
    [b:7b0bb5db3b]Download[/b:7b0bb5db3b]: [b:7b0bb5db3b]OTL.exe[/color:7b0bb5db3b][/b:7b0bb5db3b] en plaats het bestand op het bureaublad.
    [b:7b0bb5db3b]Sluit voordat OTL.exe gaat scannen, eerst alle andere openstaande vensters![/b:7b0bb5db3b]

    [b:7b0bb5db3b]OTL.exe gebruiken[/b:7b0bb5db3b]:
    [list:7b0bb5db3b][list:7b0bb5db3b][*:7b0bb5db3b][b:7b0bb5db3b]Windows 2000[/color:7b0bb5db3b][/b:7b0bb5db3b] en [b:7b0bb5db3b]Windows XP[/b:7b0bb5db3b][/color:7b0bb5db3b]: dubbelklik op [b:7b0bb5db3b]OTL.exe[/b:7b0bb5db3b][/color:7b0bb5db3b].
    [*:7b0bb5db3b][b:7b0bb5db3b]Windows Vista[/b:7b0bb5db3b][/color:7b0bb5db3b], [b:7b0bb5db3b]Windows 7[/b:7b0bb5db3b][/color:7b0bb5db3b] en [b:7b0bb5db3b]Windows 8[/b:7b0bb5db3b][/color:7b0bb5db3b]: via rechtsklik op [b:7b0bb5db3b]OTL.exe[/b:7b0bb5db3b][/color:7b0bb5db3b] en kies voor "Als Administrator uitvoeren".[/list:u:7b0bb5db3b][/list:u:7b0bb5db3b]

    [list:7b0bb5db3b][*:7b0bb5db3b]Zet een vinkje bij [b:7b0bb5db3b]Scan All Users[/b:7b0bb5db3b], [b:7b0bb5db3b]LOP Check[/b:7b0bb5db3b] en bij [b:7b0bb5db3b]PURITY Check[/b:7b0bb5db3b].

    [*:7b0bb5db3b]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het kader onder [img:7b0bb5db3b]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:7b0bb5db3b]

    [code:1:7b0bb5db3b]
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    netsvcs
    BASESERVICES
    DRIVES
    msconfig
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %PROGRAMFILES%\*
    [/code:1:7b0bb5db3b]

    [*:7b0bb5db3b]Klik vervolgens op de knop [img:7b0bb5db3b]http://www.imgdumper.nl/uploads6/50cd93c69c626/50cd93c69be5b-OTL_-_Run_Scan_knop.jpg[/img:7b0bb5db3b].
    [*:7b0bb5db3b]Verander verder geen andere instellingen in OTL, alleen tenzij ik hiervoor specifiek instructies geef.
    [*:7b0bb5db3b]De scan zal niet heel erg lang duren.
    [list:7b0bb5db3b][*:7b0bb5db3b]Er zullen twee Kladblok-vensters geopend worden wanneer de scan klaar is: [b:7b0bb5db3b]OTL.Txt[/b:7b0bb5db3b] en [b:7b0bb5db3b]Extras.txt[/b:7b0bb5db3b].
    [*:7b0bb5db3b]Kopieer vervolgens de inhoud van zowel OTL.txt alsmede Extras.txt en plak die gegevens in je volgende bericht.[/list:u:7b0bb5db3b][/list:u:7b0bb5db3b]
    [b:7b0bb5db3b]Notabene:[/b:7b0bb5db3b][/color:7b0bb5db3b] indien het log niet in één bericht past, spreidt het dan over twee of meer berichten.
  • Ik heb de melding niet weer gehad.

    OTL logfile created on: 7-7-2013 11:34:44 - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bert\Downloads
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16614)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    7,98 Gb Total Physical Memory | 6,52 Gb Available Physical Memory | 81,63% Memory free
    15,96 Gb Paging File | 14,40 Gb Available in Paging File | 90,20% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 224,13 Gb Total Space | 107,98 Gb Free Space | 48,18% Space Free | Partition Type: NTFS
    Drive D: | 1863,01 Gb Total Space | 1649,25 Gb Free Space | 88,53% Space Free | Partition Type: NTFS

    Computer Name: BERT-PC | User Name: Bert | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========[/color:a552f7a2af]

    PRC - [2013-07-05 10:39:46 | 000,602,112 | —- | M] (OldTimer Tools) – C:\Users\Bert\Downloads\OTL.exe
    PRC - [2013-06-27 14:23:57 | 001,104,384 | —- | M] (Spotify Ltd) – C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
    PRC - [2013-05-09 10:58:30 | 004,858,968 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2013-05-09 10:58:30 | 000,046,808 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2013-05-09 10:58:27 | 000,137,960 | —- | M] (AVAST Software) – C:\Program Files\AVAST Software\Avast\afwServ.exe
    PRC - [2013-04-04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) – C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2013-04-04 14:50:32 | 000,532,040 | —- | M] (Malwarebytes Corporation) – C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2013-04-04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) – C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    PRC - [2012-02-08 11:49:16 | 000,380,416 | —- | M] () – C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe
    PRC - [2012-01-18 07:44:52 | 000,450,848 | —- | M] (Logitech Inc.) – C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe


    ========== Modules (No Company Name) ==========[/color:a552f7a2af]

    MOD - [2012-02-08 11:49:16 | 000,380,416 | —- | M] () – C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe


    ========== Services (SafeList) ==========[/color:a552f7a2af]

    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:58:30 | 000,046,808 | —- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\AvastSvc.exe – (avast! Antivirus)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:58:27 | 000,137,960 | —- | M] (AVAST Software) [Auto | Running] – C:\Program Files\AVAST Software\Avast\afwServ.exe – (avast! Firewall)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-03-29 03:34:18 | 000,241,152 | —- | M] (AMD) [Auto | Running] – C:\Windows\SysNative\atiesrxx.exe – (AMD External Events Utility)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-12-19 17:32:12 | 000,361,984 | —- | M] (Advanced Micro Devices, Inc.) [Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe – (AMD FUEL Service)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:27 | 001,011,712 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Program Files\Windows Defender\MpSvc.dll – (WinDefend)
    SRV - [2013-06-21 13:53:35 | 000,256,904 | —- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] – C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe – (AdobeFlashPlayerUpdateSvc)
    SRV - [2013-06-07 00:06:24 | 000,543,656 | —- | M] (Valve Corporation) [On_Demand | Stopped] – C:\Program Files (x86)\Common Files\Steam\SteamService.exe – (Steam Client Service)
    SRV - [2013-06-03 16:34:46 | 000,162,408 | R— | M] (Skype Technologies) [Auto | Stopped] – C:\Program Files (x86)\Skype\Updater\Updater.exe – (SkypeUpdate)
    SRV - [2013-05-10 09:57:22 | 000,065,640 | —- | M] (Adobe Systems Incorporated) [Disabled | Stopped] – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe – (AdobeARMservice)
    SRV - [2013-04-04 14:50:32 | 000,701,512 | —- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe – (MBAMService)
    SRV - [2013-04-04 14:50:32 | 000,418,376 | —- | M] (Malwarebytes Corporation) [Auto | Running] – C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe – (MBAMScheduler)
    SRV - [2012-08-23 12:31:24 | 002,148,216 | —- | M] (AVG) [Auto | Running] – C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe – (TuneUp.UtilitiesSvc)
    SRV - [2012-01-18 07:44:52 | 000,450,848 | —- | M] (Logitech Inc.) [Auto | Running] – C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe – (UMVPFSrv)
    SRV - [2010-03-18 22:16:28 | 000,130,384 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe – (clr_optimization_v4.0.30319_32)
    SRV - [2009-06-10 23:23:09 | 000,066,384 | —- | M] (Microsoft Corporation) [Disabled | Stopped] – C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe – (clr_optimization_v2.0.50727_32)
    SRV - [2007-12-17 05:00:00 | 000,163,840 | —- | M] (SEIKO EPSON CORPORATION) [Auto | Running] – C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE – (EPSON_EB_RPCV4_01)
    SRV - [2007-01-11 05:02:00 | 000,126,464 | —- | M] (SEIKO EPSON CORPORATION) [Auto | Running] – C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE – (EPSON_PM_RPCV4_01)


    ========== Driver Services (SafeList) ==========[/color:a552f7a2af]

    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-06-27 22:48:27 | 001,030,952 | —- | M] (AVAST Software) [File_System | System | Running] – C:\Windows\SysNative\drivers\aswSnx.sys – (aswSnx)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-06-27 22:48:27 | 000,378,944 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswSP.sys – (aswSP)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-06-27 22:48:27 | 000,189,936 | —- | M] () [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswVmm.sys – (aswVmm)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:07 | 000,072,016 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswRdr2.sys – (aswRdr)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:07 | 000,065,336 | —- | M] () [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswRvrt.sys – (aswRvrt)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:07 | 000,064,288 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswTdi.sys – (aswTdi)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,270,824 | —- | M] (AVAST Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis2.sys – (aswNdis2)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,131,232 | —- | M] (AVAST Software) [Kernel | System | Running] – C:\Windows\SysNative\drivers\aswFW.sys – (aswFW)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,080,816 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswMonFlt.sys – (aswMonFlt)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,033,400 | —- | M] (AVAST Software) [File_System | Auto | Running] – C:\Windows\SysNative\drivers\aswFsBlk.sys – (aswFsBlk)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-09 10:59:06 | 000,022,600 | —- | M] (AVAST Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswKbd.sys – (aswKbd)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-04-04 14:50:32 | 000,025,928 | —- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] – C:\Windows\SysNative\drivers\mbam.sys – (MBAMProtector)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-03-29 04:35:02 | 011,658,752 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmdag.sys – (amdkmdag)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-03-29 03:09:44 | 000,581,120 | —- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\atikmpag.sys – (amdkmdap)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-02-14 13:41:10 | 000,096,768 | —- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\AtihdW76.sys – (AtiHDAudioService)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,057,856 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbFlt.sys – (TsUsbFlt)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,030,208 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\TsUsbGD.sys – (TsUsbGD)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,029,696 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\terminpt.sys – (terminpt)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:37:07 | 000,019,456 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\rdpvideominiport.sys – (RdpVideoMiniport)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-16 17:54:04 | 001,310,720 | —- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\CM10864.sys – (USBPNPA)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-12-09 11:51:20 | 000,126,944 | —- | M] (Power Software Ltd) [Kernel | System | Running] – C:\Windows\SysNative\drivers\scdemu.sys – (SCDEmu)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-09-21 11:26:08 | 000,012,368 | —- | M] (ALWIL Software) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\aswNdis.sys – (aswNdis)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-09-12 16:20:04 | 000,057,856 | —- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\fssfltr.sys – (fssfltr)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-04-09 11:13:58 | 000,057,472 | —- | M] (Advanced Micro Devices) [Kernel | Auto | Running] – C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys – (AODDriver4.2)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-03-01 08:46:16 | 000,023,408 | —- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] – C:\Windows\SysNative\drivers\fs_rec.sys – (Fs_Rec)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-01-18 07:44:36 | 004,865,568 | —- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lvuvc64.sys – (LVUVC64)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-01-18 07:44:28 | 000,351,136 | —- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lvrs64.sys – (LVRS64)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-10-09 17:29:28 | 000,040,576 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amd_xata.sys – (amd_xata)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-10-09 17:29:26 | 000,080,000 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amd_sata.sys – (amd_sata)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-08-23 15:57:24 | 000,565,352 | —- | M] (Realtek ) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\Rt64win7.sys – (RTL8167)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-07-29 05:40:00 | 000,079,104 | —- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\EtronXHCI.sys – (EtronXHCI)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-07-29 05:40:00 | 000,056,960 | —- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] – C:\Windows\SysNative\drivers\EtronHub3.sys – (EtronHub3)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-07-06 12:12:50 | 000,367,976 | —- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\RtHDMIVX.sys – (RTHDMIAzAudService)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-03-11 08:41:12 | 000,107,904 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdsata.sys – (amdsata)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-03-11 08:41:12 | 000,027,008 | —- | M] (Advanced Micro Devices) [Kernel | Boot | Running] – C:\Windows\SysNative\drivers\amdxata.sys – (amdxata)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:47 | 000,078,720 | —- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\HpSAMD.sys – (HpSAMD)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:52:20 | 000,194,128 | —- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\amdsbs.sys – (amdsbs)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:48:04 | 000,065,600 | —- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\lsi_sas2.sys – (LSI_SAS2)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:45:55 | 000,024,656 | —- | M] (Promise Technology) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\stexstor.sys – (stexstor)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:35:02 | 000,281,088 | —- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\e1y60x64.sys – (e1yexpress)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:34:33 | 003,286,016 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\evbda.sys – (ebdrv)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:34:28 | 000,468,480 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\bxvbda.sys – (b06bdrv)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:34:23 | 000,270,848 | —- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\b57nd60a.sys – (b57nd60a)
    DRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-06-10 22:31:59 | 000,031,232 | —- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysNative\drivers\hcw85cir.sys – (hcw85cir)
    DRV - [2012-07-04 16:26:12 | 000,011,880 | —- | M] (TuneUp Software) [Kernel | On_Demand | Running] – C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys – (TuneUpUtilitiesDrv)
    DRV - [2011-07-15 13:35:20 | 000,015,664 | —- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\GEARAspiWDM.sys – (GEARAspiWDM)
    DRV - [2009-07-14 03:19:10 | 000,019,008 | —- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] – C:\Windows\SysWOW64\drivers\wimmount.sys – (WIMMount)


    ========== Standard Registry (SafeList) ==========[/color:a552f7a2af]


    ========== Internet Explorer ==========[/color:a552f7a2af]

    IE:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\SearchScopes,DefaultScope =
    IE:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.diesiedleronline.de/de/startseite
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = nl-NL
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4A 8E CF E6 AB FA CD 01 [binary data]
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
    IE - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


    ========== FireFox ==========[/color:a552f7a2af]

    FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
    FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32
    pDeployJava1.dll (Oracle Corporation)
    FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2
    pjp2.dll (Oracle Corporation)
    FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
    FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4
    pesnsonar.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3
    pesnlaunch.dll (ESN Social Software AB)
    FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\Program Files (x86)\Downloader
    pdd.dll (Metaboli)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64
    pDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2
    pjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0
    pctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.149
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.149
    pGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR
    ppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Bert\AppData\Local\Facebook\Messenger\2.1.4814.0
    pFbDesktopPlugin.dll (Facebook, Inc.)
    FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher
    puplaypc.dll ()


    [2013-03-27 13:21:32 | 000,000,000 | —D | M] (No name found) – C:\Users\Bert\AppData\Roaming\mozilla\Extensions
    [2013-03-27 13:21:32 | 000,000,000 | —D | M] (No name found) – C:\Users\Bert\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com

    ========== Chrome ==========[/color:a552f7a2af]

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
    CHR - homepage: http://www.diesiedleronline.de/de/startseite
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser
    ppdf32.dll
    CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3
    pesnlaunch.dll
    CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4
    pesnsonar.dll
    CHR - plugin: Downloader Detector (Enabled) = C:\Program Files (x86)\Downloader
    pdd.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145
    pGoogleUpdate3.dll
    CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2
    pjp2.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0
    pctrl.dll
    CHR - plugin: Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Facebook Desktop (Enabled) = C:\Users\Bert\AppData\Local\Facebook\Messenger\2.1.4814.0
    pFbDesktopPlugin.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    CHR - plugin: Java Deployment Toolkit 7.0.250.16 (Enabled) = C:\Windows\SysWOW64
    pDeployJava1.dll
    CHR - Extension: YouTube = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: Google Zoeken = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: avast! Online Security = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
    CHR - Extension: Aurora Borealis = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhgabjnegoagblmhfaapeobckmchihci\1_0\
    CHR - Extension: Image Search by Cooliris = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllgofbnhaihnfbokejhcndhoogagdmk\1.0.3_0\
    CHR - Extension: Gmail = C:\Users\Bert\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2013-07-05 16:03:43 | 000,000,027 | —- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
    O2:[b:a552f7a2af]64bit:[/b:a552f7a2af] - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
    O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files (x86)\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe ()
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002..\Run: [Spotify Web Helper] C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2418530806-2394264233-3435411408-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.54.35.25 212.54.40.25
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B629CB8-C6D6-4AE4-9638-DE27D7734B4B}: DhcpNameServer = 212.54.35.25 212.54.40.25
    O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\livecall - No CLSID value found
    O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\msnim - No CLSID value found
    O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\skype4com - No CLSID value found
    O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\livecall - No CLSID value found
    O18 - Protocol\Handler\msnim - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18:[b:a552f7a2af]64bit:[/b:a552f7a2af] - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
    O20:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O21:[b:a552f7a2af]64bit:[/b:a552f7a2af] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..comfile [open] – "%1" %*
    O35:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\..exefile [open] – "%1" %*
    O35 - HKLM\..comfile [open] – "%1" %*
    O35 - HKLM\..exefile [open] – "%1" %*
    O37:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\…com [@ = ComFile] – "%1" %*
    O37:[b:a552f7a2af]64bit:[/b:a552f7a2af] - HKLM\…exe [@ = exefile] – "%1" %*
    O37 - HKLM\…com [@ = ComFile] – "%1" %*
    O37 - HKLM\…exe [@ = exefile] – "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)


    MsConfig:64bit - StartUpFolder: C:^Users^Bert^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk - C:\Users\Bert\AppData\Local\Facebook\MESSEN~1\214814~1.0\FACEBO~1.EXE - (Facebook)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]Adobe ARM[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]BlueStacks Agent[/b:a552f7a2af] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]boincmgr[/b:a552f7a2af] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]boinctray[/b:a552f7a2af] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]Dolby Home Theater v4[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]EADM[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]EPSON PX710W Series[/b:a552f7a2af] - hkey= - key= - C:\Windows\SysNative\spool\DRIVERS\x64\3\E_IATIFSE.EXE (SEIKO EPSON CORPORATION)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]Facebook Update[/b:a552f7a2af] - hkey= - key= - C:\Users\Bert\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]msnmsgr[/b:a552f7a2af] - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]PWRISOVM.EXE[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (Power Software Ltd)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]RtHDVBg_Dolby[/b:a552f7a2af] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]RTHDVCPL[/b:a552f7a2af] - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]Spotify[/b:a552f7a2af] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]Spotify Web Helper[/b:a552f7a2af] - hkey= - key= - C:\Users\Bert\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
    MsConfig:64bit - StartUpReg: [b:a552f7a2af]Steam[/b:a552f7a2af] - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    MsConfig:64bit - State: "startup" - Reg Error: Key error.

    ========== Files/Folders - Created Within 30 Days ==========[/color:a552f7a2af]

    [2013-07-07 10:57:07 | 000,688,992 | R— | C] (Swearware) – C:\Users\Bert\Desktop\dds.com
    [2013-07-05 16:03:44 | 000,000,000 | —D | C] – C:\$RECYCLE.BIN
    [2013-07-05 16:02:35 | 000,000,000 | —D | C] – C:\Windows\temp
    [2013-07-05 15:58:46 | 000,518,144 | —- | C] (SteelWerX) – C:\Windows\SWREG.exe
    [2013-07-05 15:58:46 | 000,406,528 | —- | C] (SteelWerX) – C:\Windows\SWSC.exe
    [2013-07-05 15:58:46 | 000,060,416 | —- | C] (NirSoft) – C:\Windows\NIRCMD.exe
    [2013-07-05 15:58:44 | 000,000,000 | —D | C] – C:\ComboFix
    [2013-07-05 15:58:43 | 000,000,000 | —D | C] – C:\Qoobox
    [2013-07-05 15:58:36 | 000,000,000 | —D | C] – C:\Windows\erdnt
    [2013-07-05 12:48:15 | 000,000,000 | —D | C] – C:\Windows\ERUNT
    [2013-07-05 12:48:12 | 000,000,000 | —D | C] – C:\JRT
    [2013-07-04 18:52:26 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Local\Downloader
    [2013-07-04 18:52:11 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Downloader
    [2013-07-04 18:52:11 | 000,000,000 | —D | C] – C:\Program Files (x86)\Downloader
    [2013-07-02 10:38:20 | 000,000,000 | —D | C] – C:\Users\Bert\matrixiicache1
    [2013-07-01 19:03:35 | 000,000,000 | —D | C] – C:\ProgramData\SystemRequirementsLab
    [2013-06-30 17:05:55 | 000,000,000 | —D | C] – C:\Program Files (x86)\EZDownloader
    [2013-06-30 11:53:54 | 000,000,000 | —D | C] – C:\Users\Bert\Documents\theHunter
    [2013-06-30 11:38:53 | 000,000,000 | —D | C] – C:\ProgramData\Hunter
    [2013-06-24 21:18:20 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\Epson
    [2013-06-24 19:59:07 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
    [2013-06-22 20:25:47 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Euro Truck Simulator 2
    [2013-06-22 20:24:47 | 000,000,000 | —D | C] – C:\Program Files (x86)\Euro Truck Simulator 2
    [2013-06-22 07:59:28 | 000,312,232 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\javaws.exe
    [2013-06-22 07:59:25 | 000,189,352 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\javaw.exe
    [2013-06-22 07:59:25 | 000,188,840 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\java.exe
    [2013-06-22 07:59:25 | 000,108,968 | —- | C] (Oracle Corporation) – C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2013-06-22 07:59:22 | 000,000,000 | —D | C] – C:\Program Files\Java
    [2013-06-21 15:00:36 | 000,000,000 | —D | C] – C:\ProgramData\ATI
    [2013-06-21 15:00:34 | 000,000,000 | —D | C] – C:\Program Files (x86)\AMD AVT
    [2013-06-21 15:00:26 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
    [2013-06-20 20:25:51 | 000,000,000 | —D | C] – C:\Users\Bert\AppData\Roaming\uTorrent
    [2013-06-19 18:33:01 | 000,263,592 | —- | C] (Oracle Corporation) – C:\Windows\SysWow64\javaws.exe
    [2013-06-15 13:43:01 | 000,526,336 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\ieui.dll
    [2013-06-15 13:43:01 | 000,391,168 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\ieui.dll
    [2013-06-14 20:42:09 | 000,000,000 | —D | C] – C:\Users\Bert\Documents\Rockstar Games
    [2013-06-14 10:03:27 | 000,000,000 | —D | C] – C:\Users\Bert\Documents\ManiaPlanet
    [2013-06-14 10:03:08 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ManiaPlanet
    [2013-06-14 10:02:47 | 000,000,000 | —D | C] – C:\ProgramData\ManiaPlanet
    [2013-06-14 10:02:47 | 000,000,000 | —D | C] – C:\Program Files (x86)\ManiaPlanet
    [2013-06-13 03:00:47 | 000,136,704 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\iesysprep.dll
    [2013-06-13 03:00:47 | 000,109,056 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iesysprep.dll
    [2013-06-13 03:00:47 | 000,089,600 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\RegisterIEPKEYs.exe
    [2013-06-13 03:00:47 | 000,071,680 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\RegisterIEPKEYs.exe
    [2013-06-13 03:00:47 | 000,067,072 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\iesetup.dll
    [2013-06-13 03:00:47 | 000,061,440 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iesetup.dll
    [2013-06-13 03:00:47 | 000,051,712 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\ie4uinit.exe
    [2013-06-13 03:00:47 | 000,039,936 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\iernonce.dll
    [2013-06-13 03:00:47 | 000,033,280 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\iernonce.dll
    [2013-06-13 03:00:46 | 000,603,136 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\msfeeds.dll
    [2013-06-13 03:00:45 | 003,958,784 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript9.dll
    [2013-06-13 03:00:45 | 000,855,552 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\jscript.dll
    [2013-06-13 03:00:45 | 000,690,688 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\jscript.dll
    [2013-06-12 17:31:55 | 000,751,104 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\win32spl.dll
    [2013-06-12 17:31:55 | 000,492,544 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\win32spl.dll
    [2013-06-12 17:31:54 | 000,030,720 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\cryptdlg.dll
    [2013-06-12 17:31:54 | 000,024,576 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\cryptdlg.dll
    [2013-06-12 17:31:52 | 001,424,384 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\WindowsCodecs.dll
    [2013-06-12 17:31:51 | 001,464,320 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\crypt32.dll
    [2013-06-12 17:31:51 | 001,192,448 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\certutil.exe
    [2013-06-12 17:31:51 | 000,903,168 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\certutil.exe
    [2013-06-12 17:31:50 | 000,139,776 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\cryptnet.dll
    [2013-06-12 17:31:50 | 000,052,224 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\certenc.dll
    [2013-06-12 17:31:50 | 000,043,008 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\certenc.dll
    [2013-06-12 17:31:48 | 001,887,232 | —- | C] (Microsoft Corporation) – C:\Windows\SysNative\d3d11.dll
    [2013-06-12 17:31:48 | 001,505,280 | —- | C] (Microsoft Corporation) – C:\Windows\SysWow64\d3d11.dll
    [2013-06-10 21:29:53 | 000,000,000 | —D | C] – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
    [2013-06-08 14:17:54 | 000,000,000 | —D | C] – C:\hitsplat
    [2013-06-07 13:14:45 | 000,000,000 | —D | C] – C:\Users\Bert\matrixiicache
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========[/color:a552f7a2af]

    [2013-07-07 11:22:00 | 000,001,052 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013-07-07 11:19:24 | 000,025,616 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2013-07-07 11:19:24 | 000,025,616 | -H– | M] () – C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2013-07-07 11:17:53 | 001,663,048 | —- | M] () – C:\Windows\SysNative\PerfStringBackup.INI
    [2013-07-07 11:17:53 | 000,743,092 | —- | M] () – C:\Windows\SysNative\perfh013.dat
    [2013-07-07 11:17:53 | 000,651,938 | —- | M] () – C:\Windows\SysNative\perfh009.dat
    [2013-07-07 11:17:53 | 000,152,208 | —- | M] () – C:\Windows\SysNative\perfc013.dat
    [2013-07-07 11:17:53 | 000,120,870 | —- | M] () – C:\Windows\SysNative\perfc009.dat
    [2013-07-07 11:17:00 | 000,000,940 | —- | M] () – C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013-07-07 11:12:27 | 000,001,048 | —- | M] () – C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013-07-07 11:12:23 | 000,067,584 | –S- | M] () – C:\Windows\bootstat.dat
    [2013-07-07 11:12:22 | 2132,709,375 | -HS- | M] () – C:\hiberfil.sys
    [2013-07-07 10:57:12 | 000,688,992 | R— | M] (Swearware) – C:\Users\Bert\Desktop\dds.com
    [2013-07-07 10:23:01 | 000,000,924 | —- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job
    [2013-07-06 14:53:49 | 000,000,024 | —- | M] () – C:\Users\Bert\random.dat
    [2013-07-06 14:46:26 | 000,000,043 | —- | M] () – C:\Users\Bert\matrixii_cl_matrix_LIVE.dat
    [2013-07-05 16:23:00 | 000,000,902 | —- | M] () – C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job
    [2013-07-05 16:03:43 | 000,000,027 | —- | M] () – C:\Windows\SysNative\drivers\etc\hosts
    [2013-07-05 15:58:20 | 000,001,457 | —- | M] () – C:\Users\Bert\Desktop\ComboFix - Snelkoppeling.lnk
    [2013-07-05 12:41:14 | 000,001,180 | —- | M] () – C:\Users\Bert\Desktop\adwcleaner.lnk
    [2013-07-05 12:38:45 | 000,001,216 | —- | M] () – C:\Users\Bert\Desktop\RogueKillerX64.lnk
    [2013-07-05 12:38:39 | 000,001,107 | —- | M] () – C:\Users\Bert\Desktop\JRT.lnk
    [2013-07-05 10:40:39 | 000,001,418 | —- | M] () – C:\Users\Bert\Desktop\OTL.lnk
    [2013-07-04 18:57:20 | 000,001,094 | —- | M] () – C:\Users\Public\Desktop\ManiaPlanet.lnk
    [2013-07-02 11:02:33 | 000,000,044 | —- | M] () – C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat
    [2013-07-02 10:38:03 | 000,089,659 | —- | M] () – C:\Users\Bert\Documents\CXMXLauncher.jar
    [2013-06-27 22:48:27 | 001,030,952 | —- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSnx.sys
    [2013-06-27 22:48:27 | 000,378,944 | —- | M] (AVAST Software) – C:\Windows\SysNative\drivers\aswSP.sys
    [2013-06-27 22:48:27 | 000,189,936 | —- | M] () – C:\Windows\SysNative\drivers\aswVmm.sys
    [2013-06-27 22:48:27 | 000,000,175 | —- | M] () – C:\Windows\SysNative\drivers\aswVmm.sys.sum
    [2013-06-27 22:48:27 | 000,000,175 | —- | M] () – C:\Windows\SysNative\drivers\aswSP.sys.sum
    [2013-06-27 22:48:27 | 000,000,175 | —- | M] () – C:\Windows\SysNative\drivers\aswSnx.sys.sum
    [2013-06-24 21:17:19 | 000,000,858 | —- | M] () – C:\Users\Public\Desktop\Print CD.lnk
    [2013-06-22 20:25:47 | 000,001,343 | —- | M] () – C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
    [2013-06-22 07:59:23 | 001,093,032 | —- | M] (Oracle Corporation) – C:\Windows\SysNative
    pDeployJava1.dll
    [2013-06-22 07:59:23 | 000,972,712 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\deployJava1.dll
    [2013-06-22 07:59:23 | 000,312,232 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\javaws.exe
    [2013-06-22 07:59:23 | 000,189,352 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\javaw.exe
    [2013-06-22 07:59:23 | 000,188,840 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\java.exe
    [2013-06-22 07:59:23 | 000,108,968 | —- | M] (Oracle Corporation) – C:\Windows\SysNative\WindowsAccessBridge-64.dll
    [2013-06-21 13:53:34 | 000,692,104 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerApp.exe
    [2013-06-21 13:53:34 | 000,071,048 | —- | M] (Adobe Systems Incorporated) – C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2013-06-20 20:26:52 | 000,000,866 | —- | M] () – C:\Users\Public\Desktop\µTorrent.lnk
    [2013-06-20 20:26:52 | 000,000,866 | —- | M] () – C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013-06-20 18:19:04 | 000,002,190 | —- | M] () – C:\Users\Public\Desktop\Google Chrome.lnk
    [2013-06-18 15:28:11 | 000,002,764 | —- | M] () – C:\Users\Bert\Documents\FinalSetList.rtf
    [2013-06-14 10:15:49 | 000,000,312 | —- | M] () – C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf
    [2013-06-14 03:01:51 | 001,640,272 | —- | M] () – C:\Windows\SysWow64\PerfStringBackup.INI
    [2013-06-12 21:48:23 | 000,867,240 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64
    pDeployJava1.dll
    [2013-06-12 21:48:17 | 000,789,416 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\deployJava1.dll
    [2013-06-12 21:47:57 | 000,096,168 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\WindowsAccessBridge-32.dll
    [2013-06-12 21:43:48 | 000,263,592 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\javaws.exe
    [2013-06-12 21:43:44 | 000,175,016 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\javaw.exe
    [2013-06-12 21:43:25 | 000,175,016 | —- | M] (Oracle Corporation) – C:\Windows\SysWow64\java.exe
    [2013-06-10 21:29:53 | 000,000,517 | —- | M] () – C:\Users\Public\Desktop\Fraps.lnk
    [2013-06-08 16:08:18 | 000,000,043 | —- | M] () – C:\Users\Bert\jagex_cl_runescape_LIVE.dat
    [2013-06-08 16:06:58 | 000,526,336 | —- | M] (Microsoft Corporation) – C:\Windows\SysNative\ieui.dll
    [2013-06-08 13:40:02 | 000,391,168 | —- | M] (Microsoft Corporation) – C:\Windows\SysWow64\ieui.dll
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========[/color:a552f7a2af]

    [2013-07-05 15:58:46 | 000,256,000 | —- | C] () – C:\Windows\PEV.exe
    [2013-07-05 15:58:46 | 000,208,896 | —- | C] () – C:\Windows\MBR.exe
    [2013-07-05 15:58:46 | 000,098,816 | —- | C] () – C:\Windows\sed.exe
    [2013-07-05 15:58:46 | 000,080,412 | —- | C] () – C:\Windows\grep.exe
    [2013-07-05 15:58:46 | 000,068,096 | —- | C] () – C:\Windows\zip.exe
    [2013-07-05 15:58:20 | 000,001,457 | —- | C] () – C:\Users\Bert\Desktop\ComboFix - Snelkoppeling.lnk
    [2013-07-05 12:41:14 | 000,001,180 | —- | C] () – C:\Users\Bert\Desktop\adwcleaner.lnk
    [2013-07-05 12:38:45 | 000,001,216 | —- | C] () – C:\Users\Bert\Desktop\RogueKillerX64.lnk
    [2013-07-05 12:38:39 | 000,001,107 | —- | C] () – C:\Users\Bert\Desktop\JRT.lnk
    [2013-07-05 10:40:20 | 000,001,418 | —- | C] () – C:\Users\Bert\Desktop\OTL.lnk
    [2013-07-02 10:38:20 | 000,000,044 | —- | C] () – C:\Users\Bert\matrixii_cl_matrix_LIVE1.dat
    [2013-07-02 10:38:01 | 000,089,659 | —- | C] () – C:\Users\Bert\Documents\CXMXLauncher.jar
    [2013-06-27 22:48:27 | 000,000,175 | —- | C] () – C:\Windows\SysNative\drivers\aswVmm.sys.sum
    [2013-06-26 22:49:40 | 000,000,175 | —- | C] () – C:\Windows\SysNative\drivers\aswSnx.sys.sum
    [2013-06-26 22:49:39 | 000,000,175 | —- | C] () – C:\Windows\SysNative\drivers\aswSP.sys.sum
    [2013-06-24 21:17:19 | 000,000,858 | —- | C] () – C:\Users\Public\Desktop\Print CD.lnk
    [2013-06-22 20:25:47 | 000,001,343 | —- | C] () – C:\Users\Public\Desktop\Euro Truck Simulator 2.lnk
    [2013-06-20 20:26:52 | 000,000,866 | —- | C] () – C:\Users\Public\Desktop\µTorrent.lnk
    [2013-06-20 20:26:52 | 000,000,866 | —- | C] () – C:\Users\Bert\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2013-06-16 13:22:55 | 000,002,764 | —- | C] () – C:\Users\Bert\Documents\FinalSetList.rtf
    [2013-06-14 10:15:49 | 000,000,312 | —- | C] () – C:\Users\Bert\Documents\ManiaPlanetvalidation.rtf
    [2013-06-14 10:03:08 | 000,001,094 | —- | C] () – C:\Users\Public\Desktop\ManiaPlanet.lnk
    [2013-06-10 21:29:53 | 000,000,517 | —- | C] () – C:\Users\Public\Desktop\Fraps.lnk
    [2013-06-08 16:08:18 | 000,000,043 | —- | C] () – C:\Users\Bert\jagex_cl_runescape_LIVE.dat
    [2013-06-07 13:14:45 | 000,000,043 | —- | C] () – C:\Users\Bert\matrixii_cl_matrix_LIVE.dat
    [2013-05-28 08:44:35 | 000,053,248 | —- | C] () – C:\Windows\SysWow64\unrar.dll
    [2013-05-05 10:45:51 | 000,840,264 | —- | C] () – C:\Windows\SysWow64\pbsvc.exe
    [2013-05-03 13:37:34 | 000,000,527 | —- | C] () – C:\Windows\eReg.dat
    [2013-04-26 18:04:04 | 000,723,230 | —- | C] () – C:\Windows\unins000.exe
    [2013-04-26 18:04:04 | 000,143,173 | —- | C] () – C:\Windows\unins000.dat
    [2013-04-13 18:52:09 | 000,036,892 | —- | C] () – C:\Windows\SysWow64\bassmod.dll
    [2013-04-05 11:07:22 | 000,143,360 | —- | C] () – C:\Windows\Vmix108.dll
    [2013-04-05 11:07:22 | 000,000,169 | —- | C] () – C:\Windows\Cm108.ini.cfl
    [2013-04-05 11:07:14 | 000,001,459 | —- | C] () – C:\Windows\Cm108.ini.cfg
    [2013-04-05 11:07:14 | 000,000,237 | —- | C] () – C:\Windows\Cm108.ini.imi
    [2013-04-05 11:07:13 | 000,001,353 | —- | C] () – C:\Windows\cm108.ini
    [2013-04-01 13:45:57 | 000,000,043 | —- | C] () – C:\Users\Bert\jagex_cl_oldschool_LIVE.dat
    [2013-04-01 13:45:57 | 000,000,024 | —- | C] () – C:\Users\Bert\random.dat
    [2013-03-29 04:13:14 | 000,798,734 | —- | C] () – C:\Windows\SysWow64\amdocl_ld32.exe
    [2013-03-29 04:13:12 | 000,995,342 | —- | C] () – C:\Windows\SysWow64\amdocl_as32.exe
    [2013-03-23 13:15:18 | 000,003,584 | —- | C] () – C:\Users\Bert\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013-03-23 11:39:06 | 000,015,405 | —- | C] () – C:\Users\Bert\.TransferManager.db
    [2013-03-21 06:10:18 | 000,042,880 | —- | C] () – C:\Windows\SysWow64\xfcodec.dll
    [2013-01-28 09:33:11 | 000,000,000 | —- | C] () – C:\Windows\ativpsrm.bin
    [2013-01-26 20:41:36 | 000,582,656 | —- | C] () – C:\Users\Bert\AppData\Local\file__0.localstorage
    [2013-01-25 20:50:55 | 000,000,331 | —- | C] () – C:\Windows\game.ini
    [2013-01-24 19:47:30 | 000,000,010 | —- | C] () – C:\Windows\GSetup.ini
    [2012-11-27 01:18:46 | 000,038,912 | —- | C] () – C:\Windows\SysWow64\kdbsdk32.dll
    [2012-09-28 03:29:54 | 000,204,952 | —- | C] () – C:\Windows\SysWow64\ativvsvl.dat
    [2012-09-28 03:29:54 | 000,157,144 | —- | C] () – C:\Windows\SysWow64\ativvsva.dat
    [2012-06-22 13:19:01 | 001,640,272 | —- | C] () – C:\Windows\SysWow64\PerfStringBackup.INI
    [2012-01-18 07:44:00 | 010,920,984 | —- | C] () – C:\Windows\SysWow64\LogiDPP.dll
    [2012-01-18 07:44:00 | 000,336,408 | —- | C] () – C:\Windows\SysWow64\DevManagerCore.dll
    [2012-01-18 07:44:00 | 000,104,472 | —- | C] () – C:\Windows\SysWow64\LogiDPPApp.exe
    [2011-09-28 17:44:14 | 000,179,271 | —- | C] () – C:\Windows\SysWow64\xlive.dll.cat
    [2011-09-13 00:06:16 | 000,003,917 | —- | C] () – C:\Windows\SysWow64\atipblag.dat

    ========== ZeroAccess Check ==========[/color:a552f7a2af]

    [2009-07-14 06:55:00 | 000,000,227 | RHS- | M] () – C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll – [2013-02-27 07:52:56 | 014,172,672 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll – [2013-02-27 06:55:05 | 012,872,704 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll – [2009-07-14 03:40:51 | 000,909,312 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll – [2010-11-21 05:24:25 | 000,606,208 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll – [2009-07-14 03:41:56 | 000,505,856 | —- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========[/color:a552f7a2af]

    [2013-01-25 17:25:52 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\AVG
    [2013-03-21 20:28:43 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Belastingdienst
    [2013-06-27 09:21:35 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Epson
    [2013-03-23 12:39:05 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\GetRightToGo
    [2013-01-25 16:42:43 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\GHISLER
    [2013-01-25 17:38:54 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Opera
    [2013-06-11 08:31:26 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Origin
    [2013-03-27 13:22:20 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Philips
    [2013-03-27 13:21:29 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Philips-Songbird
    [2013-03-23 14:26:35 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\PowerISO
    [2013-06-27 14:27:38 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Spotify
    [2013-01-28 21:46:56 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\SystemRequirementsLab
    [2013-07-05 19:09:44 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\tixati
    [2013-04-08 09:57:55 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\TS3Client
    [2013-06-24 20:01:41 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\uTorrent
    [2013-03-28 15:17:55 | 000,000,000 | —D | M] – C:\Users\Bert\AppData\Roaming\Windows Live Writer

    ========== Purity Check ==========[/color:a552f7a2af]



    ========== Custom Scans ==========[/color:a552f7a2af]

    < services.* >[/color:a552f7a2af]
    [2009-07-14 07:08:49 | 000,000,006 | -H– | C] () – C:\Windows\Tasks\SA.DAT
    [2009-07-14 07:08:49 | 000,024,220 | —- | C] () – C:\Windows\Tasks\SCHEDLGU.TXT
    [2013-01-25 05:29:10 | 000,001,048 | —- | C] () – C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    [2013-01-25 05:29:10 | 000,001,052 | —- | C] () – C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    [2013-03-21 14:18:53 | 000,000,940 | —- | C] () – C:\Windows\Tasks\Adobe Flash Player Updater.job
    [2013-03-31 16:18:51 | 000,000,902 | —- | C] () – C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002Core.job
    [2013-03-31 16:18:51 | 000,000,924 | —- | C] () – C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2418530806-2394264233-3435411408-1002UA.job

    < explorer.exe >[/color:a552f7a2af]

    < winlogon.exe >[/color:a552f7a2af]

    < Userinit.exe >[/color:a552f7a2af]

    < svchost.exe >[/color:a552f7a2af]

    ========== Base Services ==========[/color:a552f7a2af]
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:40:01 | 000,072,192 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\aelupsvc.dll – (AeLookupSvc)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-02-27 07:47:10 | 000,070,144 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\appinfo.dll – (Appinfo)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:38:55 | 000,079,360 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\alg.exe – (ALG)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:51 | 000,849,920 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\qmgr.dll – (BITS)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:00 | 000,705,024 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\BFE.DLL – (BFE)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-11-17 08:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\lsass.exe – (KeyIso)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:40:50 | 000,402,944 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\es.dll – (EventSystem)
    SRV - [2009-07-14 03:15:19 | 000,271,360 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\es.dll – (EventSystem)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:38:23 | 000,136,704 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\browser.dll – (Browser)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-05-13 07:51:01 | 000,184,320 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\cryptsvc.dll – (CryptSvc)
    SRV - [2013-05-13 06:45:55 | 000,140,288 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\cryptsvc.dll – (CryptSvc)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:01 | 000,512,000 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (DcomLaunch)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:00 | 000,317,952 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dhcpcore.dll – (Dhcp)
    SRV - [2010-11-21 05:24:09 | 000,254,464 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\dhcpcore.dll – (Dhcp)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-03-03 08:24:16 | 000,183,296 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\dnsrslvr.dll – (Dnscache)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:40:35 | 000,111,104 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\eapsvc.dll – (EapHost)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:00 | 000,038,912 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\hidserv.dll – (hidserv)
    SRV - [2009-07-14 03:15:24 | 000,049,152 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\hidserv.dll – (hidserv)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:10 | 000,359,424 | —- | M] (Microsoft Corporation) [Auto | Stopped] – C:\Windows\SysNative\ipnathlp.dll – (SharedAccess)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:48 | 000,501,248 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\IPSECSVC.DLL – (PolicyAgent)
    No service found with a name of MsMpSvc
    No service found with a name of NisSrv
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:54 | 000,524,288 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\swprv.dll – (swprv)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:26 | 000,067,584 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\mmcss.dll – (MMCSS)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:52 | 000,360,448 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative
    etman.dll – (Netman)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:52 | 000,459,776 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative
    etprofm.dll – (netprofm)
    SRV - [2009-07-14 03:16:03 | 000,360,448 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64
    etprofm.dll – (netprofm)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2013-01-24 20:40:40 | 000,303,104 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative
    lasvc.dll – (NlaSvc)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:53 | 000,025,600 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative
    sisvc.dll – (nsi)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-05-24 13:42:55 | 000,404,480 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\umpnpmgr.dll – (PlugPlay)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-02-11 08:36:02 | 000,559,104 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\spoolsv.exe – (Spooler)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-11-17 08:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\lsass.exe – (ProtectedStorage)
    No service found with a name of EMDMgmt
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:53 | 000,099,328 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\rasauto.dll – (RasAuto)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:17 | 000,344,064 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\rasmans.dll – (RasMan)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:01 | 000,512,000 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\rpcss.dll – (RpcSs)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:16 | 000,030,720 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\seclogon.dll – (seclogon)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2011-11-17 08:33:55 | 000,031,232 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\lsass.exe – (SamSs)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:58 | 000,097,280 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\wscsvc.dll – (wscsvc)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:48 | 000,236,032 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\srvsvc.dll – (LanmanServer)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:55 | 000,370,688 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\shsvcs.dll – (ShellHWDetection)
    SRV - [2010-11-21 05:24:03 | 000,328,192 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysWOW64\shsvcs.dll – (ShellHWDetection)
    No service found with a name of slsvc
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:16 | 001,110,016 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\schedsvc.dll – (Schedule)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:32 | 000,316,928 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysNative\tapisrv.dll – (TapiSrv)
    SRV - [2010-11-21 05:24:00 | 000,242,176 | —- | M] (Microsoft Corporation) [On_Demand | Running] – C:\Windows\SysWOW64\tapisrv.dll – (TapiSrv)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2009-07-14 03:41:55 | 000,044,544 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\themeservice.dll – (Themes)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2012-05-01 07:40:20 | 000,209,920 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\profsvc.dll – (ProfSvc)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:23:55 | 001,600,512 | —- | M] (Microsoft Corporation) [On_Demand | Stopped] – C:\Windows\SysNative\VSSVC.exe – (VSS)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [2010-11-21 05:24:32 | 000,679,424 | —- | M] (Microsoft Corporation) [Auto | Running] – C:\Windows\SysNative\audiosrv.dll – (AudioSrv)
    SRV:[b:a552f7a2af]64bit:[/b:a552f7a2af] - [201
  • [b:266ebc1982]Sluit voordat OTL[/color:266ebc1982] de fix gaat doen, eerst alle andere openstaande vensters![/b:266ebc1982]
    [list:266ebc1982][*:266ebc1982][b:266ebc1982]Windows 2000[/color:266ebc1982][/b:266ebc1982] en [b:266ebc1982]Windows XP[/b:266ebc1982][/color:266ebc1982]: dubbelklik op [b:266ebc1982]OTL.exe[/b:266ebc1982].
    [*:266ebc1982][b:266ebc1982]Windows Vista[/b:266ebc1982][/color:266ebc1982], [b:266ebc1982]Windows 7[/b:266ebc1982][/color:266ebc1982] en [b:266ebc1982]Windows 8[/b:266ebc1982][/color:266ebc1982]: via rechtsklik op [b:266ebc1982]OTL.exe[/b:266ebc1982] en kies voor "Als Administrator uitvoeren".
    [b:266ebc1982][*:266ebc1982]Kopieer onderstaande in de Code-kader staande tekst en plak deze in het venster onder [img:266ebc1982]http://www.imgdumper.nl/uploads5/4f9111a6d2e57/4f9111a6d2a6c-OTL-2.png[/img:266ebc1982][/b:266ebc1982][/list:u:266ebc1982]

    [code:1:266ebc1982]
    :OTL
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    MsConfig:64bit - StartUpReg: BlueStacks Agent - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: boincmgr - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: boinctray - hkey= - key= - File not found
    MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - File not found


    :Services


    :Reg


    :Files
    ipconfig /flushdns /c

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [emptyjava]
    [emptyflash]
    [createrestorepoint]
    [reboot][/code:1:266ebc1982]


    [list:266ebc1982][*:266ebc1982]Klik daarna bovenaan op [img:266ebc1982]http://www.imgdumper.nl/uploads5/4f911cee9de47/4f911cee9da59-OTL-4.png[/img:266ebc1982]
    [*:266ebc1982]Laat het programma ongestoord zijn werk doen.
    [*:266ebc1982][b:266ebc1982]OTL zal na de scan melden dat de PC opnieuw opgestart gaat worden. Sta dat dus toe.[/b:266ebc1982][/color:266ebc1982]
    [*:266ebc1982]Klik op [b:266ebc1982]OK[/b:266ebc1982]
    [*:266ebc1982]Na het opnieuw opstarten wordt enkel een nieuw log geopend.
    [*:266ebc1982]Post via kopiëren en plakken de inhoud van dat OTL-scanlog.[/list:u:266ebc1982]
  • All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BlueStacks Agent\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\boincmgr\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\boinctray\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\msnmsgr\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    < ipconfig /flushdns /c >[/color:b41adcda50]
    Windows IP-configuratie
    De DNS-omzettingscache is leeggemaakt.
    C:\Users\Bert\Downloads\cmd.bat deleted successfully.
    C:\Users\Bert\Downloads\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Bert
    ->Temp folder emptied: 59856621 bytes
    ->Temporary Internet Files folder emptied: 228750664 bytes
    ->Java cache emptied: 9279617 bytes
    ->Google Chrome cache emptied: 379633318 bytes
    ->Opera cache emptied: 52344329 bytes
    ->Flash cache emptied: 2783 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 16930 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 37392 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 78335 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 696,00 mb

    C:\Windows\System32\drivers\etc\Hosts moved successfully.
    HOSTS file reset successfully

    [EMPTYJAVA]

    User: All Users

    User: Bert
    ->Java cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Bert
    ->Flash cache emptied: 0 bytes

    User: Default

    User: Default User

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 07072013_195621

    Files\Folders moved on Reboot…
    C:\Users\Bert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Users\Bert\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
    File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
    File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

    PendingFileRenameOperations files…

    Registry entries deleted on Reboot…
  • Alles naar wens inmiddels?
  • Ja nu is alles weer normaal. Mijn dank is groot.

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.