Spring naar inhoud

Guest's Foto
Welkom,
Guest
Wenst u zich te registreren?


Foto
- - - - -

windows verkenner werkt niet meer


  • Dit onderwerp is gesloten Dit onderwerp is gesloten
45 reacties op dit onderwerp

#1 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 21 maart 2013 - 18:34


Ik heb hetzelfde probleem , als ik mijn documenten ofzo wil openen komt er op ' windows verkenner werkt niet meer' Deze word dan afgesloten en opnieuw opgestart, en zo gaat dat een aantal keer. Ik heb alles hierboven gelezen en heb de 2 logjes al gemaakt:
Hitman:

HitmanPro 3.7.2.190
www.hitmanpro.com


   Computer name . . . . : ROBIN-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : robin-PC\robin
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)


   Scan date . . . . . . : 2013-03-21 18:13:57
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 28s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No


   Threats . . . . . . . : 2
   Traces  . . . . . . . : 403


   Objects scanned . . . : 1.520.864
   Files scanned . . . . : 33.988
   Remnants scanned  . . : 441.914 files / 1.044.962 keys


Malware _____________________________________________________________________


   C:\Users\robin\Downloads\DownloadManagerSetup.exe -> Deleted
      Size . . . . . . . : 1.115.544 bytes
      Age  . . . . . . . : 106.7 days (2012-12-05 01:22:05)
      Entropy  . . . . . : 6.8
      SHA-256  . . . . . : 0549C54DBE2F1A671046DD883BF2DD94C4E6A6B4458E2D412A21812A72243062
    > G Data . . . . . . : Gen:Variant.Graftor.73061 (Engine A)
    > Ikarus . . . . . . : AdWare.SuspectCRC!IK
      Fuzzy  . . . . . . : 106.0


   C:\Users\robin\Downloads\PDFCreatorSetup.exe -> Quarantined
      Size . . . . . . . : 561.160 bytes
      Age  . . . . . . . : 429.0 days (2012-01-17 18:48:29)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 58B5EB841EF73D9F4BAA5C3C612054C150D7DD2F00AC79A507AD8E77ABFAFFA6
      RSA Key Size . . . : 2048
      Authenticode . . . : Self-signed
    > G Data . . . . . . : Gen:Variant.Application.InstallCore.1 (Engine A)
      Fuzzy  . . . . . . : 117.0




Suspicious files ____________________________________________________________


   C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
      Size . . . . . . . : 10.570.224 bytes
      Age  . . . . . . . : 2.7 days (2013-03-19 01:49:56)
      Entropy  . . . . . : 7.4
      SHA-256  . . . . . : 79F24008F237E01DEDF4D4A74F272937A56D2B3733C6D6523AC8EC915D8CB448
      Product  . . . . . : Allods Online EU EN
      Publisher  . . . . : © 2011 Allods Team, Mail.Ru Games
      Description  . . . : Allods Online. Update system.
      Version  . . . . . : 4.0.0.67
      Copyright  . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/>
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 25.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         Authors name is missing in version info. This is not common to most programs.
      Forensic Cluster
         -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\
         -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent
         -1.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\
          0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
          7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
          9.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll
         12.6s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll
         12.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll
         13.4s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll
         16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version
         16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll


   C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
      Size . . . . . . . : 4.422.992 bytes
      Age  . . . . . . . : 2.7 days (2013-03-19 01:50:03)
      Entropy  . . . . . : 5.2
      SHA-256  . . . . . : 9022B710AC31D9697656623E0FBFC15D85EA603F22296671AB7F58041FC0D62F
      Product  . . . . . : Microsoft® Visual Studio® 10
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : MFCDLL Shared Library - Retail Version
      Version  . . . . . : 10.00.40219.325
      Copyright  . . . . : © Microsoft Corporation.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\
         -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent
         -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\
         -7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
          0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
          1.5s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll
          4.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll
          5.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll
          5.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll
          9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version
          9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll


   C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
      Size . . . . . . . : 10.570.224 bytes
      Age  . . . . . . . : 2.7 days (2013-03-19 01:40:52)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 7E008347D34B45ECD104E58BF82DD02C8AAECA3FA68267B5B75768829F3C7C00
      Product  . . . . . : Allods Online EU EN
      Publisher  . . . . : © 2011 Allods Team, Mail.Ru Games
      Description  . . . : Allods Online. Update system.
      Version  . . . . . : 4.0.0.67
      Copyright  . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/>
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 23.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
         Authors name is missing in version info. This is not common to most programs.
      Forensic Cluster
         -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\
         -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent
         -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\
          0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
          2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
          2.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll
          3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll
          3.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll
          3.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll
          5.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll
          5.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll
         13.2s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version


   C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
      Size . . . . . . . : 4.422.992 bytes
      Age  . . . . . . . : 2.7 days (2013-03-19 01:40:54)
      Entropy  . . . . . : 3.8
      SHA-256  . . . . . : A8CF1635FCA88FFA01EBF14C6B307601A5C34837C8C0C211B81D2E01F45CA68D
      Product  . . . . . : Microsoft® Visual Studio® 10
      Publisher  . . . . : Microsoft Corporation
      Description  . . . : MFCDLL Shared Library - Retail Version
      Version  . . . . . : 10.00.40219.325
      Copyright  . . . . : © Microsoft Corporation.  All rights reserved.
      RSA Key Size . . . : 2048
      Authenticode . . . : Invalid
      Fuzzy  . . . . . . : 22.0
         Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\
         -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent
         -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\
         -2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
          0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
          0.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll
          0.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll
          1.4s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll
          1.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll
          2.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll
          3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll
         10.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version


   C:\Windows\SysWOW64\GameMon.des
      Size . . . . . . . : 4.702.568 bytes
      Age  . . . . . . . : 3.5 days (2013-03-18 06:46:25)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 05312FF57D5FB500E5C14669A4409840F25BB524731C75F5F220744F4B687460
      Product  . . . . . : nProtect Game Monitor
      Publisher  . . . . : INCA Internet Co., Ltd.
      Description  . . . : nProtect Game Monitor Rev 1909
      Version  . . . . . : 2012.10.25.1
      Copyright  . . . . : Copyright ⓒ 2000-2011 INCA Internet
      Service  . . . . . : npggsvc
      Fuzzy  . . . . . . : 31.0
         The file name extension of this program is not common.
         Starts automatically as a service during system bootup.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
      Forensic Cluster
         -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\
         -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgl.erl
         -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgl.erl
         -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgg.erl
         -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg.erl
         -35.7s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.ver
         -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Lineage2us.ini
         -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.des
         -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgmup.erl
         -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.erl
         -35.4s C:\Program Files\Common Files\INCA Shared\
         -35.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
         -14.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameMon.des
         -14.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg9x.des
         -12.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.des
         -12.4s C:\Windows\SysWOW64\nppt9x.vxd
         -11.9s C:\Windows\SysWOW64\npptNT2.sys
         -11.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Splash.jpg
         -8.9s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggscan.des
         -8.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggerror.des
         -6.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.des
         -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgm.erl
         -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgm.erl
          0.0s C:\Windows\SysWOW64\GameMon.des
          3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npsc.erl
          3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.erl




Potential Unwanted Programs _________________________________________________


   C:\Program Files (x86)\BabylonToolbar\ (Babylon)
   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\ (Babylon)
   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\ (Babylon)
   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll (Babylon)
      Size . . . . . . . : 333.824 bytes
      Age  . . . . . . . : 240.8 days (2012-07-23 23:49:10)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : D309E2C318742254C950EAD3C53FA2B2A35BFBD019371CA79EC6C2159650C520
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.5.29.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll (Babylon)
      Size . . . . . . . : 546.816 bytes
      Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : C177A19D6A6E7CEF31A97332F09FE7B9A7B9B1B3672A8BA78588584C38D33C03
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.5.29.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe (Babylon)
      Size . . . . . . . : 368.640 bytes
      Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : EB45B35335FD017B270D4540ECF54CD222C6008A86D4368372CF1AF2E8B72243
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.5.29.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon)
      Size . . . . . . . : 256.000 bytes
      Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 10C5F609A94F6CD865E541C3D05AA5D1E971EF4B74BF6CF10388181741E50B16
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.5.29.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\ (Babylon)
   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon)
      Size . . . . . . . : 240.640 bytes
      Age  . . . . . . . : 240.8 days (2012-07-23 23:49:10)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 9618A5E352853748D42AC2980C55B51C5146A94EDC8D14A293432A7BFA9C53FA
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon BHO
      Description
      Version  . . . . . : 1.5.29.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll (Babylon)
      Size . . . . . . . : 58.880 bytes
      Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 00489A8E6828E7F11E37CBCF5A97F43AD45908655426790F602AB60496136341
      Fuzzy  . . . . . . : 6.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe (Babylon)
      Size . . . . . . . : 200.914 bytes
      Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 11491E5936388AFEAD34FB739426B206ED17E93150769289A6DCD3F2DD7F3271
      Product  . . . . . : ${PRDCT_DSP}
      Publisher  . . . . : BabylonToolbar
      Version  . . . . . : 1.5.29.1
      Fuzzy  . . . . . . : 8.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\ (Babylon)
   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll (Babylon)
      Size . . . . . . . : 308.736 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : ADD621CD1EC5A282E07CFA41250B52EE820D8A89C0A819E82557897089FD712B
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.8.3.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll (Babylon)
      Size . . . . . . . : 579.584 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : AC4E68C20B4F64B1546F7B55AFBB32DED38D0CF0337CE4742E1D0CBDB15A5BC6
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.8.3.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe (Babylon)
      Size . . . . . . . : 374.784 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 47C8F3A5AC427F18C545CDA027257C38BDAEAED2CBD49518838FEEF6592E7D52
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.8.3.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon)
      Size . . . . . . . : 314.368 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 21275C775E5E93EEBE3F6E803E73054653426F283423578141D3F57F1AD6A33C
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon Ltd.
      Description
      Version  . . . . . : 1.8.3.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Fuzzy  . . . . . . : 0.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\ (Babylon)
   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon)
      Size . . . . . . . : 242.176 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : F85834893853C11B10425403A6938675446692445695B5F87C39A6A762E9851C
      Product  . . . . . : Babylon Toolbar
      Publisher  . . . . : Babylon BHO
      Description
      Version  . . . . . : 1.8.3.0
      Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
      Gossip . . . . . . : (x86)
      Fuzzy  . . . . . . : 2.0
      Startup
         HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr.1\
         HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr\
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\
         HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\
         HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}\


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\escortShld.dll (Babylon)
      Size . . . . . . . : 58.880 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
      Entropy  . . . . . : 5.6
      SHA-256  . . . . . : 8B38150889A505698CEE1255D5B12C9E6C98CC084319A8BE8895B22C726094C3
      Fuzzy  . . . . . . : 6.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe (Babylon)
      Size . . . . . . . : 340.632 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:24)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 271FA432566E331545A31BF6AF149897CE5EB70E0A3F4FBEFA355E6986BE5294
      Product  . . . . . : Uninstaller
      Publisher  . . . . : Babylon Ltd.
      Description  . . . : Uninstaller Application
      Version  . . . . . : 9.0.6.15
      Copyright  . . . . : Copyright © Babylon Ltd. 1997-2012
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -7.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\uninstall.exe (Babylon)
      Size . . . . . . . : 203.616 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
      Entropy  . . . . . : 7.9
      SHA-256  . . . . . : 9934FFDBE0630FB072A603BE60CDDC43CAD16AC1C8209291DFD2643A7082B695
      Product  . . . . . : ${PRDCT_DSP}
      Publisher  . . . . : BabylonToolbar
      Version  . . . . . : 1.8.3.8
      Fuzzy  . . . . . . : 8.0


   C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\BabylonTB.xpi (Babylon)
   C:\Program Files (x86)\Funmoods\ (Funmoods)
   C:\Program Files (x86)\Funmoods\1.5.23.22\ (Funmoods)
   C:\Program Files (x86)\Funmoods\1.5.23.22\bh\ (Funmoods)
   C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods)
      Size . . . . . . . : 243.664 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 28DB84D7AB96A9C4ECF008B812A78D914BCA89850AD75E33FDBF3BE43C09129A
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods BHO
      Description
      Version  . . . . . : 1.5.23.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -13.0
      Startup
         HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\
         HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr.1\
         HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr\
         HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\
         HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\


   C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (Funmoods)
      Size . . . . . . . : 338.384 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : A7533C3D5F698AF138D64F0D77F4680A56878BD421ACAA810C8D685F61232B80
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.23.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (Funmoods)
      Size . . . . . . . : 551.888 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 78DB11A88A4F49304980D8FE2F6B13FDA74E1A67515BF0915DF3435B9497E71A
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.23.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
      Size . . . . . . . : 251.856 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : BAC85636258261878970E711F8F7DBFD3AD01997BAB124A14CF7DCB376152AAE
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.23.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (Funmoods)
      Size . . . . . . . : 64.464 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 5C0BC2F9A2BED296F4E76E834C091B7F62E9250A929F9EB4483D1264F8678F52
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0


   C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (Funmoods)
   C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (Funmoods)
      Size . . . . . . . : 410.064 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 783C77CF63113685A76DBA8163B19D6FF1394E79AC007FF5795CCBD485680939
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.23.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (Funmoods)
      Size . . . . . . . : 599.419 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 3E5A28FFDE07AC661C26B6CCF94E64C1C90B1F25B3B24C90605AA922B87642EB
      Fuzzy  . . . . . . : -2.0


   C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (Funmoods)
   C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (Funmoods)
      Size . . . . . . . : 397.312 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
      Entropy  . . . . . : 6.2
      SHA-256  . . . . . : 9715DA68E2DD04EECD6A11233EA154D7BAE56B5613B68E670EE497DCE7F983C5
      Product  . . . . . : Setup©                      
      Publisher  . . . . : Setup ©                       
      Description  . . . : Setup                     
      Version  . . . . . : 2.2.0.344
      Copyright  . . . . :                                     
      Fuzzy  . . . . . . : -11.0


   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\ (Funmoods)
   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\ (Funmoods)
   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll (Funmoods)
      Size . . . . . . . : 243.664 bytes
      Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : D11C298153EF7BFE88EDC082BF8BE03CF0681DAA22864D6A228E58BA9321EB6D
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods BHO
      Description
      Version  . . . . . : 1.5.19.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\escortShld.dll (Funmoods)
      Size . . . . . . . : 64.464 bytes
      Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
      Entropy  . . . . . : 5.9
      SHA-256  . . . . . : 00C1673F3405E82CBA80E1AB03CF3C955C4BB52F4480F472BA5D1728DD177111
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -9.0


   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsApp.dll (Funmoods)
      Size . . . . . . . : 337.872 bytes
      Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 65293818E9A72B09CF2EA293FDDD132FA0EBFA04D6BC5D2A56D06E909F2879C4
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.19.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsEng.dll (Funmoods)
      Size . . . . . . . : 550.352 bytes
      Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : AFF4B25637A43F303EE5E32A479677853CFC3E3E68AAD1A4B76AE1D33D042410
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.19.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsOEM.crx (Funmoods)
   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodssrv.exe (Funmoods)
      Size . . . . . . . : 409.040 bytes
      Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : BE806BE8713C56753EB0B1D33126B62B5738FF98FD10CA5F1F20127198B958C8
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.19.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll (Funmoods)
      Size . . . . . . . : 251.344 bytes
      Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : C1CC903567551BFD219D075432618FF0571D61DE04EA38923BCD37BD32D70720
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Description
      Version  . . . . . : 1.5.19.0
      Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
      RSA Key Size . . . : 4096
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -15.0


   C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\uninstall.exe (Funmoods)
      Size . . . . . . . : 238.518 bytes
      Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : C669B52408A0163B16B40BC75D29421CBB33DC6D3C208A90B1892911B40DFCCA
      Product  . . . . . : Funmoods
      Publisher  . . . . : Funmoods
      Version  . . . . . : 1.5.19.3
      Fuzzy  . . . . . . : -4.0


   C:\Program Files (x86)\Yontoo\ (Yontoo)
   C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo)
      Size . . . . . . . : 133.632 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:44:00)
      Entropy  . . . . . : 6.4
      SHA-256  . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66
      Fuzzy  . . . . . . : 6.0


   C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo)
      Size . . . . . . . : 194.928 bytes
      Age  . . . . . . . : 130.1 days (2012-11-11 14:44:00)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9
      Product  . . . . . : Yontoo Runtime
      Publisher  . . . . : Yontoo LLC
      Description  . . . : Yontoo Runtime
      Version  . . . . . : 1.10.01
      Copyright  . . . . : Copyright (c) 2011 Yontoo LLC.  All rights reserved.
      RSA Key Size . . . : 1024
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : -5.0
      Startup
         HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
      References
         HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
         HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\
         HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\
         HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\
         HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\


   C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo)
   C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx (Funmoods)
   C:\Users\robin\AppData\Local\funmoods.crx (Funmoods)
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (Claro)
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (Claro)
   C:\Users\robin\AppData\LocalLow\BabylonToolbar\ (Babylon)
   C:\Users\robin\AppData\Roaming\Babylon\ (Babylon)
   C:\Users\robin\AppData\Roaming\Babylon\log_file.txt (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\ (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\ (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll (Babylon)
      Size . . . . . . . : 531.968 bytes
      Age  . . . . . . . : 225.1 days (2012-08-08 14:43:56)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
      Product  . . . . . : BU Dynamic Link Library
      Description  . . . : BU Dynamic Link Library
      Version  . . . . . : 2.0.0.4
      Copyright  . . . . : Copyright (C) 1997-2012
      Fuzzy  . . . . . . : -7.0


   C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\ (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll (Babylon)
      Size . . . . . . . : 531.968 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:30)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
      Product  . . . . . : BU Dynamic Link Library
      Description  . . . : BU Dynamic Link Library
      Version  . . . . . : 2.0.0.4
      Copyright  . . . . : Copyright (C) 1997-2012
      Fuzzy  . . . . . . : -7.0


   C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\ (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll (Babylon)
      Size . . . . . . . : 531.968 bytes
      Age  . . . . . . . : 130.2 days (2012-11-11 14:35:30)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
      Product  . . . . . : BU Dynamic Link Library
      Description  . . . : BU Dynamic Link Library
      Version  . . . . . : 2.0.0.4
      Copyright  . . . . : Copyright (C) 1997-2012
      Fuzzy  . . . . . . : -7.0


   C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\ (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BabyTBConf.ini (Babylon)
   C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll (Babylon)
      Size . . . . . . . : 531.968 bytes
      Age  . . . . . . . : 225.1 days (2012-08-08 14:43:56)
      Entropy  . . . . . : 6.3
      SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
      Product  . . . . . : BU Dynamic Link Library
      Description  . . . : BU Dynamic Link Library
      Version  . . . . . : 2.0.0.4
      Copyright  . . . . : Copyright (C) 1997-2012
      Fuzzy  . . . . . . : -7.0


   C:\Users\robin\AppData\Roaming\Funmoods\ (Funmoods)
   C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\ (Funmoods)
   C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\config.dat (Funmoods)
   C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (Funmoods)
      Size . . . . . . . : 94.720 bytes
      Age  . . . . . . . : 22.7 days (2013-02-27 01:54:19)
      Entropy  . . . . . : 6.5
      SHA-256  . . . . . : 491E56FC62E891DD80A5321BB201577FD42BFFB11627F44220EA10D6CA3F0107
      Fuzzy  . . . . . . : 6.0


   HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo)
   HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
   HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
   HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
   HKLM\SOFTWARE\Classes\b\ (Babylon)
   HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
   HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
   HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
   HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
   HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
   HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
   HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
   HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1\ (Funmoods)
   HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc\ (Funmoods)
   HKLM\SOFTWARE\Classes\f\ (Funmoods)
   HKLM\SOFTWARE\Classes\funmoods.dskBnd.1\ (Funmoods)
   HKLM\SOFTWARE\Classes\funmoods.dskBnd\ (Funmoods)
   HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1\ (Funmoods)
   HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr\ (Funmoods)
   HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1\ (Funmoods)
   HKLM\SOFTWARE\Classes\funmoodsApp.appCore\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
   HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
   HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
   HKLM\SOFTWARE\Classes\s\ (Softonic)
   HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
   HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
   HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
   HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
   HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
   HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
   HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
   HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo)
   HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo)
   HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo)
   HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo)
   HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
   HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\ (Claro)
   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
   HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo)
   HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo)
   HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo)
   HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo)
   HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo)
   HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
   HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU)
   HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
   HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
   HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo)
   HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph\ (Claro)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}\ (Funmoods)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (Funmoods)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\funmoods\ (Funmoods)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ (Claro)
   HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\BabylonToolbar\ (Babylon)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr\ (SearchQU)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr_Toolbar\ (SearchQU)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Funmoods\ (Funmoods)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Main\bProtector Start Page (Claro)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
   HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)


Cookies _____________________________________________________________________


   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:123sexmatch.be
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adperium.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.nl
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.inhabitat.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.movielush.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pixfuture.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.publicidad.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.zenoviaexchange.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:avgtechnologies.112.2o7.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmedbelgique.solution.weborama.fr
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livenation.122.2o7.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.sexsearchcom.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hub.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hubcam.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubads.g.doubleclick.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexdatingamateur.be
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexefriend.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexychicks4youn0w.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.be
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:view.atdmt.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:wt.socialsex.biz
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.belstat.nl
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.****hub.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexefriend.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.socialsex.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.you****.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:you****.com
   C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
   C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\2F8KSW7R.txt
   C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\5O2TP21U.txt
   C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\CNASHRJV.txt
   C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\MARL94OR.txt
   C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\U2S53DK7.txt








Hijack This:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:29:49, on 21/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal


Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll
O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--
End of file - 15376 bytes

Bewerkt door Jion, 21 maart 2013 - 18:45.


#2 Jion

Jion

    Supervisor

  • Supervisor
  • 4221 berichten

Geplaatst 21 maart 2013 - 18:46

Dag Robij,

Ik heb je een eigen topic aangemaakt en direct in het juiste forumonderdeel geplaatst.
Een malware specialist zal je hier verder helpen.

#3 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 21 maart 2013 - 19:14

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll
O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll

Klik op 'Fix checked' om de items te verwijderen.


Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map :
C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

- - - Updated - - -

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.

  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    startupall;
    filesrcm;
    
  • Klik op de knop "Options" en vink nu de onderstaande opties aan.

    • Running processes
    • Recently Created
    • Startup Information
    • Installed Programs
    • HijackThis Log
    • Chrome Look
    • System Specs
    • Reset Chrome
    • Reset IE proxy
    • Shortcut Fix
    • IE Defaults
    • Auto Clean


  • Klik daarna op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#4 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 21 maart 2013 - 20:27

Ik heb gedaan wat u zei , hier is het logje:



Zoek.exe Version 4.0.0.2 Updated 20-03-2013
Tool run by robin on do 21/03/2013 at 19:59:51,13.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected


==== Running Processes ======================


C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe


==== Deleting CLSID Registry Keys ======================


HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully


==== Deleting CLSID Registry Values ======================


HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully


==== Installed Programs ======================


??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
@C:\\Program Files (x86)\\Intel\\Intel Control Center\\Uninstaller\\SetupICC.exe,-100
@C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\Uninstall\\Setup.exe,-2018
@C:\\Program Files (x86)\\Intel\\Intel® Processor Graphics\\Uninstall\\Setup.exe,-1166
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Story
AION Free-To-Play
Akamai NetSession Interface
Alcor Micro USB Card Reader
Allods Online 4.0.00.63
ASUS AI Recovery
ASUS LifeFrame3
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
AsusVibe2.0
ATK Package
AVG Security Toolbar
Babylon Chrome Toolbar
Babylon toolbar
Bing Bar
Bookworm Deluxe
Browser Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Codecv
Control ActiveX de Windows Live Mesh para conexiones remotas
Contr“le ActiveX Windows Live Mesh pour connexions … distance
Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON Scan
EPSON SX420W Series Handboek
EpsonNet Setup 3.2
erLT
Funmoods
Galeria de Fotografias do Windows Live
Galer¡a fotogr fica de Windows Live
Galerie de photos Windows Live
Game Park Console
Google Chrome
Governor of Poker
HiJackThis
Hotel Dash Suite Success
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Junk Mail filter update
Mahjongg dimensions
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MyFreeCodec
NCsoft Launcher
Netwerkhandleiding EPSON SX420W Series
Nuance PDF Reader
Outspark Toolbar
Pando Media Booster
PDF Creator Packages
PriceGong 2.6.11
Raccolta foto di Windows Live
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
SkypeT 6.1
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se??
syncables desktop SE
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Version Checker for Funmoods
Visual Studio 2008 x64 Redistributables
WEBZEN Browser Extension
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
World of Goo


==== Deleting Services ======================


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browser manager deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\browser manager deleted successfully


==== Registry Fix Code ======================


Windows Registry Editor Version 5.00


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-


==== Deleting Files \ Folders ======================


"C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx" deleted
"C:\Users\robin\AppData\Local\funmoods.crx" deleted
"C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted
"C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\user.js" deleted
"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" deleted
"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not deleted
"C:\Program Files (x86)\outsparktb" deleted
"C:\Program Files (x86)\BabylonToolbar" deleted
"C:\Program Files (x86)\Yontoo" deleted
"C:\Program Files (x86)\PriceGong" deleted
"C:\Program Files (x86)\Funmoods" deleted
"C:\Users\robin\AppData\Roaming\Funmoods" deleted
"C:\Users\robin\AppData\Roaming\Babylon" deleted
"C:\Users\robin\AppData\Roaming\BabylonToolbar" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\ProgramData\Browser Manager" not deleted
"C:\ProgramData\APN" deleted
"C:\ProgramData\Partner" deleted
"C:\ProgramData\Codecv" deleted
"C:\ProgramData\InstallMate" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Premium" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted
"C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager" deleted
"C:\Users\robin\AppData\LocalLow\BabylonToolbar" deleted
"C:\ProgramData\Browser Manager\2.3.796.11" not deleted
"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}" not deleted


==== System Specs ======================


Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Internet Explorer: 9.0.8112.16421
Memory (RAM): 8099 MB
CPU Info: Intel® Core™ i7-2670QM CPU @ 2.20GHz
CPU Speed: 2251,2 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | NVIDIA GeForce GT 520M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 1x (G: | ) G: MATSHITADVD-RAM UJ8B0AW
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 279,5GB | D: 394,2GB | E: 349,3GB | F: 349,3GB | Q: 0,0MB
Hard Disks - Free: C: 114,3GB | D: 394,1GB | E: 349,2GB | F: 349,2GB | Q: 0,0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/06/11 | _ASUS_ - 6222004
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK Computer Inc. K73SJ
Sun Java version: niet
Sun Java version: opdracht,
Country: Belgi‰
Language: NLB


==== Files Recently Created / Modified ======================


====== C:\Windows ====
====== C:\Users\robin\AppData\Local\Temp ====
2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe
2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe
2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe
2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe
2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe
2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe
2013-03-17 22:57:48 B9270BA1B0D210F786D2E001A7BB902B 430080 ----a-w- C:\Users\robin\AppData\Local\Temp\swt-win32-3740.dll
====== C:\Windows\SysWOW64 =====
2013-03-18 18:26:31 B5CB3F2022BB0BF733688ABC119009E1 230920 ----a-w- C:\Windows\SysWOW64\EPWZCmnCtrl.dll
2013-03-18 05:46:25 97EDC6088C69DF575377860926EB6181 4702568 ----a-w- C:\Windows\SysWOW64\GameMon.des
2013-03-18 05:46:13 FB820C142B89F3037B8BEE0968B0276B 5174 ----a-w- C:\Windows\SysWOW64\nppt9x.vxd
2013-03-18 05:46:13 9131FE60ADFAB595C8DA53AD6A06AA31 4682 ----a-w- C:\Windows\SysWOW64\npptNT2.sys
2013-03-14 02:02:42 E7E671A2A0159ED8D86CA98DF134BB70 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-03-14 02:02:42 60D6B33E77A297AA1B14BF0452C20471 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-03-14 02:02:41 C9A2D460FD5E409C9320B4CE68A81549 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-03-14 02:02:40 D0F2CB059B2A89AD5B24FD9EB8D784BE 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-03-14 02:02:40 C43AFA13B552BCC4352106193F008229 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-03-14 02:02:40 2A324C44A1B2352EF5F2E1C8984935C0 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-03-14 02:02:40 180D098704551DE37C6299AA888D6821 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-03-14 02:02:40 15CF0E37F2B406BDE06CBA4F507B25DE 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-03-14 02:02:39 C798EB903A4FA90D2961E164518090C5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-03-14 02:02:39 03728C624D05C2F157BBD46F6B7F6EA0 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-03-14 02:02:38 73BDB1C0801D44BEA5F6749FD340CC0F 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-03-14 02:02:38 69F42E40A0C4344939437D86A8893DA6 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-03-14 02:02:38 6428A1B56B4F426F35A029231FF0BB1E 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-03-14 02:02:38 1895402C57C32BF8281E8F6C65522253 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-03-14 02:02:37 263963D93A3CA8F685EFA5966F1E6581 12321792 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-03-14 02:02:35 D3EAB9BCB2B92EFCA615781C215644C0 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe
2013-03-21 17:21:11 0327055BD9661F6BBEA18EBE4E9FDEF3 276 ----a-w- C:\Windows\Sysnative\bootdelete.lst
2013-03-14 02:02:42 E532E71207987BE22BEEE1F1F7E5B371 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-03-14 02:02:42 315BD7958BD33C71442A7383BBAD2237 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-03-14 02:02:40 FF1AAEDD4A1A0FC3C5ED66B4EE0B254A 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-03-14 02:02:40 F5F7A06D538619CB3B8081DF766F1D39 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-03-14 02:02:40 ACFA7C9F9DBAE8143598F23C3DE8934A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-03-14 02:02:40 6BE16F52FAFFCD4BC628C6AE95C0B887 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-03-14 02:02:39 FA274190682AA41A46B285208ED46A74 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-03-14 02:02:39 D845B455663AE3B4AEB153D9B2E6A4C3 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-03-14 02:02:39 406533EADD808A7A9B5A022F298C6841 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-03-14 02:02:39 0A1BB8FF664EA24C2679B70F731A6F7A 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-03-14 02:02:38 B9996038ABB1664E49DE171AD14DE275 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-03-14 02:02:38 A54A16DAE7497CDCB8C5A021C0F6FEB8 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-03-14 02:02:38 7784649104ED574EC129C3282F54E846 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-03-14 02:02:38 0E92BD6EBE215FA80288AFA7996A622B 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-03-14 02:02:35 E829C45F0D77852C43BE99C4B1BD215D 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-03-14 02:02:35 460723A080D6F22E56D45BC8C1F15B2A 17815040 ----a-w- C:\Windows\Sysnative\mshtml.dll
====== C:\Windows\Sysnative\drivers =====
2013-03-20 21:05:27 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-03-21 17:13:56 -------- d-----w- C:\Program Files\HitmanPro
2013-03-18 05:45:50 -------- d-----w- C:\Program Files\Common Files\INCA Shared
======= C:\Program Files (x86) =====
2013-03-21 17:24:18 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-18 18:26:31 -------- d-----w- C:\Program Files (x86)\WEBZEN
2013-03-18 02:56:46 -------- d-----w- C:\Program Files (x86)\NCSoft
2013-03-18 00:47:02 -------- d-----w- C:\Program Files (x86)\Smart PC Cleaner
======= C: =====
====== C:\Users\robin\AppData\Roaming ======
2013-03-19 17:20:01 -------- d-----w- C:\users\robin\AppData\Roaming\InstallShield
2013-03-18 17:30:50 -------- d-----w- C:\users\robin\AppData\Local\Aeria Games
2013-03-18 17:18:14 -------- d-----w- C:\users\robin\AppData\Local\Akamai
2013-03-18 00:47:06 -------- d-----w- C:\users\robin\AppData\Local\Programs
2013-03-18 00:16:27 -------- d-----w- C:\users\robin\AppData\Roaming\TuneUp Software
====== C:\Users\robin ======
2013-03-21 17:11:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\Profiles
2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\bin
2013-03-18 18:26:09 -------- d-----w- C:\ProgramData\WEBZEN
2013-03-18 17:29:55 -------- d-----w- C:\ProgramData\Aeria Games
2013-03-18 00:47:14 -------- d-----w- C:\ProgramData\Computer Updater
2013-03-17 22:57:48 -------- d-----w- C:\Users\robin\.swt


====== C: exe-files ==
2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-03-21 17:13:56 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2013-03-21 17:12:58 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64 (1).exe
2013-03-21 17:11:54 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64.exe
2013-03-21 17:11:40 79060AAD779E5650EF8D02616E1769A1 8790920 ----a-w- C:\Users\robin\Downloads\HitmanPro.exe
2013-03-21 16:17:31 EE2E7C607CEA49133781AD5BB8282BA2 10570224 ----a-w- C:\gPotato.eu\Allods Online\bin\Launcher.exe
2013-03-21 16:15:58 95C3FF4918A5A07BE3BE504FA741D724 18117104 ----a-w- C:\gPotato.eu\Allods Online\bin\AOgame.exe
2013-03-21 16:14:37 E0562532FC9C70A57C39C516D30573F1 522208 ----a-w- C:\gPotato.eu\Allods Online\bin\protect.exe
2013-03-21 16:13:13 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\Patches\Patch_AllodsOnline_en_4.0.00.63_4.0.00.67_.patch\SyncVersion.exe
2013-03-19 17:20:25 FC356A72FEAEA5D80F312604651D711F 43304 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
2013-03-19 17:20:25 E9D4DE46A45E865F3D7FBBC972571531 257024 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NC.Bootstrap.exe
2013-03-19 17:20:25 776C76D2D42CFFA3D4650E99DEDC3EEA 1126400 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\XDelta.exe
2013-03-19 17:20:25 50AE228A68AF39A6B57FA931ACECAB3C 30576 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCAccess.exe
2013-03-19 17:20:25 4F6878FC7BEDCF90D6EB116AAE0AFBE4 3468584 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\_Launcher.exe
2013-03-19 17:20:24 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe
2013-03-19 17:20:24 35FEAD5D5287E6C111BB9C7FD94CDB7E 22008 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\AllowFoldersToBeUpdated.exe
2013-03-19 01:11:50 682643D75B1FD61EA790B7ADE1A2CF46 436072 ----a-w- C:\gPotato.eu\Allods Online\Mods\protect.exe
2013-03-19 01:08:57 F0938B075106C09DCFE116F8533C911F 57344 ----a-w- C:\gPotato.eu\Allods Online\Mods\UITextureConvertEditor.exe
2013-03-19 00:34:42 52EA16D347630022056B5EA438CF6E9B 15902208 ----a-w- C:\Users\robin\Desktop\repair.exe
2013-03-19 00:33:39 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\Users\robin\bin\Launcher.exe
2013-03-19 00:17:03 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\gPotato.eu\Allods Online\Patches\Launcher\Launcher.exe
2013-03-19 00:13:54 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\bin\SyncVersion.exe
2013-03-19 00:13:52 313E12B63831FF30858C1329A4C8BF26 453432 ----a-w- C:\gPotato.eu\Allods Online\bin\AwesomiumProcess.exe
2013-03-19 00:13:08 71419860275321D5BE5D3E2ACE91A6B4 356432 ----a-w- C:\Users\robin\Desktop\4.0.00.63_Installer\Europe\UsingCAB\setup.exe
2013-03-18 23:35:39 6B7BE7519BBB3CE1DF7D462DF25AC056 357072 ----a-w- C:\Users\robin\Downloads\setup.exe
2013-03-18 23:06:21 6B1C3B805DE40EB0BFA9227DA07C98E9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IJ897CX.exe
2013-03-18 23:06:03 07472F9894F154A22A6039A4D146E800 52832 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RJ897CX.exe
2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe
2013-03-18 22:21:52 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader (1).exe
2013-03-18 22:21:23 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader.exe
2013-03-18 22:19:25 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN (1).exe
2013-03-18 22:19:08 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN.exe
2013-03-18 22:10:13 E4D7D418A28217A5600B56D569CC43C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I914ZT9.exe
2013-03-18 22:10:13 B36F01D47BD4EA35A437E9D1A8E56D05 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IG1EVO2.exe
2013-03-18 22:10:13 700C4D09D6279052C61E7B56EE344855 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IYZG0HJ.exe
2013-03-18 22:10:13 5AF0776A89816FB10157CF5B4D976570 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IXHJ992.exe
2013-03-18 22:10:13 4B4AE36B9EEC78977CC7F2B2DB290AC8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I5JNTKE.exe
2013-03-18 22:10:13 2FBEE6078063EDE26D10B152B174326A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IX6BIHB.exe
2013-03-18 22:08:57 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RG1EVO2.exe
2013-03-18 22:01:45 E020A3976D16E1F2A8069594858087C8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQJ7LUT.exe
2013-03-18 22:01:45 AC65A53BB90940109F9766FD86833934 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IZJK9KD.exe
2013-03-18 22:01:45 A475A61BCE820EE9DF95612DA94CAC99 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQCTZSG.exe
2013-03-18 22:01:45 61D92262779C9B93C80FE2EB74C38DD5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IABHSHK.exe
2013-03-18 22:01:45 5990C9386F30B9B8718C51B7506E0FBB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IBTIBUK.exe
2013-03-18 22:01:45 3FA22321062DF55B1FFD6C166F8D7A78 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIGXSNV.exe
2013-03-18 22:01:45 249C75DEE13ECBE399865E82FC32DA49 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I46J528.exe
2013-03-18 22:01:45 0D5EB6EDE52DA1BEB81F858CFC8EAE69 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I07JNGH.exe
2013-03-18 21:28:41 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R5JNTKE.exe
2013-03-18 20:58:13 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RX6BIHB.exe
2013-03-18 20:55:06 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RXHJ992.exe
2013-03-18 20:53:03 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RYZG0HJ.exe
2013-03-18 20:51:30 E53D24956C2F58369A4EB0E6C93BD50C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IFFT6G8.exe
2013-03-18 20:22:05 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R914ZT9.exe
2013-03-18 18:46:24 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RFFT6G8.exe
2013-03-18 18:43:16 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\Users\robin\Downloads\GP_Archlord_120927\ArchLord_Install_Global.exe
2013-03-18 18:26:32 88B0E7B40936A6C2E797F51307C5DC29 382000 ----a-w- C:\ProgramData\WEBZEN\BrowserPlugIns\CMStarterCore.exe
2013-03-18 18:26:31 BC49243557991AC42FCC01B8E3BB05D2 393216 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{95723791-2C44-454B-9220-C65D47D70E9C}\setup.exe
2013-03-18 18:25:36 3AC2E42844457F045A49613335CF8A93 2988376 ----a-w- C:\Users\robin\Downloads\WebzenBrowserExt.exe
2013-03-18 17:18:45 EC36905F2BF48A04478352A904940423 1502532270 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304sfx.exe
2013-03-18 17:18:45 9885ABD427DD3D4365AAB6FD2408C443 3555040 ----a-w- C:\AeriaGames\Downloader\aeria_ignite_install.exe
2013-03-18 17:18:43 D84C7A57E1CF45B6679C96AFDD219301 325936 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304.exe
2013-03-18 17:18:28 BCA477D7BF9EAF28656D4CD00749F7CD 4415736 ----a-w- C:\Users\robin\AppData\Local\Akamai\ControlPanel.exe
2013-03-18 17:18:18 495199CEAF9A4898499489DA7520FCDE 10027032 ----a-w- C:\Users\robin\AppData\Local\Akamai\netsession_installer.exe
2013-03-18 17:18:08 8732D16C1CAFE03844AEEC3C8B0B9EAD 471648 ----a-w- C:\Users\robin\Downloads\shaiya_us_downloader.exe
2013-03-18 16:45:22 22A5EC63B21858CFF6FF1CF24B63361C 750052485 ----a-w- C:\Users\robin\Downloads\AIKA_Setup_20130305.exe
2013-03-18 02:55:46 C0C9753E961614DC9F6C668E11D462BE 6523640 ----a-w- C:\Users\robin\Downloads\NCsoftLauncherSetup.exe
2013-03-18 02:48:06 5EB6B55DD94165E0E2ECBB4DD762B56B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIJN1T8.exe
2013-03-18 02:32:09 FAD9EC5660BBD7C1FD48B2ED8999F582 4517472 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\launcher\-gup-\jadeloadern.exe
2013-03-18 02:30:27 9C696DE81A6C41012248B274085CA5AC 289687 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\patcher\skin\image\patcher\patcher.exe
2013-03-18 01:18:53 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\uninstall.exe
2013-03-18 01:18:04 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\install.exe
2013-03-18 01:09:14 E2934E1222D095642AADD6C0EDF4457F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IC44ON1.exe
2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe
2013-03-18 00:47:02 5C98730B1E4BDBE19D8C5F9D86E74973 214992 ----a-w- C:\Program Files (x86)\Smart PC Cleaner\Startw3i.exe
2013-03-18 00:45:55 3217E030A7AA0ED2B2BAFEAAD4E8A3A0 1649344 ----a-w- C:\Users\robin\Downloads\FinalTorrent2012Setup.exe
2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe
2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe
2013-03-18 00:32:31 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RABHSHK.exe
2013-03-18 00:28:30 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQCTZSG.exe
2013-03-18 00:28:23 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RZJK9KD.exe
2013-03-18 00:26:25 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RBTIBUK.exe
2013-03-18 00:11:13 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R07JNGH.exe
2013-03-18 00:10:27 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RIGXSNV.exe
2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe
2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe
2013-03-17 23:42:23 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQJ7LUT.exe
2013-03-17 22:58:14 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\install.exe
2013-03-17 22:58:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\uninstall.exe
2013-03-17 22:57:10 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R46J528.exe
2013-03-16 11:39:53 609A3D40DE06CDD3A17B4D5D6E7AA279 1502560 ----a-w- C:\Users\robin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.152_chrome_updater.exe
=== C: other files ==
2013-03-19 00:13:54 37C2C5AEDD2F2BA4A076D474B3FD1BFD 3651080 ----a-w- C:\gPotato.eu\Allods Online\data\Mods\Docs\ModdingDocuments.zip
2013-03-18 23:03:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{012D6546-A8C8-45F1-9258-65590D307975}.bat
2013-03-18 17:27:20 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{D752F0DB-4189-41A7-9F1B-0C55298C40F8}.bat
2013-03-18 16:44:29 23C513D4833724C563F7796FC154EE1E 30804 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174429.zip
2013-03-18 16:43:57 444CEFBA2C0D43D46C93995AF24A2FC5 38708 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174357.zip
2013-03-18 16:43:27 B05EF378F602749AA345445827C8D127 33050 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174327.zip


==== Startup Registry Enabled ======================


[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"


[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"


[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"


[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"
"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"
"Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"


[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"


[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"


[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"ASUS Screen Saver Protector"="C:\Windows\AsScrPro.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"
"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"
"Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"


==== Startup Registry Enabled x64 ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SynAsusAcpi"="%ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe "


==== Startup Folders ======================


2011-04-13 02:49:43 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
2012-10-20 14:05:57 848 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk


==== Task Scheduler Jobs ======================


C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]


==== Chrome Look ======================


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]
bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]
dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[18/02/2013 23:13]
niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[]
pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx[]


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]


Funmoods - robin - Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
PriceGong - robin - Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
New Tab - robin - Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj


==== Chrome Fix ======================


C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully
C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully


==== Set IE to Default ======================


Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found


New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{35F54DFA-9BA6-A5F8-7509-102794E0C91A} AVG Secure Search Url="https://isearch.avg.com/search?cid={3571B91F-00F3-445F-90B1-23010F2B643F}&mid=060a13a6465a47d1b57f854de0d1e797-9fce1abf496bcc088b96d1054144cc7e07d5cee6&lang=nl&ds=AVG&pr=fr&d=2012-08-03"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"


==== Reset Google Chrome ======================


C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully


==== Deleting CLSID Registry Keys ======================


HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully


==== Deleting CLSID Registry Values ======================




==== shortcuts on Users Desktops ======================


C:\Users\robin\Desktop\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\Desktop\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\UpdatusUser\Desktop\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe


==== shortcuts on All Users Desktop ======================


C:\Users\Public\Desktop\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe
C:\Users\Public\Desktop\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe


==== shortcuts in Users Start Menu ======================


C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AikaOnline\AikaOnline.lnk - C:\T3fun\AikaOnline\AIKALauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online Website.lnk - C:\gPotato.eu\Allods Online\Allods Online.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Register.lnk - C:\gPotato.eu\Allods Online\Register.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Remove Allods Online.lnk - C:\gPotato.eu\Allods Online\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Forsaken World\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe


==== Reset IE Proxy ======================


Value(s) before fix:
"ProxyOverride"="<local>"
"ProxyEnable"=dword:00000000


Value(s) after fix:
"ProxyEnable"=dword:00000000


==== Deleting Registry Keys ======================


HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully


==== HijackThis Entries ======================


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


==== Empty IE Cache ======================


C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\robin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot


==== Empty FireFox Cache ======================


No FireFox Profiles found


==== Empty Chrome Cache ======================


C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


No Java Cache Found


After Reboot


==== Empty Temp Folders ======================


C:\Windows\Temp successfully emptied
C:\Users\robin\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== Deleting Files / Folders ======================


"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\ProgramData\Browser Manager" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR" not found


Alvast bedankt :D

#5 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 21 maart 2013 - 21:19

En hoe gaat het nu ?
Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#6 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 21 maart 2013 - 21:23

Het duurde al iets langer maar hij valt nog steeds uit.... hij moest ook al minder keer opnieuw opstarten voor het terug werkte...
Mvg

#7 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 21 maart 2013 - 21:44

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Hier kan je lezen hoe je Combofix moet gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: klik hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.
3. Dubbelklik op "Combofix.exe" om de tool te starten.
4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#8 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 21 maart 2013 - 22:09

hier het logje: Alvast bedankt

ComboFix 13-03-21.01 - robin 21/03/2013 21:56:58.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8098.5978 [GMT 1:00]
Gestart vanuit: c:\users\robin\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\robin\AppData\Local\assembly\tmp
c:\users\robin\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-02-21 to 2013-03-21 ))))))))))))))))))))))))))))))
.
.
2013-03-21 19:10 . 2013-03-21 21:03 -------- d-----w- c:\users\robin\AppData\Local\Temp
2013-03-21 19:10 . 2013-03-21 18:59 24064 ----a-w- c:\windows\zoek-delete.exe
2013-03-21 17:24 . 2013-03-21 17:24 388096 ----a-r- c:\users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-21 17:24 . 2013-03-21 17:24 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-21 17:21 . 2013-03-21 17:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-21 17:13 . 2013-03-21 17:13 -------- d-----w- c:\program files\HitmanPro
2013-03-21 17:11 . 2013-03-21 17:21 -------- d-----w- c:\programdata\HitmanPro
2013-03-20 21:05 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-19 17:20 . 2013-03-19 17:20 -------- d-----w- c:\users\robin\AppData\Roaming\InstallShield
2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\Profiles
2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\bin
2013-03-19 00:13 . 2013-03-19 00:13 -------- d-----w- C:\gPotato.eu
2013-03-18 18:26 . 2013-03-18 18:51 -------- d-----w- c:\program files (x86)\WEBZEN
2013-03-18 18:26 . 2012-03-27 18:13 230920 ----a-w- c:\windows\SysWow64\EPWZCmnCtrl.dll
2013-03-18 18:26 . 2013-03-18 18:26 -------- d-----w- c:\programdata\WEBZEN
2013-03-18 17:30 . 2013-03-18 17:30 -------- d-----w- c:\users\robin\AppData\Local\Aeria Games
2013-03-18 17:29 . 2013-03-18 17:29 -------- d-----w- c:\programdata\Aeria Games
2013-03-18 17:27 . 2013-03-18 23:03 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-03-18 17:18 . 2013-03-18 17:18 -------- d-----w- c:\users\robin\AppData\Local\Akamai
2013-03-18 17:18 . 2013-03-18 17:27 -------- d-----w- C:\AeriaGames
2013-03-18 16:49 . 2013-03-18 16:49 -------- d-----w- C:\T3fun
2013-03-18 05:46 . 2012-10-24 17:16 4702568 ----a-w- c:\windows\SysWow64\GameMon.des
2013-03-18 05:46 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2013-03-18 05:46 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2013-03-18 05:45 . 2013-03-18 05:45 -------- d-----w- c:\program files\Common Files\INCA Shared
2013-03-18 02:57 . 2013-03-21 21:01 -------- d-----w- c:\users\robin\AppData\Local\assembly
2013-03-18 02:56 . 2013-03-19 17:20 -------- d-----w- c:\program files (x86)\NCSoft
2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\programdata\Computer Updater
2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\users\robin\AppData\Local\Programs
2013-03-18 00:47 . 2013-03-18 01:03 -------- d-----w- c:\program files (x86)\Smart PC Cleaner
2013-03-18 00:16 . 2013-03-18 00:16 -------- d-----w- c:\users\robin\AppData\Roaming\TuneUp Software
2013-03-17 22:57 . 2013-03-17 22:57 -------- d-----w- c:\users\robin\.swt
2013-02-28 01:41 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 21:03 . 2012-01-04 12:32 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-03-14 02:04 . 2012-12-26 21:57 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-18 22:13 . 2012-08-03 20:21 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-12 05:45 . 2013-03-13 22:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 22:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 22:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 22:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 22:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 22:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-31 16:29 . 2013-01-31 16:29 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx
2013-01-31 16:29 . 2013-01-31 16:29 421888 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx
2013-01-31 16:29 . 2013-01-31 16:29 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx
2013-01-05 05:53 . 2013-02-16 17:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-16 17:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 17:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-16 17:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-16 17:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-16 17:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-16 17:21 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-16 17:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-16 17:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-16 17:21 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-16 17:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-16 17:21 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-16 17:21 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-17 3093624]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2013-03-19 43304]
"Akamai NetSession Interface"="c:\users\robin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-11-23 3058304]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-04 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job
- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job
- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1 195.130.131.4 195.130.130.132
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe
AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
AddRemove-outsparktb - c:\program files (x86)\outsparktb\uninstall.exe
AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
AddRemove-Funmoods - c:\users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Voltooingstijd: 2013-03-21 22:07:53 - machine werd herstart
ComboFix-quarantined-files.txt 2013-03-21 21:07
.
Pre-Run: 141.664.661.504 bytes beschikbaar
Post-Run: 141.072.855.040 bytes beschikbaar
.
- - End Of File - - 9D15F91023430192AFD3B1B36D98FF22

#9 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 21 maart 2013 - 22:12

Ruimt lekker op zo, vertel even hoe het nu gaat.

Ps: heeft hitmanpro nog iets gevonden ?
Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#10 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 21 maart 2013 - 22:23

Moet ik hitman nog eens laten scannen? ik heb er in ieder geval niets meer van gehoord :) en windows verkenner crasht nog steeds... er komt meestal een explorer foutmelding op die het volgende zegt:
explorer.exe-toepassingsfout
De instructie op 0X800051da verwijst naar geheugen op 0X026b8000. Een lees- of schrijfbewerking op het geheugen mislukt: written.
Klik op OK als u het programma wilt beëindigen.
Ik weet niet of dit hier iets mee te maken heeft , ik laat het maar gewoon weten
Mvg Robin

#11 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 22 maart 2013 - 09:48

http://forums.cnet.c...orer-exe-crash/

Er zit duidelijk iets niet goed.

Bewerkt door juisterr, 22 maart 2013 - 09:52.

Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#12 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 22 maart 2013 - 18:02

jha dat had ik ook al door... weet je iets dat misschien zou kunnen helpen?

#13 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 22 maart 2013 - 18:11

Probeer dit eens.

Download Windows Repair all in one (Portable)
van deze site: Windows Repair (All-in-One) Portable Download
Druk op de blauwe download knop, dus niet op de groene want dit is een add van google.
Belangrijk plaats deze op het bureaublad.
Start het programma.
Windows 7 en Vista gebruikers rechtsklik -> uitvoeren als Administrator.
Ga naar stap 3 en ga ermee akkoord dat SFC (System File Check) gestart wordt.

Daarna ga je naar Start Repairs en klik op start.
Selecteer de volgende items en klik op restart system when finished.

Geplaatste Afbeelding
Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#14 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 22 maart 2013 - 19:04

Ik heb het programma laten scannen , hier is het logje , voor de moment is het nog niet gecrasht.
Mvg Robin

Starting Repairs...
Start (22/03/2013 18:30:18)


Reset File Permissions 01/20
C:\$AVG & Sub Folders
Start (22/03/2013 18:30:18)
Running Repair Under System Account
Done (22/03/2013 18:30:20)


Reset File Permissions 02/20
C:\AeriaGames & Sub Folders
Start (22/03/2013 18:30:20)
Running Repair Under System Account
Done (22/03/2013 18:30:23)


Reset File Permissions 03/20
C:\AsusVibeData & Sub Folders
Start (22/03/2013 18:30:23)
Running Repair Under System Account
Done (22/03/2013 18:30:25)


Reset File Permissions 04/20
C:\Boot & Sub Folders
Start (22/03/2013 18:30:26)
Running Repair Under System Account
Done (22/03/2013 18:30:28)


Reset File Permissions 05/20
C:\codec-info & Sub Folders
Start (22/03/2013 18:30:28)
Running Repair Under System Account
Done (22/03/2013 18:30:31)


Reset File Permissions 06/20
C:\Config.Msi & Sub Folders
Start (22/03/2013 18:30:31)
Running Repair Under System Account
Done (22/03/2013 18:30:33)


Reset File Permissions 07/20
C:\eSupport & Sub Folders
Start (22/03/2013 18:30:33)
Running Repair Under System Account
Done (22/03/2013 18:30:48)


Reset File Permissions 08/20
C:\gPotato.eu & Sub Folders
Start (22/03/2013 18:30:48)
Running Repair Under System Account
Done (22/03/2013 18:30:50)


Reset File Permissions 09/20
C:\Intel & Sub Folders
Start (22/03/2013 18:30:50)
Running Repair Under System Account
Done (22/03/2013 18:30:53)


Reset File Permissions 10/20
C:\MSOCache & Sub Folders
Start (22/03/2013 18:30:53)
Running Repair Under System Account
Done (22/03/2013 18:30:55)


Reset File Permissions 11/20
C:\Perfect World Entertainment & Sub Folders
Start (22/03/2013 18:30:55)
Running Repair Under System Account
Done (22/03/2013 18:30:58)


Reset File Permissions 12/20
C:\PerfLogs & Sub Folders
Start (22/03/2013 18:30:58)
Running Repair Under System Account
Done (22/03/2013 18:31:00)


Reset File Permissions 13/20
C:\Program Files & Sub Folders
Start (22/03/2013 18:31:00)
Running Repair Under System Account
Done (22/03/2013 18:31:13)


Reset File Permissions 14/20
C:\Program Files (x86) & Sub Folders
Start (22/03/2013 18:31:13)
Running Repair Under System Account
Done (22/03/2013 18:32:13)


Reset File Permissions 15/20
C:\ProgramData & Sub Folders
Start (22/03/2013 18:32:13)
Running Repair Under System Account
Done (22/03/2013 18:32:38)


Reset File Permissions 16/20
C:\Qoobox & Sub Folders
Start (22/03/2013 18:32:38)
Running Repair Under System Account
Done (22/03/2013 18:32:41)


Reset File Permissions 17/20
C:\Recovery & Sub Folders
Start (22/03/2013 18:32:41)
Running Repair Under System Account
Done (22/03/2013 18:32:44)


Reset File Permissions 18/20
C:\T3fun & Sub Folders
Start (22/03/2013 18:32:44)
Running Repair Under System Account
Done (22/03/2013 18:32:46)


Reset File Permissions 19/20
C:\temp & Sub Folders
Start (22/03/2013 18:32:46)
Running Repair Under System Account
Done (22/03/2013 18:32:49)


Reset File Permissions 20/20
C:\Windows & Sub Folders
Start (22/03/2013 18:32:49)
Running Repair Under System Account
Done (22/03/2013 18:42:19)


Reset File Permissions: Cleanup
& Sub Folders
Start (22/03/2013 18:42:19)
Running Repair Under System Account
Done (22/03/2013 18:42:22)


Register System Files
Start (22/03/2013 18:42:22)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:42:51)


Repair WMI
Start (22/03/2013 18:42:51)
Running Repair Under Current User Account
Ongeldige schakeloptie voor Global.


Ongeldige schakeloptie voor Global.


Running Repair Under System Account
Ongeldige schakeloptie voor Global.


Ongeldige schakeloptie voor Global.


Done (22/03/2013 18:44:10)


Repair Windows Firewall
Start (22/03/2013 18:44:10)
Running Repair Under Current User Account
De Internet Connection Sharing (ICS)-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


Kan de Internet Connection Sharing (ICS)-service niet starten.


De service heeft geen fout gemeld.


Typ NET HELPMSG 3534 voor meer hulp.


Running Repair Under System Account
De Internet Connection Sharing (ICS)-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


Kan de Internet Connection Sharing (ICS)-service niet starten.


De service heeft geen fout gemeld.


Typ NET HELPMSG 3534 voor meer hulp.


Done (22/03/2013 18:44:41)


Repair Internet Explorer
Start (22/03/2013 18:44:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:44:50)


Repair MDAC/MS Jet
Start (22/03/2013 18:44:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:44:57)


Remove Policies Set By Infections
Start (22/03/2013 18:44:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:45:02)


Repair Winsock & DNS Cache
Start (22/03/2013 18:45:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:45:15)


Repair Proxy Settings
Start (22/03/2013 18:45:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:45:19)


Unhide Non System Files
Start (22/03/2013 18:45:19)
C:\ - Total Files Unhidden: 479
D:\ - Total Files Unhidden: 0
E:\ - Total Files Unhidden: 0
F:\ - Total Files Unhidden: 0
Q:\ - Total Files Unhidden: 0
Done (22/03/2013 18:46:00)


Repair Windows Updates
Start (22/03/2013 18:46:00)
Running Repair Under Current User Account
De Background Intelligent Transfer Service-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


De Windows Update-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


Het systeem kan het opgegeven bestand niet vinden.
Running Repair Under System Account
De Cryptographic Services-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


De Background Intelligent Transfer Service-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


De Windows Update-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


Het systeem kan het opgegeven bestand niet vinden.
Done (22/03/2013 18:46:11)


Repair Volume Shadow Copy Service
Start (22/03/2013 18:46:11)
Running Repair Under Current User Account
De Volume Shadow Copy-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


De Microsoft Software Shadow Copy Provider-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


Running Repair Under System Account
De Volume Shadow Copy-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


De Microsoft Software Shadow Copy Provider-service is niet gestart.


Typ NET HELPMSG 3521 voor meer hulp.


Done (22/03/2013 18:46:16)


Repair MSI (Windows Installer)
Start (22/03/2013 18:46:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:25)


Repair Windows Safe Mode
Start (22/03/2013 18:46:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:29)


Repair Print Spooler
Start (22/03/2013 18:46:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:42)


Restore Important Windows Services
Start (22/03/2013 18:46:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:47)


Set Windows Services To Default Startup
Start (22/03/2013 18:46:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:52)


Cleaning up empty logs...


All Selected Repairs Done.
Done (22/03/2013 18:46:52)
Total Repair Time: 00:16:34




...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account

- - - Updated - - -

ok hij is net terug gecrasht... probleem dus nog niet opgelost... Mvg

#15 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 22 maart 2013 - 19:28

Waar had je het logje teruggevonden ?

Wil je onderstaande eens proberen ?
Doe het volgende: download Farbar Service Scanner
Zorg ervoor dat het tool vervolgens op het buraublad geplaatst wordt.


"Farbar Service Scanner" gebruiken:

  • Sluit nu eerst alle nog openstaande programmavensters!

  • Windows 2000 en Windows XP: start het tool middels dubbelklik op "FSS.exe".
  • Windows Vista en Windows 7: start het tool middels rechtsklik op "FSS.exe" en dan kiezen voor Als Administrator uitvoeren.




  • Zorg er voor dat het volgende onderdeel is aangevinkt:

    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
  • Klik nu op de knop "Scan".
  • Aansluitend wordt een log aangemaakt (FSS.txt) in de zelfde map waar "FSS.exe" in zit.
  • Kopieer en plak de inhoud van het log in jouw volgende bericht.

Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#16 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 23 maart 2013 - 13:27

hier is het logje: Mvg Robin

Farbar Service Scanner Version: 03-03-2013
Ran by robin (administrator) on 23-03-2013 at 13:26:47
Running from "C:\Users\robin\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************


Internet Services:
============


Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.




Windows Firewall:
=============


Firewall Disabled Policy:
==================




System Restore:
============


System Restore Disabled Policy:
========================




Action Center:
============


Other Services:
==============




File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit




**** End of log ****

#17 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 23 maart 2013 - 14:51

Enige verbetering ?
Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#18 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 24 maart 2013 - 12:59

Nee , hij crasht nog steeds , ook meestal bij het opstarten.
Mvg

#19 juisterr

juisterr

    Super Moderator

  • Super Moderator
  • 1823 berichten

Geplaatst 24 maart 2013 - 13:36

Wil je je Windows eens updaten nu.
Mijn afbeelding is een ouwe trol. :D
Dit is geen link, erop klikken is zinloos.

#20 robij

robij

    Lid

  • Lid
  • PipPipPip
  • 40 berichten

Geplaatst 26 maart 2013 - 14:05

waar doe ik dit?




0 gebruiker(s) lezen dit onderwerp

0 leden, 0 gasten, 0 anonieme gebruikers

Over ons

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!