Discussie gesloten
Pagina 1 van 5 123 ... LaatsteLaatste
Resultaten: 1 t/m 10 van 46
Overzicht bedankjes4Bedankjes

windows verkenner werkt niet meer

Dit is een discussie over windows verkenner werkt niet meer in het forum Archief Bestrijding malware & virussen , en maakt deel van de Bestrijding malware & virussen categorie; Ik heb hetzelfde probleem , als ik mijn documenten ofzo wil openen komt er op ' windows verkenner werkt niet ...

  1. #1
    Lid
    Geregistreerd
    3 november 2009
    Locatie
    Boom, kontich
    Leeftijd
    18
    Berichten
    40

    Standaard windows verkenner werkt niet meer

    Ik heb hetzelfde probleem , als ik mijn documenten ofzo wil openen komt er op ' windows verkenner werkt niet meer' Deze word dan afgesloten en opnieuw opgestart, en zo gaat dat een aantal keer. Ik heb alles hierboven gelezen en heb de 2 logjes al gemaakt:
    Hitman:

    Code:
    HitmanPro 3.7.2.190
    www.hitmanpro.com
    
    
       Computer name . . . . : ROBIN-PC
       Windows . . . . . . . : 6.1.1.7601.X64/8
       User name . . . . . . : robin-PC\robin
       UAC . . . . . . . . . : Enabled
       License . . . . . . . : Trial (30 days left)
    
    
       Scan date . . . . . . : 2013-03-21 18:13:57
       Scan mode . . . . . . : Normal
       Scan duration . . . . : 6m 28s
       Disk access mode  . . : Direct disk access (SRB)
       Cloud . . . . . . . . : Internet
       Reboot  . . . . . . . : No
    
    
       Threats . . . . . . . : 2
       Traces  . . . . . . . : 403
    
    
       Objects scanned . . . : 1.520.864
       Files scanned . . . . : 33.988
       Remnants scanned  . . : 441.914 files / 1.044.962 keys
    
    
    Malware _____________________________________________________________________
    
    
       C:\Users\robin\Downloads\DownloadManagerSetup.exe -> Deleted
          Size . . . . . . . : 1.115.544 bytes
          Age  . . . . . . . : 106.7 days (2012-12-05 01:22:05)
          Entropy  . . . . . : 6.8
          SHA-256  . . . . . : 0549C54DBE2F1A671046DD883BF2DD94C4E6A6B4458E2D412A21812A72243062
        > G Data . . . . . . : Gen:Variant.Graftor.73061 (Engine A)
        > Ikarus . . . . . . : AdWare.SuspectCRC!IK
          Fuzzy  . . . . . . : 106.0
    
    
       C:\Users\robin\Downloads\PDFCreatorSetup.exe -> Quarantined
          Size . . . . . . . : 561.160 bytes
          Age  . . . . . . . : 429.0 days (2012-01-17 18:48:29)
          Entropy  . . . . . : 7.9
          SHA-256  . . . . . : 58B5EB841EF73D9F4BAA5C3C612054C150D7DD2F00AC79A507AD8E77ABFAFFA6
          RSA Key Size . . . : 2048
          Authenticode . . . : Self-signed
        > G Data . . . . . . : Gen:Variant.Application.InstallCore.1 (Engine A)
          Fuzzy  . . . . . . : 117.0
    
    
    
    
    Suspicious files ____________________________________________________________
    
    
       C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
          Size . . . . . . . : 10.570.224 bytes
          Age  . . . . . . . : 2.7 days (2013-03-19 01:49:56)
          Entropy  . . . . . : 7.4
          SHA-256  . . . . . : 79F24008F237E01DEDF4D4A74F272937A56D2B3733C6D6523AC8EC915D8CB448
          Product  . . . . . : Allods Online EU EN
          Publisher  . . . . : © 2011 Allods Team, Mail.Ru Games
          Description  . . . : Allods Online. Update system.
          Version  . . . . . : 4.0.0.67
          Copyright  . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/>
          RSA Key Size . . . : 2048
          Authenticode . . . : Invalid
          Fuzzy  . . . . . . : 25.0
             Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
             Authors name is missing in version info. This is not common to most programs.
          Forensic Cluster
             -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\
             -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent
             -1.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\
              0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
              7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
              9.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll
             12.6s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll
             12.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll
             13.4s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll
             16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version
             16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll
    
    
       C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
          Size . . . . . . . : 4.422.992 bytes
          Age  . . . . . . . : 2.7 days (2013-03-19 01:50:03)
          Entropy  . . . . . : 5.2
          SHA-256  . . . . . : 9022B710AC31D9697656623E0FBFC15D85EA603F22296671AB7F58041FC0D62F
          Product  . . . . . : Microsoft® Visual Studio® 10
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : MFCDLL Shared Library - Retail Version
          Version  . . . . . : 10.00.40219.325
          Copyright  . . . . : © Microsoft Corporation.  All rights reserved.
          RSA Key Size . . . : 2048
          Authenticode . . . : Invalid
          Fuzzy  . . . . . . : 22.0
             Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
             Time indicates that the file appeared recently on this computer.
          Forensic Cluster
             -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\
             -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent
             -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\
             -7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
              0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
              1.5s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll
              4.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll
              5.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll
              5.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll
              9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version
              9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll
    
    
       C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
          Size . . . . . . . : 10.570.224 bytes
          Age  . . . . . . . : 2.7 days (2013-03-19 01:40:52)
          Entropy  . . . . . : 5.9
          SHA-256  . . . . . : 7E008347D34B45ECD104E58BF82DD02C8AAECA3FA68267B5B75768829F3C7C00
          Product  . . . . . : Allods Online EU EN
          Publisher  . . . . : © 2011 Allods Team, Mail.Ru Games
          Description  . . . : Allods Online. Update system.
          Version  . . . . . : 4.0.0.67
          Copyright  . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/>
          RSA Key Size . . . : 2048
          Authenticode . . . : Invalid
          Fuzzy  . . . . . . : 23.0
             Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
             Time indicates that the file appeared recently on this computer.
             Authors name is missing in version info. This is not common to most programs.
          Forensic Cluster
             -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\
             -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent
             -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\
              0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
              2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
              2.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll
              3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll
              3.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll
              3.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll
              5.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll
              5.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll
             13.2s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version
    
    
       C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
          Size . . . . . . . : 4.422.992 bytes
          Age  . . . . . . . : 2.7 days (2013-03-19 01:40:54)
          Entropy  . . . . . : 3.8
          SHA-256  . . . . . : A8CF1635FCA88FFA01EBF14C6B307601A5C34837C8C0C211B81D2E01F45CA68D
          Product  . . . . . : Microsoft® Visual Studio® 10
          Publisher  . . . . : Microsoft Corporation
          Description  . . . : MFCDLL Shared Library - Retail Version
          Version  . . . . . : 10.00.40219.325
          Copyright  . . . . : © Microsoft Corporation.  All rights reserved.
          RSA Key Size . . . : 2048
          Authenticode . . . : Invalid
          Fuzzy  . . . . . . : 22.0
             Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
             Time indicates that the file appeared recently on this computer.
          Forensic Cluster
             -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\
             -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent
             -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\
             -2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
              0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
              0.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll
              0.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll
              1.4s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll
              1.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll
              2.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll
              3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll
             10.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version
    
    
       C:\Windows\SysWOW64\GameMon.des
          Size . . . . . . . : 4.702.568 bytes
          Age  . . . . . . . : 3.5 days (2013-03-18 06:46:25)
          Entropy  . . . . . : 7.9
          SHA-256  . . . . . : 05312FF57D5FB500E5C14669A4409840F25BB524731C75F5F220744F4B687460
          Product  . . . . . : nProtect Game Monitor
          Publisher  . . . . : INCA Internet Co., Ltd.
          Description  . . . : nProtect Game Monitor Rev 1909
          Version  . . . . . : 2012.10.25.1
          Copyright  . . . . : Copyright ⓒ 2000-2011 INCA Internet
          Service  . . . . . : npggsvc
          Fuzzy  . . . . . . : 31.0
             The file name extension of this program is not common.
             Starts automatically as a service during system bootup.
             Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
             Time indicates that the file appeared recently on this computer.
             The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
          Startup
             HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
          Forensic Cluster
             -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\
             -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgl.erl
             -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgl.erl
             -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgg.erl
             -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg.erl
             -35.7s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.ver
             -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Lineage2us.ini
             -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.des
             -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgmup.erl
             -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.erl
             -35.4s C:\Program Files\Common Files\INCA Shared\
             -35.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
             -14.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameMon.des
             -14.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg9x.des
             -12.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.des
             -12.4s C:\Windows\SysWOW64\nppt9x.vxd
             -11.9s C:\Windows\SysWOW64\npptNT2.sys
             -11.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Splash.jpg
             -8.9s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggscan.des
             -8.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggerror.des
             -6.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.des
             -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgm.erl
             -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgm.erl
              0.0s C:\Windows\SysWOW64\GameMon.des
              3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npsc.erl
              3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.erl
    
    
    
    
    Potential Unwanted Programs _________________________________________________
    
    
       C:\Program Files (x86)\BabylonToolbar\ (Babylon)
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\ (Babylon)
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\ (Babylon)
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll (Babylon)
          Size . . . . . . . : 333.824 bytes
          Age  . . . . . . . : 240.8 days (2012-07-23 23:49:10)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : D309E2C318742254C950EAD3C53FA2B2A35BFBD019371CA79EC6C2159650C520
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.5.29.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll (Babylon)
          Size . . . . . . . : 546.816 bytes
          Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : C177A19D6A6E7CEF31A97332F09FE7B9A7B9B1B3672A8BA78588584C38D33C03
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.5.29.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe (Babylon)
          Size . . . . . . . : 368.640 bytes
          Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : EB45B35335FD017B270D4540ECF54CD222C6008A86D4368372CF1AF2E8B72243
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.5.29.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon)
          Size . . . . . . . : 256.000 bytes
          Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 10C5F609A94F6CD865E541C3D05AA5D1E971EF4B74BF6CF10388181741E50B16
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.5.29.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\ (Babylon)
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon)
          Size . . . . . . . : 240.640 bytes
          Age  . . . . . . . : 240.8 days (2012-07-23 23:49:10)
          Entropy  . . . . . : 6.2
          SHA-256  . . . . . : 9618A5E352853748D42AC2980C55B51C5146A94EDC8D14A293432A7BFA9C53FA
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon BHO
          Description
          Version  . . . . . : 1.5.29.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll (Babylon)
          Size . . . . . . . : 58.880 bytes
          Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : 00489A8E6828E7F11E37CBCF5A97F43AD45908655426790F602AB60496136341
          Fuzzy  . . . . . . : 6.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe (Babylon)
          Size . . . . . . . : 200.914 bytes
          Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
          Entropy  . . . . . : 7.9
          SHA-256  . . . . . : 11491E5936388AFEAD34FB739426B206ED17E93150769289A6DCD3F2DD7F3271
          Product  . . . . . : ${PRDCT_DSP}
          Publisher  . . . . : BabylonToolbar
          Version  . . . . . : 1.5.29.1
          Fuzzy  . . . . . . : 8.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\ (Babylon)
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll (Babylon)
          Size . . . . . . . : 308.736 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : ADD621CD1EC5A282E07CFA41250B52EE820D8A89C0A819E82557897089FD712B
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.8.3.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll (Babylon)
          Size . . . . . . . : 579.584 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : AC4E68C20B4F64B1546F7B55AFBB32DED38D0CF0337CE4742E1D0CBDB15A5BC6
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.8.3.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe (Babylon)
          Size . . . . . . . : 374.784 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 47C8F3A5AC427F18C545CDA027257C38BDAEAED2CBD49518838FEEF6592E7D52
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.8.3.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon)
          Size . . . . . . . : 314.368 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 21275C775E5E93EEBE3F6E803E73054653426F283423578141D3F57F1AD6A33C
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon Ltd.
          Description
          Version  . . . . . : 1.8.3.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Fuzzy  . . . . . . : 0.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\ (Babylon)
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon)
          Size . . . . . . . : 242.176 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : F85834893853C11B10425403A6938675446692445695B5F87C39A6A762E9851C
          Product  . . . . . : Babylon Toolbar
          Publisher  . . . . : Babylon BHO
          Description
          Version  . . . . . : 1.8.3.0
          Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
          Gossip . . . . . . : (x86)
          Fuzzy  . . . . . . : 2.0
          Startup
             HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\
          References
             HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr.1\
             HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr\
             HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\
             HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\
             HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}\
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\escortShld.dll (Babylon)
          Size . . . . . . . : 58.880 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
          Entropy  . . . . . : 5.6
          SHA-256  . . . . . : 8B38150889A505698CEE1255D5B12C9E6C98CC084319A8BE8895B22C726094C3
          Fuzzy  . . . . . . : 6.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe (Babylon)
          Size . . . . . . . : 340.632 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:24)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 271FA432566E331545A31BF6AF149897CE5EB70E0A3F4FBEFA355E6986BE5294
          Product  . . . . . : Uninstaller
          Publisher  . . . . : Babylon Ltd.
          Description  . . . : Uninstaller Application
          Version  . . . . . : 9.0.6.15
          Copyright  . . . . : Copyright © Babylon Ltd. 1997-2012
          RSA Key Size . . . : 2048
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -7.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\uninstall.exe (Babylon)
          Size . . . . . . . : 203.616 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
          Entropy  . . . . . : 7.9
          SHA-256  . . . . . : 9934FFDBE0630FB072A603BE60CDDC43CAD16AC1C8209291DFD2643A7082B695
          Product  . . . . . : ${PRDCT_DSP}
          Publisher  . . . . : BabylonToolbar
          Version  . . . . . : 1.8.3.8
          Fuzzy  . . . . . . : 8.0
    
    
       C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\BabylonTB.xpi (Babylon)
       C:\Program Files (x86)\Funmoods\ (Funmoods)
       C:\Program Files (x86)\Funmoods\1.5.23.22\ (Funmoods)
       C:\Program Files (x86)\Funmoods\1.5.23.22\bh\ (Funmoods)
       C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods)
          Size . . . . . . . : 243.664 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 28DB84D7AB96A9C4ECF008B812A78D914BCA89850AD75E33FDBF3BE43C09129A
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods BHO
          Description
          Version  . . . . . : 1.5.23.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -13.0
          Startup
             HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\
          References
             HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\
             HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr.1\
             HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr\
             HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\
             HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\
    
    
       C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (Funmoods)
          Size . . . . . . . : 338.384 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : A7533C3D5F698AF138D64F0D77F4680A56878BD421ACAA810C8D685F61232B80
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.23.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (Funmoods)
          Size . . . . . . . : 551.888 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 78DB11A88A4F49304980D8FE2F6B13FDA74E1A67515BF0915DF3435B9497E71A
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.23.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
          Size . . . . . . . : 251.856 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : BAC85636258261878970E711F8F7DBFD3AD01997BAB124A14CF7DCB376152AAE
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.23.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (Funmoods)
          Size . . . . . . . : 64.464 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 5.9
          SHA-256  . . . . . : 5C0BC2F9A2BED296F4E76E834C091B7F62E9250A929F9EB4483D1264F8678F52
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -9.0
    
    
       C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (Funmoods)
       C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (Funmoods)
          Size . . . . . . . : 410.064 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 783C77CF63113685A76DBA8163B19D6FF1394E79AC007FF5795CCBD485680939
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.23.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (Funmoods)
          Size . . . . . . . : 599.419 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 6.5
          SHA-256  . . . . . : 3E5A28FFDE07AC661C26B6CCF94E64C1C90B1F25B3B24C90605AA922B87642EB
          Fuzzy  . . . . . . : -2.0
    
    
       C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (Funmoods)
       C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (Funmoods)
          Size . . . . . . . : 397.312 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
          Entropy  . . . . . : 6.2
          SHA-256  . . . . . : 9715DA68E2DD04EECD6A11233EA154D7BAE56B5613B68E670EE497DCE7F983C5
          Product  . . . . . : Setup©                      
          Publisher  . . . . : Setup ©                       
          Description  . . . : Setup                     
          Version  . . . . . : 2.2.0.344
          Copyright  . . . . :                                     
          Fuzzy  . . . . . . : -11.0
    
    
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\ (Funmoods)
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\ (Funmoods)
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll (Funmoods)
          Size . . . . . . . : 243.664 bytes
          Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : D11C298153EF7BFE88EDC082BF8BE03CF0681DAA22864D6A228E58BA9321EB6D
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods BHO
          Description
          Version  . . . . . : 1.5.19.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\escortShld.dll (Funmoods)
          Size . . . . . . . : 64.464 bytes
          Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
          Entropy  . . . . . : 5.9
          SHA-256  . . . . . : 00C1673F3405E82CBA80E1AB03CF3C955C4BB52F4480F472BA5D1728DD177111
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -9.0
    
    
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsApp.dll (Funmoods)
          Size . . . . . . . : 337.872 bytes
          Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 65293818E9A72B09CF2EA293FDDD132FA0EBFA04D6BC5D2A56D06E909F2879C4
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.19.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsEng.dll (Funmoods)
          Size . . . . . . . : 550.352 bytes
          Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : AFF4B25637A43F303EE5E32A479677853CFC3E3E68AAD1A4B76AE1D33D042410
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.19.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsOEM.crx (Funmoods)
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodssrv.exe (Funmoods)
          Size . . . . . . . : 409.040 bytes
          Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : BE806BE8713C56753EB0B1D33126B62B5738FF98FD10CA5F1F20127198B958C8
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.19.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll (Funmoods)
          Size . . . . . . . : 251.344 bytes
          Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : C1CC903567551BFD219D075432618FF0571D61DE04EA38923BCD37BD32D70720
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Description
          Version  . . . . . : 1.5.19.0
          Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
          RSA Key Size . . . : 4096
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -15.0
    
    
       C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\uninstall.exe (Funmoods)
          Size . . . . . . . : 238.518 bytes
          Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
          Entropy  . . . . . : 7.5
          SHA-256  . . . . . : C669B52408A0163B16B40BC75D29421CBB33DC6D3C208A90B1892911B40DFCCA
          Product  . . . . . : Funmoods
          Publisher  . . . . : Funmoods
          Version  . . . . . : 1.5.19.3
          Fuzzy  . . . . . . : -4.0
    
    
       C:\Program Files (x86)\Yontoo\ (Yontoo)
       C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo)
          Size . . . . . . . : 133.632 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:44:00)
          Entropy  . . . . . : 6.4
          SHA-256  . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66
          Fuzzy  . . . . . . : 6.0
    
    
       C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo)
          Size . . . . . . . : 194.928 bytes
          Age  . . . . . . . : 130.1 days (2012-11-11 14:44:00)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9
          Product  . . . . . : Yontoo Runtime
          Publisher  . . . . : Yontoo LLC
          Description  . . . : Yontoo Runtime
          Version  . . . . . : 1.10.01
          Copyright  . . . . : Copyright (c) 2011 Yontoo LLC.  All rights reserved.
          RSA Key Size . . . : 1024
          Authenticode . . . : Valid
          Fuzzy  . . . . . . : -5.0
          Startup
             HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
          References
             HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
             HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\
             HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\
             HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\
             HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
    
    
       C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo)
       C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx (Funmoods)
       C:\Users\robin\AppData\Local\funmoods.crx (Funmoods)
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (Claro)
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (Claro)
       C:\Users\robin\AppData\LocalLow\BabylonToolbar\ (Babylon)
       C:\Users\robin\AppData\Roaming\Babylon\ (Babylon)
       C:\Users\robin\AppData\Roaming\Babylon\log_file.txt (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\ (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\ (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll (Babylon)
          Size . . . . . . . : 531.968 bytes
          Age  . . . . . . . : 225.1 days (2012-08-08 14:43:56)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
          Product  . . . . . : BU Dynamic Link Library
          Description  . . . : BU Dynamic Link Library
          Version  . . . . . : 2.0.0.4
          Copyright  . . . . : Copyright (C) 1997-2012
          Fuzzy  . . . . . . : -7.0
    
    
       C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\ (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll (Babylon)
          Size . . . . . . . : 531.968 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:30)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
          Product  . . . . . : BU Dynamic Link Library
          Description  . . . : BU Dynamic Link Library
          Version  . . . . . : 2.0.0.4
          Copyright  . . . . : Copyright (C) 1997-2012
          Fuzzy  . . . . . . : -7.0
    
    
       C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\ (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll (Babylon)
          Size . . . . . . . : 531.968 bytes
          Age  . . . . . . . : 130.2 days (2012-11-11 14:35:30)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
          Product  . . . . . : BU Dynamic Link Library
          Description  . . . : BU Dynamic Link Library
          Version  . . . . . : 2.0.0.4
          Copyright  . . . . : Copyright (C) 1997-2012
          Fuzzy  . . . . . . : -7.0
    
    
       C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\ (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BabyTBConf.ini (Babylon)
       C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll (Babylon)
          Size . . . . . . . : 531.968 bytes
          Age  . . . . . . . : 225.1 days (2012-08-08 14:43:56)
          Entropy  . . . . . : 6.3
          SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
          Product  . . . . . : BU Dynamic Link Library
          Description  . . . : BU Dynamic Link Library
          Version  . . . . . : 2.0.0.4
          Copyright  . . . . : Copyright (C) 1997-2012
          Fuzzy  . . . . . . : -7.0
    
    
       C:\Users\robin\AppData\Roaming\Funmoods\ (Funmoods)
       C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\ (Funmoods)
       C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\config.dat (Funmoods)
       C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (Funmoods)
          Size . . . . . . . : 94.720 bytes
          Age  . . . . . . . : 22.7 days (2013-02-27 01:54:19)
          Entropy  . . . . . : 6.5
          SHA-256  . . . . . : 491E56FC62E891DD80A5321BB201577FD42BFFB11627F44220EA10D6CA3F0107
          Fuzzy  . . . . . . : 6.0
    
    
       HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo)
       HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
       HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
       HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
       HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
       HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
       HKLM\SOFTWARE\Classes\b\ (Babylon)
       HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
       HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
       HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
       HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
       HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
       HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
       HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
       HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
       HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
       HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
       HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1\ (Funmoods)
       HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc\ (Funmoods)
       HKLM\SOFTWARE\Classes\f\ (Funmoods)
       HKLM\SOFTWARE\Classes\funmoods.dskBnd.1\ (Funmoods)
       HKLM\SOFTWARE\Classes\funmoods.dskBnd\ (Funmoods)
       HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1\ (Funmoods)
       HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr\ (Funmoods)
       HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1\ (Funmoods)
       HKLM\SOFTWARE\Classes\funmoodsApp.appCore\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
       HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
       HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
       HKLM\SOFTWARE\Classes\s\ (Softonic)
       HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
       HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
       HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
       HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
       HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
       HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
       HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
       HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
       HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
       HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
       HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo)
       HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo)
       HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo)
       HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo)
       HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
       HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\ (Claro)
       HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
       HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo)
       HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo)
       HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo)
       HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo)
       HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo)
       HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
       HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
       HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon)
       HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU)
       HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
       HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
       HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon)
       HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo)
       HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph\ (Claro)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}\ (Funmoods)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (Funmoods)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\funmoods\ (Funmoods)
       HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ (Claro)
       HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
       HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\BabylonToolbar\ (Babylon)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr\ (SearchQU)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr_Toolbar\ (SearchQU)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Funmoods\ (Funmoods)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Main\bProtector Start Page (Claro)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
       HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
    
    
    Cookies _____________________________________________________________________
    
    
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:123sexmatch.be
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adperium.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.nl
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.inhabitat.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.movielush.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pixfuture.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.publicidad.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.zenoviaexchange.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:avgtechnologies.112.2o7.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmedbelgique.solution.weborama.fr
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livenation.122.2o7.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.sexsearchcom.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hub.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hubcam.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubads.g.doubleclick.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexdatingamateur.be
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexefriend.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexychicks4youn0w.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.be
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:view.atdmt.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:wt.socialsex.biz
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.belstat.nl
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.****hub.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexefriend.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.socialsex.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.you****.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:you****.com
       C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
       C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\2F8KSW7R.txt
       C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\5O2TP21U.txt
       C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\CNASHRJV.txt
       C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\MARL94OR.txt
       C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\U2S53DK7.txt



    Hijack This:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:29:49, on 21/03/2013
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16470)
    Boot mode: Normal


    Running processes:
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
    C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll
    O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file)
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
    O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll
    O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
    O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    O4 - Global Startup: SetPointII.lnk = ?
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.aeriagames.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    --
    End of file - 15376 bytes
    Laatst gewijzigd door Jion; 21 maart 2013 om 18:45

  2. #2
    Super Moderator Jion's schermafbeelding
    Geregistreerd
    12 maart 2012
    Locatie
    127.0.0.1
    Berichten
    3.638

    Standaard

    Dag Robij,

    Ik heb je een eigen topic aangemaakt en direct in het juiste forumonderdeel geplaatst.
    Een malware specialist zal je hier verder helpen.
    Vraag opgelost ? Druk dan op de knop "Markeer als OPGELOST".
    Mocht u ons willen steunen bij ons "vrijwilligerswerk" op PC Helpforum, dan kan u steeds een donatie overwegen. Alles hierover kan u vinden op deze pagina.

  3. #3
    Super Moderator juisterr's schermafbeelding
    Geregistreerd
    17 mei 2008
    Locatie
    In Nederland
    Leeftijd
    55
    Berichten
    1.679

    Standaard

    Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

    O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll
    O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file)
    O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
    O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
    O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
    O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
    O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll

    Klik op 'Fix checked' om de items te verwijderen.


    Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map :
    C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

    - - - Updated - - -

    Download zoek.exe naar het bureaublad.

    • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
      (hier of hier) kan je lezen hoe je dat doet.
    • Dubbelklik op Zoek.exe om de tool te starten.

    • Kopieer nu onderstaande code en plak die in het grote invulvenster:
    • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
      Code:
      startupall;
      filesrcm;
    • Klik op de knop "Options" en vink nu de onderstaande opties aan.

      • Running processes
      • Recently Created
      • Startup Information
      • Installed Programs
      • HijackThis Log
      • Chrome Look
      • System Specs
      • Reset Chrome
      • Reset IE proxy
      • Shortcut Fix
      • IE Defaults
      • Auto Clean



    • Klik daarna op de knop "Run script".
    • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
    • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
    • Post nu de inhoud van het geopende logje in het volgende bericht.
    Mijn afbeelding is een ouwe trol.
    Dit is geen link, erop klikken is zinloos.

  4. #4
    Lid
    Geregistreerd
    3 november 2009
    Locatie
    Boom, kontich
    Leeftijd
    18
    Berichten
    40

    Standaard

    Ik heb gedaan wat u zei , hier is het logje:



    Zoek.exe Version 4.0.0.2 Updated 20-03-2013
    Tool run by robin on do 21/03/2013 at 19:59:51,13.
    Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
    Running in: Normal Mode Internet Access Detected


    ==== Running Processes ======================


    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
    C:\Program Files\P4G\BatteryLife.exe
    C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
    C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
    C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
    C:\Program Files\Logitech\SetPoint II\SetPointII.exe
    C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\SysWOW64\ACEngSvr.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Windows\explorer.exe
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\Desktop\zoek.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe


    ==== Deleting CLSID Registry Keys ======================


    HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully


    ==== Deleting CLSID Registry Values ======================


    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully


    ==== Installed Programs ======================


    ??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
    ???? ??? Windows Live
    ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
    ???? Windows Live
    ????? Windows Live
    ?????? ??????? ?? Windows Live
    ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
    ??????? Windows Live Mesh ActiveX ???
    ???????? ?????????? Windows Live
    @C:\\Program Files (x86)\\Intel\\Intel Control Center\\Uninstaller\\SetupICC.exe,-100
    @C:\\Program Files (x86)\\Intel\\Intel(R) Management Engine Components\\Uninstall\\Setup.exe,-2018
    @C:\\Program Files (x86)\\Intel\\Intel(R) Processor Graphics\\Uninstall\\Setup.exe,-1166
    Adobe AIR
    Adobe Community Help
    Adobe Download Assistant
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Story
    AION Free-To-Play
    Akamai NetSession Interface
    Alcor Micro USB Card Reader
    Allods Online 4.0.00.63
    ASUS AI Recovery
    ASUS LifeFrame3
    ASUS SmartLogon
    ASUS Splendid Video Enhancement Technology
    ASUS Virtual Camera
    ASUS WebStorage
    ASUS_Screensaver
    AsusVibe2.0
    ATK Package
    AVG Security Toolbar
    Babylon Chrome Toolbar
    Babylon toolbar
    Bing Bar
    Bookworm Deluxe
    Browser Manager
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Codecv
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Contr“le ActiveX Windows Live Mesh pour connexions … distance
    Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas
    CyberLink LabelPrint
    CyberLink Power2Go
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    EPSON Scan
    EPSON SX420W Series Handboek
    EpsonNet Setup 3.2
    erLT
    Funmoods
    Galeria de Fotografias do Windows Live
    Galer¡a fotogr fica de Windows Live
    Galerie de photos Windows Live
    Game Park Console
    Google Chrome
    Governor of Poker
    HiJackThis
    Hotel Dash Suite Success
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Junk Mail filter update
    Mahjongg dimensions
    Mesh Runtime
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (Dutch) 2010
    Microsoft Office Excel MUI (Dutch) 2010
    Microsoft Office Klik-en-Klaar 2010
    Microsoft Office OneNote MUI (Dutch) 2010
    Microsoft Office Outlook MUI (Dutch) 2010
    Microsoft Office PowerPoint MUI (Dutch) 2010
    Microsoft Office Professional 2010
    Microsoft Office Proof (Dutch) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (German) 2010
    Microsoft Office Proofing (Dutch) 2010
    Microsoft Office Publisher MUI (Dutch) 2010
    Microsoft Office Shared MUI (Dutch) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (Dutch) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    MSVCRT
    MSVCRT Redists
    MSVCRT_amd64
    MyFreeCodec
    NCsoft Launcher
    Netwerkhandleiding EPSON SX420W Series
    Nuance PDF Reader
    Outspark Toolbar
    Pando Media Booster
    PDF Creator Packages
    PriceGong 2.6.11
    Raccolta foto di Windows Live
    Ralink RT2860 Wireless LAN Card
    Realtek High Definition Audio Driver
    S?????? f?t???af??? t?? Windows Live
    Samsung Kies
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
    SkypeT 6.1
    St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se??
    syncables desktop SE
    TeamSpeak 3 Client
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    Version Checker for Funmoods
    Visual Studio 2008 x64 Redistributables
    WEBZEN Browser Extension
    Windows Live ???
    Windows Live ????
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Fotogalerie
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Mesh ActiveX control for remote connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinFlash
    Wireless Console 3
    World of Goo


    ==== Deleting Services ======================


    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browser manager deleted successfully
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\browser manager deleted successfully


    ==== Registry Fix Code ======================


    Windows Registry Editor Version 5.00


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "bProtector Start Page"=-
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "bProtectorDefaultScope"=-


    ==== Deleting Files \ Folders ======================


    "C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx" deleted
    "C:\Users\robin\AppData\Local\funmoods.crx" deleted
    "C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted
    "C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
    "C:\user.js" deleted
    "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" deleted
    "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not deleted
    "C:\Program Files (x86)\outsparktb" deleted
    "C:\Program Files (x86)\BabylonToolbar" deleted
    "C:\Program Files (x86)\Yontoo" deleted
    "C:\Program Files (x86)\PriceGong" deleted
    "C:\Program Files (x86)\Funmoods" deleted
    "C:\Users\robin\AppData\Roaming\Funmoods" deleted
    "C:\Users\robin\AppData\Roaming\Babylon" deleted
    "C:\Users\robin\AppData\Roaming\BabylonToolbar" deleted
    "C:\Windows\SysWow64\searchplugins" deleted
    "C:\Windows\SysWow64\Extensions" deleted
    "C:\ProgramData\Browser Manager" not deleted
    "C:\ProgramData\APN" deleted
    "C:\ProgramData\Partner" deleted
    "C:\ProgramData\Codecv" deleted
    "C:\ProgramData\InstallMate" deleted
    "C:\ProgramData\Tarma Installer" deleted
    "C:\ProgramData\Premium" deleted
    "C:\ProgramData\Babylon" deleted
    "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted
    "C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager" deleted
    "C:\Users\robin\AppData\LocalLow\BabylonToolbar" deleted
    "C:\ProgramData\Browser Manager\2.3.796.11" not deleted
    "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}" not deleted


    ==== System Specs ======================


    Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
    Internet Explorer: 9.0.8112.16421
    Memory (RAM): 8099 MB
    CPU Info: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
    CPU Speed: 2251,2 MHz
    Sound Card: Speakers (Realtek High Definiti |
    Display Adapters: Intel(R) HD Graphics Family | Intel(R) HD Graphics Family | NVIDIA GeForce GT 520M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
    Monitors: 1x; Generic PnP Monitor |
    Screen Resolution: 1600 X 900 - 32 bit
    Network: Network Present
    Network Adapters: 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
    CD / DVD Drives: 1x (G: | ) G: MATSHITADVD-RAM UJ8B0AW
    Ports: COM Ports NOT Present. LPT Port NOT Present.
    Mouse: 16 Button Wheel Mouse Present
    Hard Disks: C: 279,5GB | D: 394,2GB | E: 349,3GB | F: 349,3GB | Q: 0,0MB
    Hard Disks - Free: C: 114,3GB | D: 394,1GB | E: 349,2GB | F: 349,2GB | Q: 0,0MB
    Manufacturer *: American Megatrends Inc.
    BIOS Info: AT/AT COMPATIBLE | 10/06/11 | _ASUS_ - 6222004
    Time Zone: West-Europa (standaardtijd)
    Motherboard *: ASUSTeK Computer Inc. K73SJ
    Sun Java version: niet
    Sun Java version: opdracht,
    Country: Belgi‰
    Language: NLB


    ==== Files Recently Created / Modified ======================


    ====== C:\Windows ====
    ====== C:\Users\robin\AppData\Local\Temp ====
    2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe
    2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe
    2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe
    2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe
    2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe
    2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe
    2013-03-17 22:57:48 B9270BA1B0D210F786D2E001A7BB902B 430080 ----a-w- C:\Users\robin\AppData\Local\Temp\swt-win32-3740.dll
    ====== C:\Windows\SysWOW64 =====
    2013-03-18 18:26:31 B5CB3F2022BB0BF733688ABC119009E1 230920 ----a-w- C:\Windows\SysWOW64\EPWZCmnCtrl.dll
    2013-03-18 05:46:25 97EDC6088C69DF575377860926EB6181 4702568 ----a-w- C:\Windows\SysWOW64\GameMon.des
    2013-03-18 05:46:13 FB820C142B89F3037B8BEE0968B0276B 5174 ----a-w- C:\Windows\SysWOW64\nppt9x.vxd
    2013-03-18 05:46:13 9131FE60ADFAB595C8DA53AD6A06AA31 4682 ----a-w- C:\Windows\SysWOW64\npptNT2.sys
    2013-03-14 02:02:42 E7E671A2A0159ED8D86CA98DF134BB70 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
    2013-03-14 02:02:42 60D6B33E77A297AA1B14BF0452C20471 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
    2013-03-14 02:02:41 C9A2D460FD5E409C9320B4CE68A81549 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
    2013-03-14 02:02:40 D0F2CB059B2A89AD5B24FD9EB8D784BE 231936 ----a-w- C:\Windows\SysWOW64\url.dll
    2013-03-14 02:02:40 C43AFA13B552BCC4352106193F008229 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
    2013-03-14 02:02:40 2A324C44A1B2352EF5F2E1C8984935C0 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
    2013-03-14 02:02:40 180D098704551DE37C6299AA888D6821 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll
    2013-03-14 02:02:40 15CF0E37F2B406BDE06CBA4F507B25DE 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
    2013-03-14 02:02:39 C798EB903A4FA90D2961E164518090C5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
    2013-03-14 02:02:39 03728C624D05C2F157BBD46F6B7F6EA0 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
    2013-03-14 02:02:38 73BDB1C0801D44BEA5F6749FD340CC0F 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
    2013-03-14 02:02:38 69F42E40A0C4344939437D86A8893DA6 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
    2013-03-14 02:02:38 6428A1B56B4F426F35A029231FF0BB1E 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
    2013-03-14 02:02:38 1895402C57C32BF8281E8F6C65522253 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
    2013-03-14 02:02:37 263963D93A3CA8F685EFA5966F1E6581 12321792 ----a-w- C:\Windows\SysWOW64\mshtml.dll
    2013-03-14 02:02:35 D3EAB9BCB2B92EFCA615781C215644C0 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll
    ====== C:\Windows\SysWOW64\drivers =====
    ====== C:\Windows\Sysnative =====
    2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe
    2013-03-21 17:21:11 0327055BD9661F6BBEA18EBE4E9FDEF3 276 ----a-w- C:\Windows\Sysnative\bootdelete.lst
    2013-03-14 02:02:42 E532E71207987BE22BEEE1F1F7E5B371 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
    2013-03-14 02:02:42 315BD7958BD33C71442A7383BBAD2237 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
    2013-03-14 02:02:40 FF1AAEDD4A1A0FC3C5ED66B4EE0B254A 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll
    2013-03-14 02:02:40 F5F7A06D538619CB3B8081DF766F1D39 237056 ----a-w- C:\Windows\Sysnative\url.dll
    2013-03-14 02:02:40 ACFA7C9F9DBAE8143598F23C3DE8934A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
    2013-03-14 02:02:40 6BE16F52FAFFCD4BC628C6AE95C0B887 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
    2013-03-14 02:02:39 FA274190682AA41A46B285208ED46A74 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
    2013-03-14 02:02:39 D845B455663AE3B4AEB153D9B2E6A4C3 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
    2013-03-14 02:02:39 406533EADD808A7A9B5A022F298C6841 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
    2013-03-14 02:02:39 0A1BB8FF664EA24C2679B70F731A6F7A 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
    2013-03-14 02:02:38 B9996038ABB1664E49DE171AD14DE275 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
    2013-03-14 02:02:38 A54A16DAE7497CDCB8C5A021C0F6FEB8 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
    2013-03-14 02:02:38 7784649104ED574EC129C3282F54E846 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
    2013-03-14 02:02:38 0E92BD6EBE215FA80288AFA7996A622B 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
    2013-03-14 02:02:35 E829C45F0D77852C43BE99C4B1BD215D 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll
    2013-03-14 02:02:35 460723A080D6F22E56D45BC8C1F15B2A 17815040 ----a-w- C:\Windows\Sysnative\mshtml.dll
    ====== C:\Windows\Sysnative\drivers =====
    2013-03-20 21:05:27 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys
    ====== C:\Windows\Tasks ======
    ====== C:\Windows\Temp ======
    ======= C:\Program Files =====
    2013-03-21 17:13:56 -------- d-----w- C:\Program Files\HitmanPro
    2013-03-18 05:45:50 -------- d-----w- C:\Program Files\Common Files\INCA Shared
    ======= C:\Program Files (x86) =====
    2013-03-21 17:24:18 -------- d-----w- C:\Program Files (x86)\Trend Micro
    2013-03-18 18:26:31 -------- d-----w- C:\Program Files (x86)\WEBZEN
    2013-03-18 02:56:46 -------- d-----w- C:\Program Files (x86)\NCSoft
    2013-03-18 00:47:02 -------- d-----w- C:\Program Files (x86)\Smart PC Cleaner
    ======= C: =====
    ====== C:\Users\robin\AppData\Roaming ======
    2013-03-19 17:20:01 -------- d-----w- C:\users\robin\AppData\Roaming\InstallShield
    2013-03-18 17:30:50 -------- d-----w- C:\users\robin\AppData\Local\Aeria Games
    2013-03-18 17:18:14 -------- d-----w- C:\users\robin\AppData\Local\Akamai
    2013-03-18 00:47:06 -------- d-----w- C:\users\robin\AppData\Local\Programs
    2013-03-18 00:16:27 -------- d-----w- C:\users\robin\AppData\Roaming\TuneUp Software
    ====== C:\Users\robin ======
    2013-03-21 17:11:48 -------- d-----w- C:\ProgramData\HitmanPro
    2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\Profiles
    2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\bin
    2013-03-18 18:26:09 -------- d-----w- C:\ProgramData\WEBZEN
    2013-03-18 17:29:55 -------- d-----w- C:\ProgramData\Aeria Games
    2013-03-18 00:47:14 -------- d-----w- C:\ProgramData\Computer Updater
    2013-03-17 22:57:48 -------- d-----w- C:\Users\robin\.swt


    ====== C: exe-files ==
    2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe
    2013-03-21 17:13:56 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
    2013-03-21 17:12:58 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64 (1).exe
    2013-03-21 17:11:54 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64.exe
    2013-03-21 17:11:40 79060AAD779E5650EF8D02616E1769A1 8790920 ----a-w- C:\Users\robin\Downloads\HitmanPro.exe
    2013-03-21 16:17:31 EE2E7C607CEA49133781AD5BB8282BA2 10570224 ----a-w- C:\gPotato.eu\Allods Online\bin\Launcher.exe
    2013-03-21 16:15:58 95C3FF4918A5A07BE3BE504FA741D724 18117104 ----a-w- C:\gPotato.eu\Allods Online\bin\AOgame.exe
    2013-03-21 16:14:37 E0562532FC9C70A57C39C516D30573F1 522208 ----a-w- C:\gPotato.eu\Allods Online\bin\protect.exe
    2013-03-21 16:13:13 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\Patches\Patch_AllodsOnline_en_4.0.00.63_4.0.00.67_.patch\SyncVersion.exe
    2013-03-19 17:20:25 FC356A72FEAEA5D80F312604651D711F 43304 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
    2013-03-19 17:20:25 E9D4DE46A45E865F3D7FBBC972571531 257024 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NC.Bootstrap.exe
    2013-03-19 17:20:25 776C76D2D42CFFA3D4650E99DEDC3EEA 1126400 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\XDelta.exe
    2013-03-19 17:20:25 50AE228A68AF39A6B57FA931ACECAB3C 30576 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCAccess.exe
    2013-03-19 17:20:25 4F6878FC7BEDCF90D6EB116AAE0AFBE4 3468584 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\_Launcher.exe
    2013-03-19 17:20:24 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe
    2013-03-19 17:20:24 35FEAD5D5287E6C111BB9C7FD94CDB7E 22008 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\AllowFoldersToBeUpdated.exe
    2013-03-19 01:11:50 682643D75B1FD61EA790B7ADE1A2CF46 436072 ----a-w- C:\gPotato.eu\Allods Online\Mods\protect.exe
    2013-03-19 01:08:57 F0938B075106C09DCFE116F8533C911F 57344 ----a-w- C:\gPotato.eu\Allods Online\Mods\UITextureConvertEditor.exe
    2013-03-19 00:34:42 52EA16D347630022056B5EA438CF6E9B 15902208 ----a-w- C:\Users\robin\Desktop\repair.exe
    2013-03-19 00:33:39 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\Users\robin\bin\Launcher.exe
    2013-03-19 00:17:03 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\gPotato.eu\Allods Online\Patches\Launcher\Launcher.exe
    2013-03-19 00:13:54 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\bin\SyncVersion.exe
    2013-03-19 00:13:52 313E12B63831FF30858C1329A4C8BF26 453432 ----a-w- C:\gPotato.eu\Allods Online\bin\AwesomiumProcess.exe
    2013-03-19 00:13:08 71419860275321D5BE5D3E2ACE91A6B4 356432 ----a-w- C:\Users\robin\Desktop\4.0.00.63_Installer\Europe\UsingCAB\setup.exe
    2013-03-18 23:35:39 6B7BE7519BBB3CE1DF7D462DF25AC056 357072 ----a-w- C:\Users\robin\Downloads\setup.exe
    2013-03-18 23:06:21 6B1C3B805DE40EB0BFA9227DA07C98E9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IJ897CX.exe
    2013-03-18 23:06:03 07472F9894F154A22A6039A4D146E800 52832 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RJ897CX.exe
    2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe
    2013-03-18 22:21:52 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader (1).exe
    2013-03-18 22:21:23 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader.exe
    2013-03-18 22:19:25 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN (1).exe
    2013-03-18 22:19:08 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN.exe
    2013-03-18 22:10:13 E4D7D418A28217A5600B56D569CC43C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I914ZT9.exe
    2013-03-18 22:10:13 B36F01D47BD4EA35A437E9D1A8E56D05 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IG1EVO2.exe
    2013-03-18 22:10:13 700C4D09D6279052C61E7B56EE344855 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IYZG0HJ.exe
    2013-03-18 22:10:13 5AF0776A89816FB10157CF5B4D976570 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IXHJ992.exe
    2013-03-18 22:10:13 4B4AE36B9EEC78977CC7F2B2DB290AC8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I5JNTKE.exe
    2013-03-18 22:10:13 2FBEE6078063EDE26D10B152B174326A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IX6BIHB.exe
    2013-03-18 22:08:57 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RG1EVO2.exe
    2013-03-18 22:01:45 E020A3976D16E1F2A8069594858087C8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQJ7LUT.exe
    2013-03-18 22:01:45 AC65A53BB90940109F9766FD86833934 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IZJK9KD.exe
    2013-03-18 22:01:45 A475A61BCE820EE9DF95612DA94CAC99 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQCTZSG.exe
    2013-03-18 22:01:45 61D92262779C9B93C80FE2EB74C38DD5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IABHSHK.exe
    2013-03-18 22:01:45 5990C9386F30B9B8718C51B7506E0FBB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IBTIBUK.exe
    2013-03-18 22:01:45 3FA22321062DF55B1FFD6C166F8D7A78 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIGXSNV.exe
    2013-03-18 22:01:45 249C75DEE13ECBE399865E82FC32DA49 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I46J528.exe
    2013-03-18 22:01:45 0D5EB6EDE52DA1BEB81F858CFC8EAE69 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I07JNGH.exe
    2013-03-18 21:28:41 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R5JNTKE.exe
    2013-03-18 20:58:13 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RX6BIHB.exe
    2013-03-18 20:55:06 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RXHJ992.exe
    2013-03-18 20:53:03 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RYZG0HJ.exe
    2013-03-18 20:51:30 E53D24956C2F58369A4EB0E6C93BD50C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IFFT6G8.exe
    2013-03-18 20:22:05 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R914ZT9.exe
    2013-03-18 18:46:24 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RFFT6G8.exe
    2013-03-18 18:43:16 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\Users\robin\Downloads\GP_Archlord_120927\ArchLord_Install_Global.exe
    2013-03-18 18:26:32 88B0E7B40936A6C2E797F51307C5DC29 382000 ----a-w- C:\ProgramData\WEBZEN\BrowserPlugIns\CMStarterCore.exe
    2013-03-18 18:26:31 BC49243557991AC42FCC01B8E3BB05D2 393216 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{95723791-2C44-454B-9220-C65D47D70E9C}\setup.exe
    2013-03-18 18:25:36 3AC2E42844457F045A49613335CF8A93 2988376 ----a-w- C:\Users\robin\Downloads\WebzenBrowserExt.exe
    2013-03-18 17:18:45 EC36905F2BF48A04478352A904940423 1502532270 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304sfx.exe
    2013-03-18 17:18:45 9885ABD427DD3D4365AAB6FD2408C443 3555040 ----a-w- C:\AeriaGames\Downloader\aeria_ignite_install.exe
    2013-03-18 17:18:43 D84C7A57E1CF45B6679C96AFDD219301 325936 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304.exe
    2013-03-18 17:18:28 BCA477D7BF9EAF28656D4CD00749F7CD 4415736 ----a-w- C:\Users\robin\AppData\Local\Akamai\ControlPanel.exe
    2013-03-18 17:18:18 495199CEAF9A4898499489DA7520FCDE 10027032 ----a-w- C:\Users\robin\AppData\Local\Akamai\netsession_installer.exe
    2013-03-18 17:18:08 8732D16C1CAFE03844AEEC3C8B0B9EAD 471648 ----a-w- C:\Users\robin\Downloads\shaiya_us_downloader.exe
    2013-03-18 16:45:22 22A5EC63B21858CFF6FF1CF24B63361C 750052485 ----a-w- C:\Users\robin\Downloads\AIKA_Setup_20130305.exe
    2013-03-18 02:55:46 C0C9753E961614DC9F6C668E11D462BE 6523640 ----a-w- C:\Users\robin\Downloads\NCsoftLauncherSetup.exe
    2013-03-18 02:48:06 5EB6B55DD94165E0E2ECBB4DD762B56B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIJN1T8.exe
    2013-03-18 02:32:09 FAD9EC5660BBD7C1FD48B2ED8999F582 4517472 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\launcher\-gup-\jadeloadern.exe
    2013-03-18 02:30:27 9C696DE81A6C41012248B274085CA5AC 289687 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\patcher\skin\image\patcher\patcher.exe
    2013-03-18 01:18:53 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\uninstall.exe
    2013-03-18 01:18:04 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\install.exe
    2013-03-18 01:09:14 E2934E1222D095642AADD6C0EDF4457F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IC44ON1.exe
    2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe
    2013-03-18 00:47:02 5C98730B1E4BDBE19D8C5F9D86E74973 214992 ----a-w- C:\Program Files (x86)\Smart PC Cleaner\Startw3i.exe
    2013-03-18 00:45:55 3217E030A7AA0ED2B2BAFEAAD4E8A3A0 1649344 ----a-w- C:\Users\robin\Downloads\FinalTorrent2012Setup.exe
    2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe
    2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe
    2013-03-18 00:32:31 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RABHSHK.exe
    2013-03-18 00:28:30 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQCTZSG.exe
    2013-03-18 00:28:23 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RZJK9KD.exe
    2013-03-18 00:26:25 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RBTIBUK.exe
    2013-03-18 00:11:13 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R07JNGH.exe
    2013-03-18 00:10:27 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RIGXSNV.exe
    2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe
    2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe
    2013-03-17 23:42:23 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQJ7LUT.exe
    2013-03-17 22:58:14 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\install.exe
    2013-03-17 22:58:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\uninstall.exe
    2013-03-17 22:57:10 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R46J528.exe
    2013-03-16 11:39:53 609A3D40DE06CDD3A17B4D5D6E7AA279 1502560 ----a-w- C:\Users\robin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.152_chrome_updater.exe
    === C: other files ==
    2013-03-19 00:13:54 37C2C5AEDD2F2BA4A076D474B3FD1BFD 3651080 ----a-w- C:\gPotato.eu\Allods Online\data\Mods\Docs\ModdingDocuments.zip
    2013-03-18 23:03:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{012D6546-A8C8-45F1-9258-65590D307975}.bat
    2013-03-18 17:27:20 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{D752F0DB-4189-41A7-9F1B-0C55298C40F8}.bat
    2013-03-18 16:44:29 23C513D4833724C563F7796FC154EE1E 30804 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174429.zip
    2013-03-18 16:43:57 444CEFBA2C0D43D46C93995AF24A2FC5 38708 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174357.zip
    2013-03-18 16:43:27 B05EF378F602749AA345445827C8D127 33050 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174327.zip


    ==== Startup Registry Enabled ======================


    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"


    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"


    [HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\Run]
    "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
    "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"


    [HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
    "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"
    "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
    "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"
    "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
    "EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"
    "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"
    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
    "Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
    "NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"
    "Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"


    [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"


    [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"


    [HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "mctadmin"="C:\Windows\System32\mctadmin.exe"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    "ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"
    "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
    "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
    "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
    "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
    "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"
    "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"
    "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
    "AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    "vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    "ASUS Screen Saver Protector"="C:\Windows\AsScrPro.exe"
    "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"


    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
    "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"
    "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
    "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"
    "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
    "EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"
    "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"
    "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
    "Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
    "NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"
    "Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"


    ==== Startup Registry Enabled x64 ======================


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="C:\Windows\system32\igfxtray.exe"
    "HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
    "Persistence"="C:\Windows\system32\igfxpers.exe"
    "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "
    "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
    "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
    "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
    "SynAsusAcpi"="%ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe "


    ==== Startup Folders ======================


    2011-04-13 02:49:43 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
    2012-10-20 14:05:57 848 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk


    ==== Task Scheduler Jobs ======================


    C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []
    C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS.exe []
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]
    C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]


    ==== Chrome Look ======================


    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]
    bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx[]
    cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]
    dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[]
    ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[18/02/2013 23:13]
    niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[]
    pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx[]


    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
    bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]
    cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]


    Funmoods - robin - Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    PriceGong - robin - Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
    New Tab - robin - Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj


    ==== Chrome Fix ======================


    C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
    C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully
    C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully


    ==== Set IE to Default ======================


    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtB tFtDtFtAyEyE&cr=1304550728"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtB tFtDtFtAyEyE&cr=1304550728"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtB tFtDtFtAyEyE&cr=1304550728"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtB tFtDtFtAyEyE&cr=1304550728"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtB tFtDtFtAyEyE&cr=1304550728"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found


    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
    "Tabs"="res://ieframe.dll/tabswelcome.htm"
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
    "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"


    ==== All HKCU SearchScopes ======================


    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {35F54DFA-9BA6-A5F8-7509-102794E0C91A} AVG Secure Search Url="https://isearch.avg.com/search?cid={3571B91F-00F3-445F-90B1-23010F2B643F}&mid=060a13a6465a47d1b57f854de0d1e797-9fce1abf496bcc088b96d1054144cc7e07d5cee6&lang=nl&ds=AVG&pr=fr&d=2012-08-03"
    {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startInde x={startIndex?}&startPage={startPage}"


    ==== Reset Google Chrome ======================


    C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully


    ==== Deleting CLSID Registry Keys ======================


    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
    HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
    HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully


    ==== Deleting CLSID Registry Values ======================




    ==== shortcuts on Users Desktops ======================


    C:\Users\robin\Desktop\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\Desktop\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    C:\Users\UpdatusUser\Desktop\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe


    ==== shortcuts on All Users Desktop ======================


    C:\Users\Public\Desktop\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe
    C:\Users\Public\Desktop\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
    C:\Users\Public\Desktop\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe


    ==== shortcuts in Users Start Menu ======================


    C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe


    ==== shortcuts in All Users Start Menu ======================


    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AikaOnline\AikaOnline.lnk - C:\T3fun\AikaOnline\AIKALauncher.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online Website.lnk - C:\gPotato.eu\Allods Online\Allods Online.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Register.lnk - C:\gPotato.eu\Allods Online\Register.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Remove Allods Online.lnk - C:\gPotato.eu\Allods Online\uninst.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Forsaken World\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe


    ==== Reset IE Proxy ======================


    Value(s) before fix:
    "ProxyOverride"="<local>"
    "ProxyEnable"=dword:00000000


    Value(s) after fix:
    "ProxyEnable"=dword:00000000


    ==== Deleting Registry Keys ======================


    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph deleted successfully
    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
    HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully


    ==== HijackThis Entries ======================


    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
    O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
    O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
    O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
    O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
    O4 - Global Startup: SetPointII.lnk = ?
    O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.aeriagames.com
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
    O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    ==== Empty IE Cache ======================


    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
    C:\Users\robin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ will be deleted at reboot
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4 will be deleted at reboot
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19 will be deleted at reboot
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738 will be deleted at reboot
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6 will be deleted at reboot
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR will be deleted at reboot
    C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot


    ==== Empty FireFox Cache ======================


    No FireFox Profiles found


    ==== Empty Chrome Cache ======================


    C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


    ==== Empty All Flash Cache ======================


    Flash Cache Emptied Successfully


    ==== Empty All Java Cache ======================


    No Java Cache Found


    After Reboot


    ==== Empty Temp Folders ======================


    C:\Windows\Temp successfully emptied
    C:\Users\robin\AppData\Local\Temp successfully emptied


    ==== Empty Recycle Bin ======================


    C:\$RECYCLE.BIN successfully emptied


    ==== Deleting Files / Folders ======================


    "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not found
    "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
    "C:\ProgramData\Browser Manager" not found
    "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ" not found
    "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4" not found
    "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19" not found
    "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738" not found
    "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6" not found
    "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR" not found


    Alvast bedankt

  5. #5
    Super Moderator juisterr's schermafbeelding
    Geregistreerd
    17 mei 2008
    Locatie
    In Nederland
    Leeftijd
    55
    Berichten
    1.679

    Standaard

    En hoe gaat het nu ?
    Mijn afbeelding is een ouwe trol.
    Dit is geen link, erop klikken is zinloos.

  6. #6
    Lid
    Geregistreerd
    3 november 2009
    Locatie
    Boom, kontich
    Leeftijd
    18
    Berichten
    40

    Standaard

    Het duurde al iets langer maar hij valt nog steeds uit.... hij moest ook al minder keer opnieuw opstarten voor het terug werkte...
    Mvg

  7. #7
    Super Moderator juisterr's schermafbeelding
    Geregistreerd
    17 mei 2008
    Locatie
    In Nederland
    Leeftijd
    55
    Berichten
    1.679

    Standaard

    Download ComboFix van één van deze locaties:

    Link 1
    Link 2

    * BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

    Hier kan je lezen hoe je Combofix moet gebruiken.

    1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: klik hier of hier

    2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
    3. Dubbelklik op "Combofix.exe" om de tool te starten.
    4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

    Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

    5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
    Mijn afbeelding is een ouwe trol.
    Dit is geen link, erop klikken is zinloos.

  8. #8
    Lid
    Geregistreerd
    3 november 2009
    Locatie
    Boom, kontich
    Leeftijd
    18
    Berichten
    40

    Standaard

    hier het logje: Alvast bedankt

    ComboFix 13-03-21.01 - robin 21/03/2013 21:56:58.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8098.5978 [GMT 1:00]
    Gestart vanuit: c:\users\robin\Downloads\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\FullRemove.exe
    c:\users\robin\AppData\Local\assembly\tmp
    c:\users\robin\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
    c:\windows\msvcr71.dll
    c:\windows\SysWow64\muzapp.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-02-21 to 2013-03-21 ))))))))))))))))))))))))))))))
    .
    .
    2013-03-21 19:10 . 2013-03-21 21:03 -------- d-----w- c:\users\robin\AppData\Local\Temp
    2013-03-21 19:10 . 2013-03-21 18:59 24064 ----a-w- c:\windows\zoek-delete.exe
    2013-03-21 17:24 . 2013-03-21 17:24 388096 ----a-r- c:\users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2013-03-21 17:24 . 2013-03-21 17:24 -------- d-----w- c:\program files (x86)\Trend Micro
    2013-03-21 17:21 . 2013-03-21 17:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2013-03-21 17:13 . 2013-03-21 17:13 -------- d-----w- c:\program files\HitmanPro
    2013-03-21 17:11 . 2013-03-21 17:21 -------- d-----w- c:\programdata\HitmanPro
    2013-03-20 21:05 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
    2013-03-19 17:20 . 2013-03-19 17:20 -------- d-----w- c:\users\robin\AppData\Roaming\InstallShield
    2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\Profiles
    2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\bin
    2013-03-19 00:13 . 2013-03-19 00:13 -------- d-----w- C:\gPotato.eu
    2013-03-18 18:26 . 2013-03-18 18:51 -------- d-----w- c:\program files (x86)\WEBZEN
    2013-03-18 18:26 . 2012-03-27 18:13 230920 ----a-w- c:\windows\SysWow64\EPWZCmnCtrl.dll
    2013-03-18 18:26 . 2013-03-18 18:26 -------- d-----w- c:\programdata\WEBZEN
    2013-03-18 17:30 . 2013-03-18 17:30 -------- d-----w- c:\users\robin\AppData\Local\Aeria Games
    2013-03-18 17:29 . 2013-03-18 17:29 -------- d-----w- c:\programdata\Aeria Games
    2013-03-18 17:27 . 2013-03-18 23:03 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
    2013-03-18 17:18 . 2013-03-18 17:18 -------- d-----w- c:\users\robin\AppData\Local\Akamai
    2013-03-18 17:18 . 2013-03-18 17:27 -------- d-----w- C:\AeriaGames
    2013-03-18 16:49 . 2013-03-18 16:49 -------- d-----w- C:\T3fun
    2013-03-18 05:46 . 2012-10-24 17:16 4702568 ----a-w- c:\windows\SysWow64\GameMon.des
    2013-03-18 05:46 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
    2013-03-18 05:46 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
    2013-03-18 05:45 . 2013-03-18 05:45 -------- d-----w- c:\program files\Common Files\INCA Shared
    2013-03-18 02:57 . 2013-03-21 21:01 -------- d-----w- c:\users\robin\AppData\Local\assembly
    2013-03-18 02:56 . 2013-03-19 17:20 -------- d-----w- c:\program files (x86)\NCSoft
    2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\programdata\Computer Updater
    2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\users\robin\AppData\Local\Programs
    2013-03-18 00:47 . 2013-03-18 01:03 -------- d-----w- c:\program files (x86)\Smart PC Cleaner
    2013-03-18 00:16 . 2013-03-18 00:16 -------- d-----w- c:\users\robin\AppData\Roaming\TuneUp Software
    2013-03-17 22:57 . 2013-03-17 22:57 -------- d-----w- c:\users\robin\.swt
    2013-02-28 01:41 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-03-21 21:03 . 2012-01-04 12:32 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
    2013-03-14 02:04 . 2012-12-26 21:57 72013344 ----a-w- c:\windows\system32\MRT.exe
    2013-02-18 22:13 . 2012-08-03 20:21 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2013-02-12 05:45 . 2013-03-13 22:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
    2013-02-12 05:45 . 2013-03-13 22:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
    2013-02-12 05:45 . 2013-03-13 22:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2013-02-12 05:45 . 2013-03-13 22:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2013-02-12 04:48 . 2013-03-13 22:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2013-02-12 04:48 . 2013-03-13 22:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
    2013-01-31 16:29 . 2013-01-31 16:29 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx
    2013-01-31 16:29 . 2013-01-31 16:29 421888 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx
    2013-01-31 16:29 . 2013-01-31 16:29 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx
    2013-01-05 05:53 . 2013-02-16 17:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-05 05:00 . 2013-02-16 17:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2013-01-05 05:00 . 2013-02-16 17:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2013-01-04 05:46 . 2013-02-16 17:21 215040 ----a-w- c:\windows\system32\winsrv.dll
    2013-01-04 04:51 . 2013-02-16 17:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2013-01-04 04:43 . 2013-02-16 17:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2013-01-04 03:26 . 2013-02-16 17:21 3153408 ----a-w- c:\windows\system32\win32k.sys
    2013-01-04 02:47 . 2013-02-16 17:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2013-01-04 02:47 . 2013-02-16 17:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2013-01-04 02:47 . 2013-02-16 17:21 2048 ----a-w- c:\windows\SysWow64\user.exe
    2013-01-04 02:47 . 2013-02-16 17:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2013-01-03 06:00 . 2013-02-16 17:21 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-01-03 06:00 . 2013-02-16 17:21 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
    "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
    "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
    "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-17 3093624]
    "NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2013-03-19 43304]
    "Akamai NetSession Interface"="c:\users\robin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
    "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
    "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
    "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
    "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
    "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
    "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
    "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
    "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-11-23 3058304]
    "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
    SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
    R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
    R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
    R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
    R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
    R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
    R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
    R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]
    R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
    R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-04 25960]
    S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
    S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
    S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
    S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job
    - c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]
    .
    2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job
    - c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_B]
    @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
    [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\As usWSShellExt_O]
    @="{64174815-8D98-4CE6-8646-4C039977D808}"
    [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
    2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 416024]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
    "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
    FontCache
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    Trusted Zone: aeriagames.com
    TCP: DhcpNameServer = 192.168.1.1 195.130.131.4 195.130.130.132
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
    HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
    AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
    AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe
    AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
    AddRemove-outsparktb - c:\program files (x86)\outsparktb\uninstall.exe
    AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
    AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
    AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
    AddRemove-Funmoods - c:\users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
    c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
    c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
    c:\program files (x86)\ASUS\Splendid\ACMON.exe
    c:\windows\SysWOW64\ACEngSvr.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-03-21 22:07:53 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-03-21 21:07
    .
    Pre-Run: 141.664.661.504 bytes beschikbaar
    Post-Run: 141.072.855.040 bytes beschikbaar
    .
    - - End Of File - - 9D15F91023430192AFD3B1B36D98FF22

  9. #9
    Super Moderator juisterr's schermafbeelding
    Geregistreerd
    17 mei 2008
    Locatie
    In Nederland
    Leeftijd
    55
    Berichten
    1.679

    Standaard

    Ruimt lekker op zo, vertel even hoe het nu gaat.

    Ps: heeft hitmanpro nog iets gevonden ?
    Mijn afbeelding is een ouwe trol.
    Dit is geen link, erop klikken is zinloos.

  10. #10
    Lid
    Geregistreerd
    3 november 2009
    Locatie
    Boom, kontich
    Leeftijd
    18
    Berichten
    40

    Standaard

    Moet ik hitman nog eens laten scannen? ik heb er in ieder geval niets meer van gehoord :) en windows verkenner crasht nog steeds... er komt meestal een explorer foutmelding op die het volgende zegt:
    explorer.exe-toepassingsfout
    De instructie op 0X800051da verwijst naar geheugen op 0X026b8000. Een lees- of schrijfbewerking op het geheugen mislukt: written.
    Klik op OK als u het programma wilt beëindigen.
    Ik weet niet of dit hier iets mee te maken heeft , ik laat het maar gewoon weten
    Mvg Robin

Discussie gesloten
Pagina 1 van 5 123 ... LaatsteLaatste

Soortgelijke discussies

  1. [OPGELOST] 'Windows verkenner werkt niet meer'.
    door Kimkommer in forum Archief Windows
    Reacties: 32
    Laatste bericht: 25 november 2012, 20:08
  2. Windows verkenner werkt niet meer.
    door ItalianBoy in forum Archief Windows
    Reacties: 11
    Laatste bericht: 7 januari 2012, 15:56
  3. [OPGELOST] Windows Verkenner werkt niet meer
    door WhichOne in forum Archief Windows
    Reacties: 49
    Laatste bericht: 3 december 2011, 07:26
  4. Windows verkenner werkt niet meer
    door hennieson in forum Archief Windows
    Reacties: 0
    Laatste bericht: 24 juni 2010, 12:27

Labels voor deze discussie

Regels voor berichten

  • Je mag geen nieuwe discussies starten
  • Je mag niet reageren op berichten
  • Je mag geen bijlagen versturen
  • Je mag niet je berichten bewerken
  •