Ga naar inhoud

windows verkenner werkt niet meer


Aanbevolen berichten

Ik heb hetzelfde probleem , als ik mijn documenten ofzo wil openen komt er op ' windows verkenner werkt niet meer' Deze word dan afgesloten en opnieuw opgestart, en zo gaat dat een aantal keer. Ik heb alles hierboven gelezen en heb de 2 logjes al gemaakt:

Hitman:

HitmanPro 3.7.2.190
www.hitmanpro.com


  Computer name . . . . : ROBIN-PC
  Windows . . . . . . . : 6.1.1.7601.X64/8
  User name . . . . . . : robin-PC\robin
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Trial (30 days left)


  Scan date . . . . . . : 2013-03-21 18:13:57
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 6m 28s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No


  Threats . . . . . . . : 2
  Traces  . . . . . . . : 403


  Objects scanned . . . : 1.520.864
  Files scanned . . . . : 33.988
  Remnants scanned  . . : 441.914 files / 1.044.962 keys


Malware _____________________________________________________________________


  C:\Users\robin\Downloads\DownloadManagerSetup.exe -> Deleted
     Size . . . . . . . : 1.115.544 bytes
     Age  . . . . . . . : 106.7 days (2012-12-05 01:22:05)
     Entropy  . . . . . : 6.8
     SHA-256  . . . . . : 0549C54DBE2F1A671046DD883BF2DD94C4E6A6B4458E2D412A21812A72243062
   > G Data . . . . . . : Gen:Variant.Graftor.73061 (Engine A)
   > Ikarus . . . . . . : AdWare.SuspectCRC!IK
     Fuzzy  . . . . . . : 106.0


  C:\Users\robin\Downloads\PDFCreatorSetup.exe -> Quarantined
     Size . . . . . . . : 561.160 bytes
     Age  . . . . . . . : 429.0 days (2012-01-17 18:48:29)
     Entropy  . . . . . : 7.9
     SHA-256  . . . . . : 58B5EB841EF73D9F4BAA5C3C612054C150D7DD2F00AC79A507AD8E77ABFAFFA6
     RSA Key Size . . . : 2048
     Authenticode . . . : Self-signed
   > G Data . . . . . . : Gen:Variant.Application.InstallCore.1 (Engine A)
     Fuzzy  . . . . . . : 117.0




Suspicious files ____________________________________________________________


  C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
     Size . . . . . . . : 10.570.224 bytes
     Age  . . . . . . . : 2.7 days (2013-03-19 01:49:56)
     Entropy  . . . . . : 7.4
     SHA-256  . . . . . : 79F24008F237E01DEDF4D4A74F272937A56D2B3733C6D6523AC8EC915D8CB448
     Product  . . . . . : Allods Online EU EN
     Publisher  . . . . : © 2011 Allods Team, Mail.Ru Games
     Description  . . . : Allods Online. Update system.
     Version  . . . . . : 4.0.0.67
     Copyright  . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/>
     RSA Key Size . . . : 2048
     Authenticode . . . : Invalid
     Fuzzy  . . . . . . : 25.0
        Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        Authors name is missing in version info. This is not common to most programs.
     Forensic Cluster
        -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\
        -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent
        -1.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\
         0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
         7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
         9.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll
        12.6s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll
        12.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll
        13.4s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll
        16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version
        16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll


  C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
     Size . . . . . . . : 4.422.992 bytes
     Age  . . . . . . . : 2.7 days (2013-03-19 01:50:03)
     Entropy  . . . . . : 5.2
     SHA-256  . . . . . : 9022B710AC31D9697656623E0FBFC15D85EA603F22296671AB7F58041FC0D62F
     Product  . . . . . : Microsoft® Visual Studio® 10
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : MFCDLL Shared Library - Retail Version
     Version  . . . . . : 10.00.40219.325
     Copyright  . . . . : © Microsoft Corporation.  All rights reserved.
     RSA Key Size . . . : 2048
     Authenticode . . . : Invalid
     Fuzzy  . . . . . . : 22.0
        Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
        Time indicates that the file appeared recently on this computer.
     Forensic Cluster
        -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\
        -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent
        -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\
        -7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe
         0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll
         1.5s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll
         4.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll
         5.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll
         5.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll
         9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version
         9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll


  C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
     Size . . . . . . . : 10.570.224 bytes
     Age  . . . . . . . : 2.7 days (2013-03-19 01:40:52)
     Entropy  . . . . . : 5.9
     SHA-256  . . . . . : 7E008347D34B45ECD104E58BF82DD02C8AAECA3FA68267B5B75768829F3C7C00
     Product  . . . . . : Allods Online EU EN
     Publisher  . . . . : © 2011 Allods Team, Mail.Ru Games
     Description  . . . : Allods Online. Update system.
     Version  . . . . . : 4.0.0.67
     Copyright  . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/>
     RSA Key Size . . . : 2048
     Authenticode . . . : Invalid
     Fuzzy  . . . . . . : 23.0
        Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
        Time indicates that the file appeared recently on this computer.
        Authors name is missing in version info. This is not common to most programs.
     Forensic Cluster
        -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\
        -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent
        -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\
         0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
         2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
         2.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll
         3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll
         3.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll
         3.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll
         5.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll
         5.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll
        13.2s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version


  C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
     Size . . . . . . . : 4.422.992 bytes
     Age  . . . . . . . : 2.7 days (2013-03-19 01:40:54)
     Entropy  . . . . . : 3.8
     SHA-256  . . . . . : A8CF1635FCA88FFA01EBF14C6B307601A5C34837C8C0C211B81D2E01F45CA68D
     Product  . . . . . : Microsoft® Visual Studio® 10
     Publisher  . . . . : Microsoft Corporation
     Description  . . . : MFCDLL Shared Library - Retail Version
     Version  . . . . . : 10.00.40219.325
     Copyright  . . . . : © Microsoft Corporation.  All rights reserved.
     RSA Key Size . . . : 2048
     Authenticode . . . : Invalid
     Fuzzy  . . . . . . : 22.0
        Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
        Time indicates that the file appeared recently on this computer.
     Forensic Cluster
        -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\
        -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent
        -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\
        -2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe
         0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll
         0.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll
         0.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll
         1.4s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll
         1.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll
         2.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll
         3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll
        10.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version


  C:\Windows\SysWOW64\GameMon.des
     Size . . . . . . . : 4.702.568 bytes
     Age  . . . . . . . : 3.5 days (2013-03-18 06:46:25)
     Entropy  . . . . . : 7.9
     SHA-256  . . . . . : 05312FF57D5FB500E5C14669A4409840F25BB524731C75F5F220744F4B687460
     Product  . . . . . : nProtect Game Monitor
     Publisher  . . . . : INCA Internet Co., Ltd.
     Description  . . . : nProtect Game Monitor Rev 1909
     Version  . . . . . : 2012.10.25.1
     Copyright  . . . . : Copyright ⓒ 2000-2011 INCA Internet
     Service  . . . . . : npggsvc
     Fuzzy  . . . . . . : 31.0
        The file name extension of this program is not common.
        Starts automatically as a service during system bootup.
        Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
        Time indicates that the file appeared recently on this computer.
        The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
     Startup
        HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
     Forensic Cluster
        -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\
        -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgl.erl
        -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgl.erl
        -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgg.erl
        -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg.erl
        -35.7s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.ver
        -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Lineage2us.ini
        -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.des
        -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgmup.erl
        -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.erl
        -35.4s C:\Program Files\Common Files\INCA Shared\
        -35.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\
        -14.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameMon.des
        -14.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg9x.des
        -12.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.des
        -12.4s C:\Windows\SysWOW64\nppt9x.vxd
        -11.9s C:\Windows\SysWOW64\npptNT2.sys
        -11.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Splash.jpg
        -8.9s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggscan.des
        -8.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggerror.des
        -6.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.des
        -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgm.erl
        -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgm.erl
         0.0s C:\Windows\SysWOW64\GameMon.des
         3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npsc.erl
         3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.erl




Potential Unwanted Programs _________________________________________________


  C:\Program Files (x86)\BabylonToolbar\ (Babylon)
  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\ (Babylon)
  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\ (Babylon)
  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll (Babylon)
     Size . . . . . . . : 333.824 bytes
     Age  . . . . . . . : 240.8 days (2012-07-23 23:49:10)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : D309E2C318742254C950EAD3C53FA2B2A35BFBD019371CA79EC6C2159650C520
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.5.29.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll (Babylon)
     Size . . . . . . . : 546.816 bytes
     Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : C177A19D6A6E7CEF31A97332F09FE7B9A7B9B1B3672A8BA78588584C38D33C03
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.5.29.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe (Babylon)
     Size . . . . . . . : 368.640 bytes
     Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : EB45B35335FD017B270D4540ECF54CD222C6008A86D4368372CF1AF2E8B72243
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.5.29.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon)
     Size . . . . . . . : 256.000 bytes
     Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 10C5F609A94F6CD865E541C3D05AA5D1E971EF4B74BF6CF10388181741E50B16
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.5.29.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\ (Babylon)
  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon)
     Size . . . . . . . : 240.640 bytes
     Age  . . . . . . . : 240.8 days (2012-07-23 23:49:10)
     Entropy  . . . . . : 6.2
     SHA-256  . . . . . : 9618A5E352853748D42AC2980C55B51C5146A94EDC8D14A293432A7BFA9C53FA
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon BHO
     Description
     Version  . . . . . : 1.5.29.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll (Babylon)
     Size . . . . . . . : 58.880 bytes
     Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
     Entropy  . . . . . : 5.6
     SHA-256  . . . . . : 00489A8E6828E7F11E37CBCF5A97F43AD45908655426790F602AB60496136341
     Fuzzy  . . . . . . : 6.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe (Babylon)
     Size . . . . . . . : 200.914 bytes
     Age  . . . . . . . : 240.8 days (2012-07-23 23:49:11)
     Entropy  . . . . . : 7.9
     SHA-256  . . . . . : 11491E5936388AFEAD34FB739426B206ED17E93150769289A6DCD3F2DD7F3271
     Product  . . . . . : ${PRDCT_DSP}
     Publisher  . . . . : BabylonToolbar
     Version  . . . . . : 1.5.29.1
     Fuzzy  . . . . . . : 8.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\ (Babylon)
  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll (Babylon)
     Size . . . . . . . : 308.736 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : ADD621CD1EC5A282E07CFA41250B52EE820D8A89C0A819E82557897089FD712B
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.8.3.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll (Babylon)
     Size . . . . . . . : 579.584 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : AC4E68C20B4F64B1546F7B55AFBB32DED38D0CF0337CE4742E1D0CBDB15A5BC6
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.8.3.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe (Babylon)
     Size . . . . . . . : 374.784 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 47C8F3A5AC427F18C545CDA027257C38BDAEAED2CBD49518838FEEF6592E7D52
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.8.3.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon)
     Size . . . . . . . : 314.368 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : 21275C775E5E93EEBE3F6E803E73054653426F283423578141D3F57F1AD6A33C
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon Ltd.
     Description
     Version  . . . . . : 1.8.3.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Fuzzy  . . . . . . : 0.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\ (Babylon)
  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon)
     Size . . . . . . . : 242.176 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : F85834893853C11B10425403A6938675446692445695B5F87C39A6A762E9851C
     Product  . . . . . : Babylon Toolbar
     Publisher  . . . . : Babylon BHO
     Description
     Version  . . . . . : 1.8.3.0
     Copyright  . . . . :  (c) Babylon Ltd.  All rights reserved.
     Gossip . . . . . . : (x86)
     Fuzzy  . . . . . . : 2.0
     Startup
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\
     References
        HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr.1\
        HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr\
        HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\
        HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\
        HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}\


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\escortShld.dll (Babylon)
     Size . . . . . . . : 58.880 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
     Entropy  . . . . . : 5.6
     SHA-256  . . . . . : 8B38150889A505698CEE1255D5B12C9E6C98CC084319A8BE8895B22C726094C3
     Fuzzy  . . . . . . : 6.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe (Babylon)
     Size . . . . . . . : 340.632 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:24)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 271FA432566E331545A31BF6AF149897CE5EB70E0A3F4FBEFA355E6986BE5294
     Product  . . . . . : Uninstaller
     Publisher  . . . . : Babylon Ltd.
     Description  . . . : Uninstaller Application
     Version  . . . . . : 9.0.6.15
     Copyright  . . . . : Copyright © Babylon Ltd. 1997-2012
     RSA Key Size . . . : 2048
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -7.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\uninstall.exe (Babylon)
     Size . . . . . . . : 203.616 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:20)
     Entropy  . . . . . : 7.9
     SHA-256  . . . . . : 9934FFDBE0630FB072A603BE60CDDC43CAD16AC1C8209291DFD2643A7082B695
     Product  . . . . . : ${PRDCT_DSP}
     Publisher  . . . . : BabylonToolbar
     Version  . . . . . : 1.8.3.8
     Fuzzy  . . . . . . : 8.0


  C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\BabylonTB.xpi (Babylon)
  C:\Program Files (x86)\Funmoods\ (Funmoods)
  C:\Program Files (x86)\Funmoods\1.5.23.22\ (Funmoods)
  C:\Program Files (x86)\Funmoods\1.5.23.22\bh\ (Funmoods)
  C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods)
     Size . . . . . . . : 243.664 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 28DB84D7AB96A9C4ECF008B812A78D914BCA89850AD75E33FDBF3BE43C09129A
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods BHO
     Description
     Version  . . . . . : 1.5.23.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -13.0
     Startup
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\
     References
        HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\
        HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr.1\
        HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr\
        HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\
        HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\


  C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (Funmoods)
     Size . . . . . . . : 338.384 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : A7533C3D5F698AF138D64F0D77F4680A56878BD421ACAA810C8D685F61232B80
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.23.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (Funmoods)
     Size . . . . . . . : 551.888 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : 78DB11A88A4F49304980D8FE2F6B13FDA74E1A67515BF0915DF3435B9497E71A
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.23.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods)
     Size . . . . . . . : 251.856 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : BAC85636258261878970E711F8F7DBFD3AD01997BAB124A14CF7DCB376152AAE
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.23.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (Funmoods)
     Size . . . . . . . : 64.464 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 5.9
     SHA-256  . . . . . : 5C0BC2F9A2BED296F4E76E834C091B7F62E9250A929F9EB4483D1264F8678F52
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -9.0


  C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (Funmoods)
  C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (Funmoods)
     Size . . . . . . . : 410.064 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 783C77CF63113685A76DBA8163B19D6FF1394E79AC007FF5795CCBD485680939
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.23.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (Funmoods)
     Size . . . . . . . : 599.419 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 6.5
     SHA-256  . . . . . : 3E5A28FFDE07AC661C26B6CCF94E64C1C90B1F25B3B24C90605AA922B87642EB
     Fuzzy  . . . . . . : -2.0


  C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (Funmoods)
  C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (Funmoods)
     Size . . . . . . . : 397.312 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:43:57)
     Entropy  . . . . . : 6.2
     SHA-256  . . . . . : 9715DA68E2DD04EECD6A11233EA154D7BAE56B5613B68E670EE497DCE7F983C5
     Product  . . . . . : Setup©                      
     Publisher  . . . . : Setup ©                       
     Description  . . . : Setup                     
     Version  . . . . . : 2.2.0.344
     Copyright  . . . . :                                     
     Fuzzy  . . . . . . : -11.0


  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\ (Funmoods)
  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\ (Funmoods)
  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll (Funmoods)
     Size . . . . . . . : 243.664 bytes
     Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : D11C298153EF7BFE88EDC082BF8BE03CF0681DAA22864D6A228E58BA9321EB6D
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods BHO
     Description
     Version  . . . . . : 1.5.19.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\escortShld.dll (Funmoods)
     Size . . . . . . . : 64.464 bytes
     Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
     Entropy  . . . . . : 5.9
     SHA-256  . . . . . : 00C1673F3405E82CBA80E1AB03CF3C955C4BB52F4480F472BA5D1728DD177111
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -9.0


  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsApp.dll (Funmoods)
     Size . . . . . . . : 337.872 bytes
     Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : 65293818E9A72B09CF2EA293FDDD132FA0EBFA04D6BC5D2A56D06E909F2879C4
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.19.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsEng.dll (Funmoods)
     Size . . . . . . . : 550.352 bytes
     Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : AFF4B25637A43F303EE5E32A479677853CFC3E3E68AAD1A4B76AE1D33D042410
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.19.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsOEM.crx (Funmoods)
  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodssrv.exe (Funmoods)
     Size . . . . . . . : 409.040 bytes
     Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : BE806BE8713C56753EB0B1D33126B62B5738FF98FD10CA5F1F20127198B958C8
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.19.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll (Funmoods)
     Size . . . . . . . : 251.344 bytes
     Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : C1CC903567551BFD219D075432618FF0571D61DE04EA38923BCD37BD32D70720
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Description
     Version  . . . . . : 1.5.19.0
     Copyright  . . . . :  (c) Funmoods.com.  All rights reserved.
     RSA Key Size . . . : 4096
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -15.0


  C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\uninstall.exe (Funmoods)
     Size . . . . . . . : 238.518 bytes
     Age  . . . . . . . : 324.8 days (2012-04-30 22:48:54)
     Entropy  . . . . . : 7.5
     SHA-256  . . . . . : C669B52408A0163B16B40BC75D29421CBB33DC6D3C208A90B1892911B40DFCCA
     Product  . . . . . : Funmoods
     Publisher  . . . . : Funmoods
     Version  . . . . . : 1.5.19.3
     Fuzzy  . . . . . . : -4.0


  C:\Program Files (x86)\Yontoo\ (Yontoo)
  C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo)
     Size . . . . . . . : 133.632 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:44:00)
     Entropy  . . . . . : 6.4
     SHA-256  . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66
     Fuzzy  . . . . . . : 6.0


  C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo)
     Size . . . . . . . : 194.928 bytes
     Age  . . . . . . . : 130.1 days (2012-11-11 14:44:00)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9
     Product  . . . . . : Yontoo Runtime
     Publisher  . . . . : Yontoo LLC
     Description  . . . : Yontoo Runtime
     Version  . . . . . : 1.10.01
     Copyright  . . . . : Copyright (c) 2011 Yontoo LLC.  All rights reserved.
     RSA Key Size . . . : 1024
     Authenticode . . . : Valid
     Fuzzy  . . . . . . : -5.0
     Startup
        HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
     References
        HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\
        HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\
        HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\
        HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\
        HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\


  C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo)
  C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx (Funmoods)
  C:\Users\robin\AppData\Local\funmoods.crx (Funmoods)
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (Claro)
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (Claro)
  C:\Users\robin\AppData\LocalLow\BabylonToolbar\ (Babylon)
  C:\Users\robin\AppData\Roaming\Babylon\ (Babylon)
  C:\Users\robin\AppData\Roaming\Babylon\log_file.txt (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\ (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\ (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll (Babylon)
     Size . . . . . . . : 531.968 bytes
     Age  . . . . . . . : 225.1 days (2012-08-08 14:43:56)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
     Product  . . . . . : BU Dynamic Link Library
     Description  . . . : BU Dynamic Link Library
     Version  . . . . . : 2.0.0.4
     Copyright  . . . . : Copyright (C) 1997-2012
     Fuzzy  . . . . . . : -7.0


  C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\ (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll (Babylon)
     Size . . . . . . . : 531.968 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:30)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
     Product  . . . . . : BU Dynamic Link Library
     Description  . . . : BU Dynamic Link Library
     Version  . . . . . : 2.0.0.4
     Copyright  . . . . : Copyright (C) 1997-2012
     Fuzzy  . . . . . . : -7.0


  C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\ (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll (Babylon)
     Size . . . . . . . : 531.968 bytes
     Age  . . . . . . . : 130.2 days (2012-11-11 14:35:30)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
     Product  . . . . . : BU Dynamic Link Library
     Description  . . . : BU Dynamic Link Library
     Version  . . . . . : 2.0.0.4
     Copyright  . . . . : Copyright (C) 1997-2012
     Fuzzy  . . . . . . : -7.0


  C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\ (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BabyTBConf.ini (Babylon)
  C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll (Babylon)
     Size . . . . . . . : 531.968 bytes
     Age  . . . . . . . : 225.1 days (2012-08-08 14:43:56)
     Entropy  . . . . . : 6.3
     SHA-256  . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED
     Product  . . . . . : BU Dynamic Link Library
     Description  . . . : BU Dynamic Link Library
     Version  . . . . . : 2.0.0.4
     Copyright  . . . . : Copyright (C) 1997-2012
     Fuzzy  . . . . . . : -7.0


  C:\Users\robin\AppData\Roaming\Funmoods\ (Funmoods)
  C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\ (Funmoods)
  C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\config.dat (Funmoods)
  C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (Funmoods)
     Size . . . . . . . : 94.720 bytes
     Age  . . . . . . . : 22.7 days (2013-02-27 01:54:19)
     Entropy  . . . . . : 6.5
     SHA-256  . . . . . : 491E56FC62E891DD80A5321BB201577FD42BFFB11627F44220EA10D6CA3F0107
     Fuzzy  . . . . . . : 6.0


  HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo)
  HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
  HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
  HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
  HKLM\SOFTWARE\Classes\b\ (Babylon)
  HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon)
  HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon)
  HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon)
  HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods)
  HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon)
  HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon)
  HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc\ (Funmoods)
  HKLM\SOFTWARE\Classes\f\ (Funmoods)
  HKLM\SOFTWARE\Classes\funmoods.dskBnd.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\funmoods.dskBnd\ (Funmoods)
  HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr\ (Funmoods)
  HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1\ (Funmoods)
  HKLM\SOFTWARE\Classes\funmoodsApp.appCore\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
  HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
  HKLM\SOFTWARE\Classes\Prod.cap\ (Claro)
  HKLM\SOFTWARE\Classes\s\ (Softonic)
  HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
  HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
  HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
  HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
  HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
  HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo)
  HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods)
  HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo)
  HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo)
  HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo)
  HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo)
  HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
  HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\ (Claro)
  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo)
  HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo)
  HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU)
  HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
  HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
  HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo)
  HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph\ (Claro)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}\ (Funmoods)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (Funmoods)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\funmoods\ (Funmoods)
  HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ (Claro)
  HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
  HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\BabylonToolbar\ (Babylon)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr\ (SearchQU)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr_Toolbar\ (SearchQU)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Funmoods\ (Funmoods)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Main\bProtector Start Page (Claro)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo)
  HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo)


Cookies _____________________________________________________________________


  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:123sexmatch.be
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adperium.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.nl
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.inhabitat.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.movielush.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pixfuture.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.publicidad.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.zenoviaexchange.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:avgtechnologies.112.2o7.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmedbelgique.solution.weborama.fr
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livenation.122.2o7.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.sexsearchcom.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hub.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hubcam.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubads.g.doubleclick.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexdatingamateur.be
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexefriend.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexychicks4youn0w.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.be
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:view.atdmt.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:wt.socialsex.biz
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.belstat.nl
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.****hub.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexefriend.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.socialsex.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.you****.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:you****.com
  C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com
  C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\2F8KSW7R.txt
  C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\5O2TP21U.txt
  C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\CNASHRJV.txt
  C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\MARL94OR.txt
  C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\U2S53DK7.txt




Hijack This:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:29:49, on 21/03/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16470)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\syncables\syncables desktop\syncables.exe

C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll

O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file)

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.aeriagames.com

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15376 bytes

aangepast door Jion
Link naar reactie
Delen op andere sites

  • Reacties 45
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll

O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file)

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)

O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll

O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll

O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)

O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll

O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map :

C:\\Program Files\\Trend Micro\\HiJackThis of C:\\Program Files (x86)\\Trend Micro\\HiJackThis.

- - - Updated - - -

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.
    startupall;
    filesrcm;
    


  • Klik op de knop "Options" en vink nu de onderstaande opties aan.


    • Running processes
    • Recently Created
    • Startup Information
    • Installed Programs
    • HijackThis Log
    • Chrome Look
    • System Specs
    • Reset Chrome
    • Reset IE proxy
    • Shortcut Fix
    • IE Defaults
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Ik heb gedaan wat u zei , hier is het logje:

Zoek.exe Version 4.0.0.2 Updated 20-03-2013

Tool run by robin on do 21/03/2013 at 19:59:51,13.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== Running Processes ======================

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\winlogon.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\syncables\syncables desktop\syncables.exe

C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe

C:\Program Files\Logitech\SetPoint II\SetPointII.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

C:\Windows\explorer.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\Desktop\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully

==== Installed Programs ======================

??? ActiveX ?? Windows Live Mesh ???? ??????? ???????

???? ??? Windows Live

???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????

???? Windows Live

????? Windows Live

?????? ??????? ?? Windows Live

??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????

??????? Windows Live Mesh ActiveX ???

???????? ?????????? Windows Live

@C:\\Program Files (x86)\\Intel\\Intel Control Center\\Uninstaller\\SetupICC.exe,-100

@C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\Uninstall\\Setup.exe,-2018

@C:\\Program Files (x86)\\Intel\\Intel® Processor Graphics\\Uninstall\\Setup.exe,-1166

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Story

AION Free-To-Play

Akamai NetSession Interface

Alcor Micro USB Card Reader

Allods Online 4.0.00.63

ASUS AI Recovery

ASUS LifeFrame3

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

ASUS WebStorage

ASUS_Screensaver

AsusVibe2.0

ATK Package

AVG Security Toolbar

Babylon Chrome Toolbar

Babylon toolbar

Bing Bar

Bookworm Deluxe

Browser Manager

Cisco EAP-FAST Module

Cisco LEAP Module

Cisco PEAP Module

Codecv

Control ActiveX de Windows Live Mesh para conexiones remotas

Contr“le ActiveX Windows Live Mesh pour connexions … distance

Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas

CyberLink LabelPrint

CyberLink Power2Go

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EPSON Scan

EPSON SX420W Series Handboek

EpsonNet Setup 3.2

erLT

Funmoods

Galeria de Fotografias do Windows Live

Galer¡a fotogr fica de Windows Live

Galerie de photos Windows Live

Game Park Console

Google Chrome

Governor of Poker

HiJackThis

Hotel Dash Suite Success

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Junk Mail filter update

Mahjongg dimensions

Mesh Runtime

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Dutch) 2010

Microsoft Office Excel MUI (Dutch) 2010

Microsoft Office Klik-en-Klaar 2010

Microsoft Office OneNote MUI (Dutch) 2010

Microsoft Office Outlook MUI (Dutch) 2010

Microsoft Office PowerPoint MUI (Dutch) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (Dutch) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (German) 2010

Microsoft Office Proofing (Dutch) 2010

Microsoft Office Publisher MUI (Dutch) 2010

Microsoft Office Shared MUI (Dutch) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Dutch) 2010

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MyFreeCodec

NCsoft Launcher

Netwerkhandleiding EPSON SX420W Series

Nuance PDF Reader

Outspark Toolbar

Pando Media Booster

PDF Creator Packages

PriceGong 2.6.11

Raccolta foto di Windows Live

Ralink RT2860 Wireless LAN Card

Realtek High Definition Audio Driver

S?????? f?t???af??? t?? Windows Live

Samsung Kies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)

SkypeT 6.1

St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se??

syncables desktop SE

TeamSpeak 3 Client

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Version Checker for Funmoods

Visual Studio 2008 x64 Redistributables

WEBZEN Browser Extension

Windows Live ???

Windows Live ????

Windows Live Communications Platform

Windows Live Essentials

Windows Live Fotogalerie

Windows Live Installer

Windows Live Mail

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Mesh ActiveX control for remote connections

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

Wireless Console 3

World of Goo

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browser manager deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\browser manager deleted successfully

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"bProtector Start Page"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"bProtectorDefaultScope"=-

==== Deleting Files \ Folders ======================

"C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx" deleted

"C:\Users\robin\AppData\Local\funmoods.crx" deleted

"C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted

"C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted

"C:\user.js" deleted

"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" deleted

"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not deleted

"C:\Program Files (x86)\outsparktb" deleted

"C:\Program Files (x86)\BabylonToolbar" deleted

"C:\Program Files (x86)\Yontoo" deleted

"C:\Program Files (x86)\PriceGong" deleted

"C:\Program Files (x86)\Funmoods" deleted

"C:\Users\robin\AppData\Roaming\Funmoods" deleted

"C:\Users\robin\AppData\Roaming\Babylon" deleted

"C:\Users\robin\AppData\Roaming\BabylonToolbar" deleted

"C:\Windows\SysWow64\searchplugins" deleted

"C:\Windows\SysWow64\Extensions" deleted

"C:\ProgramData\Browser Manager" not deleted

"C:\ProgramData\APN" deleted

"C:\ProgramData\Partner" deleted

"C:\ProgramData\Codecv" deleted

"C:\ProgramData\InstallMate" deleted

"C:\ProgramData\Tarma Installer" deleted

"C:\ProgramData\Premium" deleted

"C:\ProgramData\Babylon" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted

"C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager" deleted

"C:\Users\robin\AppData\LocalLow\BabylonToolbar" deleted

"C:\ProgramData\Browser Manager\2.3.796.11" not deleted

"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}" not deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)

Internet Explorer: 9.0.8112.16421

Memory (RAM): 8099 MB

CPU Info: Intel® Core i7-2670QM CPU @ 2.20GHz

CPU Speed: 2251,2 MHz

Sound Card: Speakers (Realtek High Definiti |

Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | NVIDIA GeForce GT 520M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver

Monitors: 1x; Generic PnP Monitor |

Screen Resolution: 1600 X 900 - 32 bit

Network: Network Present

Network Adapters: 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)

CD / DVD Drives: 1x (G: | ) G: MATSHITADVD-RAM UJ8B0AW

Ports: COM Ports NOT Present. LPT Port NOT Present.

Mouse: 16 Button Wheel Mouse Present

Hard Disks: C: 279,5GB | D: 394,2GB | E: 349,3GB | F: 349,3GB | Q: 0,0MB

Hard Disks - Free: C: 114,3GB | D: 394,1GB | E: 349,2GB | F: 349,2GB | Q: 0,0MB

Manufacturer *: American Megatrends Inc.

BIOS Info: AT/AT COMPATIBLE | 10/06/11 | _ASUS_ - 6222004

Time Zone: West-Europa (standaardtijd)

Motherboard *: ASUSTeK Computer Inc. K73SJ

Sun Java version: niet

Sun Java version: opdracht,

Country: Belgi‰

Language: NLB

==== Files Recently Created / Modified ======================

====== C:\Windows ====

====== C:\Users\robin\AppData\Local\Temp ====

2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe

2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe

2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe

2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe

2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe

2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe

2013-03-17 22:57:48 B9270BA1B0D210F786D2E001A7BB902B 430080 ----a-w- C:\Users\robin\AppData\Local\Temp\swt-win32-3740.dll

====== C:\Windows\SysWOW64 =====

2013-03-18 18:26:31 B5CB3F2022BB0BF733688ABC119009E1 230920 ----a-w- C:\Windows\SysWOW64\EPWZCmnCtrl.dll

2013-03-18 05:46:25 97EDC6088C69DF575377860926EB6181 4702568 ----a-w- C:\Windows\SysWOW64\GameMon.des

2013-03-18 05:46:13 FB820C142B89F3037B8BEE0968B0276B 5174 ----a-w- C:\Windows\SysWOW64\nppt9x.vxd

2013-03-18 05:46:13 9131FE60ADFAB595C8DA53AD6A06AA31 4682 ----a-w- C:\Windows\SysWOW64\npptNT2.sys

2013-03-14 02:02:42 E7E671A2A0159ED8D86CA98DF134BB70 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2013-03-14 02:02:42 60D6B33E77A297AA1B14BF0452C20471 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-03-14 02:02:41 C9A2D460FD5E409C9320B4CE68A81549 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2013-03-14 02:02:40 D0F2CB059B2A89AD5B24FD9EB8D784BE 231936 ----a-w- C:\Windows\SysWOW64\url.dll

2013-03-14 02:02:40 C43AFA13B552BCC4352106193F008229 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-03-14 02:02:40 2A324C44A1B2352EF5F2E1C8984935C0 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2013-03-14 02:02:40 180D098704551DE37C6299AA888D6821 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-03-14 02:02:40 15CF0E37F2B406BDE06CBA4F507B25DE 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-03-14 02:02:39 C798EB903A4FA90D2961E164518090C5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-03-14 02:02:39 03728C624D05C2F157BBD46F6B7F6EA0 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-03-14 02:02:38 73BDB1C0801D44BEA5F6749FD340CC0F 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-03-14 02:02:38 69F42E40A0C4344939437D86A8893DA6 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-03-14 02:02:38 6428A1B56B4F426F35A029231FF0BB1E 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-03-14 02:02:38 1895402C57C32BF8281E8F6C65522253 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-03-14 02:02:37 263963D93A3CA8F685EFA5966F1E6581 12321792 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-03-14 02:02:35 D3EAB9BCB2B92EFCA615781C215644C0 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll

====== C:\Windows\SysWOW64\drivers =====

====== C:\Windows\Sysnative =====

2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe

2013-03-21 17:21:11 0327055BD9661F6BBEA18EBE4E9FDEF3 276 ----a-w- C:\Windows\Sysnative\bootdelete.lst

2013-03-14 02:02:42 E532E71207987BE22BEEE1F1F7E5B371 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2013-03-14 02:02:42 315BD7958BD33C71442A7383BBAD2237 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-03-14 02:02:40 FF1AAEDD4A1A0FC3C5ED66B4EE0B254A 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-03-14 02:02:40 F5F7A06D538619CB3B8081DF766F1D39 237056 ----a-w- C:\Windows\Sysnative\url.dll

2013-03-14 02:02:40 ACFA7C9F9DBAE8143598F23C3DE8934A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-03-14 02:02:40 6BE16F52FAFFCD4BC628C6AE95C0B887 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2013-03-14 02:02:39 FA274190682AA41A46B285208ED46A74 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-03-14 02:02:39 D845B455663AE3B4AEB153D9B2E6A4C3 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-03-14 02:02:39 406533EADD808A7A9B5A022F298C6841 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2013-03-14 02:02:39 0A1BB8FF664EA24C2679B70F731A6F7A 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-03-14 02:02:38 B9996038ABB1664E49DE171AD14DE275 816640 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-03-14 02:02:38 A54A16DAE7497CDCB8C5A021C0F6FEB8 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-03-14 02:02:38 7784649104ED574EC129C3282F54E846 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-03-14 02:02:38 0E92BD6EBE215FA80288AFA7996A622B 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll

2013-03-14 02:02:35 E829C45F0D77852C43BE99C4B1BD215D 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-03-14 02:02:35 460723A080D6F22E56D45BC8C1F15B2A 17815040 ----a-w- C:\Windows\Sysnative\mshtml.dll

====== C:\Windows\Sysnative\drivers =====

2013-03-20 21:05:27 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys

====== C:\Windows\Tasks ======

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-03-21 17:13:56 -------- d-----w- C:\Program Files\HitmanPro

2013-03-18 05:45:50 -------- d-----w- C:\Program Files\Common Files\INCA Shared

======= C:\Program Files (x86) =====

2013-03-21 17:24:18 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-03-18 18:26:31 -------- d-----w- C:\Program Files (x86)\WEBZEN

2013-03-18 02:56:46 -------- d-----w- C:\Program Files (x86)\NCSoft

2013-03-18 00:47:02 -------- d-----w- C:\Program Files (x86)\Smart PC Cleaner

======= C: =====

====== C:\Users\robin\AppData\Roaming ======

2013-03-19 17:20:01 -------- d-----w- C:\users\robin\AppData\Roaming\InstallShield

2013-03-18 17:30:50 -------- d-----w- C:\users\robin\AppData\Local\Aeria Games

2013-03-18 17:18:14 -------- d-----w- C:\users\robin\AppData\Local\Akamai

2013-03-18 00:47:06 -------- d-----w- C:\users\robin\AppData\Local\Programs

2013-03-18 00:16:27 -------- d-----w- C:\users\robin\AppData\Roaming\TuneUp Software

====== C:\Users\robin ======

2013-03-21 17:11:48 -------- d-----w- C:\ProgramData\HitmanPro

2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\Profiles

2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\bin

2013-03-18 18:26:09 -------- d-----w- C:\ProgramData\WEBZEN

2013-03-18 17:29:55 -------- d-----w- C:\ProgramData\Aeria Games

2013-03-18 00:47:14 -------- d-----w- C:\ProgramData\Computer Updater

2013-03-17 22:57:48 -------- d-----w- C:\Users\robin\.swt

====== C: exe-files ==

2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe

2013-03-21 17:13:56 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe

2013-03-21 17:12:58 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64 (1).exe

2013-03-21 17:11:54 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64.exe

2013-03-21 17:11:40 79060AAD779E5650EF8D02616E1769A1 8790920 ----a-w- C:\Users\robin\Downloads\HitmanPro.exe

2013-03-21 16:17:31 EE2E7C607CEA49133781AD5BB8282BA2 10570224 ----a-w- C:\gPotato.eu\Allods Online\bin\Launcher.exe

2013-03-21 16:15:58 95C3FF4918A5A07BE3BE504FA741D724 18117104 ----a-w- C:\gPotato.eu\Allods Online\bin\AOgame.exe

2013-03-21 16:14:37 E0562532FC9C70A57C39C516D30573F1 522208 ----a-w- C:\gPotato.eu\Allods Online\bin\protect.exe

2013-03-21 16:13:13 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\Patches\Patch_AllodsOnline_en_4.0.00.63_4.0.00.67_.patch\SyncVersion.exe

2013-03-19 17:20:25 FC356A72FEAEA5D80F312604651D711F 43304 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe

2013-03-19 17:20:25 E9D4DE46A45E865F3D7FBBC972571531 257024 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NC.Bootstrap.exe

2013-03-19 17:20:25 776C76D2D42CFFA3D4650E99DEDC3EEA 1126400 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\XDelta.exe

2013-03-19 17:20:25 50AE228A68AF39A6B57FA931ACECAB3C 30576 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCAccess.exe

2013-03-19 17:20:25 4F6878FC7BEDCF90D6EB116AAE0AFBE4 3468584 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\_Launcher.exe

2013-03-19 17:20:24 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe

2013-03-19 17:20:24 35FEAD5D5287E6C111BB9C7FD94CDB7E 22008 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\AllowFoldersToBeUpdated.exe

2013-03-19 01:11:50 682643D75B1FD61EA790B7ADE1A2CF46 436072 ----a-w- C:\gPotato.eu\Allods Online\Mods\protect.exe

2013-03-19 01:08:57 F0938B075106C09DCFE116F8533C911F 57344 ----a-w- C:\gPotato.eu\Allods Online\Mods\UITextureConvertEditor.exe

2013-03-19 00:34:42 52EA16D347630022056B5EA438CF6E9B 15902208 ----a-w- C:\Users\robin\Desktop\repair.exe

2013-03-19 00:33:39 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\Users\robin\bin\Launcher.exe

2013-03-19 00:17:03 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\gPotato.eu\Allods Online\Patches\Launcher\Launcher.exe

2013-03-19 00:13:54 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\bin\SyncVersion.exe

2013-03-19 00:13:52 313E12B63831FF30858C1329A4C8BF26 453432 ----a-w- C:\gPotato.eu\Allods Online\bin\AwesomiumProcess.exe

2013-03-19 00:13:08 71419860275321D5BE5D3E2ACE91A6B4 356432 ----a-w- C:\Users\robin\Desktop\4.0.00.63_Installer\Europe\UsingCAB\setup.exe

2013-03-18 23:35:39 6B7BE7519BBB3CE1DF7D462DF25AC056 357072 ----a-w- C:\Users\robin\Downloads\setup.exe

2013-03-18 23:06:21 6B1C3B805DE40EB0BFA9227DA07C98E9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IJ897CX.exe

2013-03-18 23:06:03 07472F9894F154A22A6039A4D146E800 52832 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RJ897CX.exe

2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe

2013-03-18 22:21:52 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader (1).exe

2013-03-18 22:21:23 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader.exe

2013-03-18 22:19:25 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN (1).exe

2013-03-18 22:19:08 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN.exe

2013-03-18 22:10:13 E4D7D418A28217A5600B56D569CC43C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I914ZT9.exe

2013-03-18 22:10:13 B36F01D47BD4EA35A437E9D1A8E56D05 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IG1EVO2.exe

2013-03-18 22:10:13 700C4D09D6279052C61E7B56EE344855 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IYZG0HJ.exe

2013-03-18 22:10:13 5AF0776A89816FB10157CF5B4D976570 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IXHJ992.exe

2013-03-18 22:10:13 4B4AE36B9EEC78977CC7F2B2DB290AC8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I5JNTKE.exe

2013-03-18 22:10:13 2FBEE6078063EDE26D10B152B174326A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IX6BIHB.exe

2013-03-18 22:08:57 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RG1EVO2.exe

2013-03-18 22:01:45 E020A3976D16E1F2A8069594858087C8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQJ7LUT.exe

2013-03-18 22:01:45 AC65A53BB90940109F9766FD86833934 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IZJK9KD.exe

2013-03-18 22:01:45 A475A61BCE820EE9DF95612DA94CAC99 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQCTZSG.exe

2013-03-18 22:01:45 61D92262779C9B93C80FE2EB74C38DD5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IABHSHK.exe

2013-03-18 22:01:45 5990C9386F30B9B8718C51B7506E0FBB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IBTIBUK.exe

2013-03-18 22:01:45 3FA22321062DF55B1FFD6C166F8D7A78 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIGXSNV.exe

2013-03-18 22:01:45 249C75DEE13ECBE399865E82FC32DA49 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I46J528.exe

2013-03-18 22:01:45 0D5EB6EDE52DA1BEB81F858CFC8EAE69 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I07JNGH.exe

2013-03-18 21:28:41 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R5JNTKE.exe

2013-03-18 20:58:13 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RX6BIHB.exe

2013-03-18 20:55:06 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RXHJ992.exe

2013-03-18 20:53:03 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RYZG0HJ.exe

2013-03-18 20:51:30 E53D24956C2F58369A4EB0E6C93BD50C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IFFT6G8.exe

2013-03-18 20:22:05 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R914ZT9.exe

2013-03-18 18:46:24 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RFFT6G8.exe

2013-03-18 18:43:16 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\Users\robin\Downloads\GP_Archlord_120927\ArchLord_Install_Global.exe

2013-03-18 18:26:32 88B0E7B40936A6C2E797F51307C5DC29 382000 ----a-w- C:\ProgramData\WEBZEN\BrowserPlugIns\CMStarterCore.exe

2013-03-18 18:26:31 BC49243557991AC42FCC01B8E3BB05D2 393216 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{95723791-2C44-454B-9220-C65D47D70E9C}\setup.exe

2013-03-18 18:25:36 3AC2E42844457F045A49613335CF8A93 2988376 ----a-w- C:\Users\robin\Downloads\WebzenBrowserExt.exe

2013-03-18 17:18:45 EC36905F2BF48A04478352A904940423 1502532270 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304sfx.exe

2013-03-18 17:18:45 9885ABD427DD3D4365AAB6FD2408C443 3555040 ----a-w- C:\AeriaGames\Downloader\aeria_ignite_install.exe

2013-03-18 17:18:43 D84C7A57E1CF45B6679C96AFDD219301 325936 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304.exe

2013-03-18 17:18:28 BCA477D7BF9EAF28656D4CD00749F7CD 4415736 ----a-w- C:\Users\robin\AppData\Local\Akamai\ControlPanel.exe

2013-03-18 17:18:18 495199CEAF9A4898499489DA7520FCDE 10027032 ----a-w- C:\Users\robin\AppData\Local\Akamai\netsession_installer.exe

2013-03-18 17:18:08 8732D16C1CAFE03844AEEC3C8B0B9EAD 471648 ----a-w- C:\Users\robin\Downloads\shaiya_us_downloader.exe

2013-03-18 16:45:22 22A5EC63B21858CFF6FF1CF24B63361C 750052485 ----a-w- C:\Users\robin\Downloads\AIKA_Setup_20130305.exe

2013-03-18 02:55:46 C0C9753E961614DC9F6C668E11D462BE 6523640 ----a-w- C:\Users\robin\Downloads\NCsoftLauncherSetup.exe

2013-03-18 02:48:06 5EB6B55DD94165E0E2ECBB4DD762B56B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIJN1T8.exe

2013-03-18 02:32:09 FAD9EC5660BBD7C1FD48B2ED8999F582 4517472 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\launcher\-gup-\jadeloadern.exe

2013-03-18 02:30:27 9C696DE81A6C41012248B274085CA5AC 289687 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\patcher\skin\image\patcher\patcher.exe

2013-03-18 01:18:53 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\uninstall.exe

2013-03-18 01:18:04 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\install.exe

2013-03-18 01:09:14 E2934E1222D095642AADD6C0EDF4457F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IC44ON1.exe

2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe

2013-03-18 00:47:02 5C98730B1E4BDBE19D8C5F9D86E74973 214992 ----a-w- C:\Program Files (x86)\Smart PC Cleaner\Startw3i.exe

2013-03-18 00:45:55 3217E030A7AA0ED2B2BAFEAAD4E8A3A0 1649344 ----a-w- C:\Users\robin\Downloads\FinalTorrent2012Setup.exe

2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe

2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe

2013-03-18 00:32:31 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RABHSHK.exe

2013-03-18 00:28:30 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQCTZSG.exe

2013-03-18 00:28:23 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RZJK9KD.exe

2013-03-18 00:26:25 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RBTIBUK.exe

2013-03-18 00:11:13 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R07JNGH.exe

2013-03-18 00:10:27 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RIGXSNV.exe

2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe

2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe

2013-03-17 23:42:23 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQJ7LUT.exe

2013-03-17 22:58:14 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\install.exe

2013-03-17 22:58:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\uninstall.exe

2013-03-17 22:57:10 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R46J528.exe

2013-03-16 11:39:53 609A3D40DE06CDD3A17B4D5D6E7AA279 1502560 ----a-w- C:\Users\robin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.152_chrome_updater.exe

=== C: other files ==

2013-03-19 00:13:54 37C2C5AEDD2F2BA4A076D474B3FD1BFD 3651080 ----a-w- C:\gPotato.eu\Allods Online\data\Mods\Docs\ModdingDocuments.zip

2013-03-18 23:03:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{012D6546-A8C8-45F1-9258-65590D307975}.bat

2013-03-18 17:27:20 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{D752F0DB-4189-41A7-9F1B-0C55298C40F8}.bat

2013-03-18 16:44:29 23C513D4833724C563F7796FC154EE1E 30804 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174429.zip

2013-03-18 16:43:57 444CEFBA2C0D43D46C93995AF24A2FC5 38708 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174357.zip

2013-03-18 16:43:27 B05EF378F602749AA345445827C8D127 33050 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174327.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"

"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"

"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

"NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"

"Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"

"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"

"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"

"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"

"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"

"ASUS Screen Saver Protector"="C:\Windows\AsScrPro.exe"

"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"

"Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"

"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"

"KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"

"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"

"EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"

"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"

"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"

"NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"

"Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="C:\Windows\system32\igfxtray.exe"

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"

"Persistence"="C:\Windows\system32\igfxpers.exe"

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "

"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"

"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

"SynAsusAcpi"="%ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe "

==== Startup Folders ======================

2011-04-13 02:49:43 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

2012-10-20 14:05:57 848 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []

C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS.exe []

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]

bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx[]

cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]

dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[]

ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[18/02/2013 23:13]

niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[]

pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]

cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]

Funmoods - robin - Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

PriceGong - robin - Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok

New Tab - robin - Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj

==== Chrome Fix ======================

C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully

C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

"Tabs"="res://ieframe.dll/tabswelcome.htm"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{35F54DFA-9BA6-A5F8-7509-102794E0C91A} AVG Secure Search Url="https://isearch.avg.com/search?cid={3571B91F-00F3-445F-90B1-23010F2B643F}&mid=060a13a6465a47d1b57f854de0d1e797-9fce1abf496bcc088b96d1054144cc7e07d5cee6〈=nl&ds=AVG&pr=fr&d=2012-08-03"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully

HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully

==== Deleting CLSID Registry Values ======================

==== shortcuts on Users Desktops ======================

C:\Users\robin\Desktop\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\Desktop\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

C:\Users\UpdatusUser\Desktop\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe

C:\Users\Public\Desktop\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe

C:\Users\Public\Desktop\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe

==== shortcuts in Users Start Menu ======================

C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AikaOnline\AikaOnline.lnk - C:\T3fun\AikaOnline\AIKALauncher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online Website.lnk - C:\gPotato.eu\Allods Online\Allods Online.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Register.lnk - C:\gPotato.eu\Allods Online\Register.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Remove Allods Online.lnk - C:\gPotato.eu\Allods Online\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Forsaken World\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyOverride"="<local>"

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"

O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S

O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe

O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s

O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized

O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe

O4 - Global Startup: SetPointII.lnk = ?

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: http://*.aeriagames.com

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\robin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ will be deleted at reboot

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4 will be deleted at reboot

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19 will be deleted at reboot

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738 will be deleted at reboot

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6 will be deleted at reboot

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR will be deleted at reboot

C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\robin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not found

"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

"C:\ProgramData\Browser Manager" not found

"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ" not found

"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4" not found

"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19" not found

"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738" not found

"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6" not found

"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR" not found

Alvast bedankt :D

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Hier kan je lezen hoe je Combofix moet gebruiken.

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: klik hier of hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

hier het logje: Alvast bedankt

ComboFix 13-03-21.01 - robin 21/03/2013 21:56:58.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8098.5978 [GMT 1:00]

Gestart vanuit: c:\users\robin\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\users\robin\AppData\Local\assembly\tmp

c:\users\robin\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll

c:\windows\msvcr71.dll

c:\windows\SysWow64\muzapp.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-21 to 2013-03-21 ))))))))))))))))))))))))))))))

.

.

2013-03-21 19:10 . 2013-03-21 21:03 -------- d-----w- c:\users\robin\AppData\Local\Temp

2013-03-21 19:10 . 2013-03-21 18:59 24064 ----a-w- c:\windows\zoek-delete.exe

2013-03-21 17:24 . 2013-03-21 17:24 388096 ----a-r- c:\users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-03-21 17:24 . 2013-03-21 17:24 -------- d-----w- c:\program files (x86)\Trend Micro

2013-03-21 17:21 . 2013-03-21 17:21 12872 ----a-w- c:\windows\system32\bootdelete.exe

2013-03-21 17:13 . 2013-03-21 17:13 -------- d-----w- c:\program files\HitmanPro

2013-03-21 17:11 . 2013-03-21 17:21 -------- d-----w- c:\programdata\HitmanPro

2013-03-20 21:05 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

2013-03-19 17:20 . 2013-03-19 17:20 -------- d-----w- c:\users\robin\AppData\Roaming\InstallShield

2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\Profiles

2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\bin

2013-03-19 00:13 . 2013-03-19 00:13 -------- d-----w- C:\gPotato.eu

2013-03-18 18:26 . 2013-03-18 18:51 -------- d-----w- c:\program files (x86)\WEBZEN

2013-03-18 18:26 . 2012-03-27 18:13 230920 ----a-w- c:\windows\SysWow64\EPWZCmnCtrl.dll

2013-03-18 18:26 . 2013-03-18 18:26 -------- d-----w- c:\programdata\WEBZEN

2013-03-18 17:30 . 2013-03-18 17:30 -------- d-----w- c:\users\robin\AppData\Local\Aeria Games

2013-03-18 17:29 . 2013-03-18 17:29 -------- d-----w- c:\programdata\Aeria Games

2013-03-18 17:27 . 2013-03-18 23:03 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin

2013-03-18 17:18 . 2013-03-18 17:18 -------- d-----w- c:\users\robin\AppData\Local\Akamai

2013-03-18 17:18 . 2013-03-18 17:27 -------- d-----w- C:\AeriaGames

2013-03-18 16:49 . 2013-03-18 16:49 -------- d-----w- C:\T3fun

2013-03-18 05:46 . 2012-10-24 17:16 4702568 ----a-w- c:\windows\SysWow64\GameMon.des

2013-03-18 05:46 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys

2013-03-18 05:46 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd

2013-03-18 05:45 . 2013-03-18 05:45 -------- d-----w- c:\program files\Common Files\INCA Shared

2013-03-18 02:57 . 2013-03-21 21:01 -------- d-----w- c:\users\robin\AppData\Local\assembly

2013-03-18 02:56 . 2013-03-19 17:20 -------- d-----w- c:\program files (x86)\NCSoft

2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\programdata\Computer Updater

2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\users\robin\AppData\Local\Programs

2013-03-18 00:47 . 2013-03-18 01:03 -------- d-----w- c:\program files (x86)\Smart PC Cleaner

2013-03-18 00:16 . 2013-03-18 00:16 -------- d-----w- c:\users\robin\AppData\Roaming\TuneUp Software

2013-03-17 22:57 . 2013-03-17 22:57 -------- d-----w- c:\users\robin\.swt

2013-02-28 01:41 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-21 21:03 . 2012-01-04 12:32 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe

2013-03-14 02:04 . 2012-12-26 21:57 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-02-18 22:13 . 2012-08-03 20:21 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-02-12 05:45 . 2013-03-13 22:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 22:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 22:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 22:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 22:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 22:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-31 16:29 . 2013-01-31 16:29 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx

2013-01-31 16:29 . 2013-01-31 16:29 421888 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx

2013-01-31 16:29 . 2013-01-31 16:29 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx

2013-01-05 05:53 . 2013-02-16 17:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-01-05 05:00 . 2013-02-16 17:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-01-05 05:00 . 2013-02-16 17:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-01-04 05:46 . 2013-02-16 17:21 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-01-04 04:51 . 2013-02-16 17:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-01-04 04:43 . 2013-02-16 17:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-01-04 03:26 . 2013-02-16 17:21 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-01-04 02:47 . 2013-02-16 17:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-01-04 02:47 . 2013-02-16 17:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-01-04 02:47 . 2013-02-16 17:21 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-01-04 02:47 . 2013-02-16 17:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-01-03 06:00 . 2013-02-16 17:21 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-01-03 06:00 . 2013-02-16 17:21 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]

"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-17 3093624]

"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2013-03-19 43304]

"Akamai NetSession Interface"="c:\users\robin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]

"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]

"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]

"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-11-23 3058304]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]

SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]

R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]

R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]

R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]

R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-04 25960]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]

S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job

- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]

.

2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job

- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"

[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{64174815-8D98-4CE6-8646-4C039977D808}"

[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]

2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 416024]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]

"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]

"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

Trusted Zone: aeriagames.com

TCP: DhcpNameServer = 192.168.1.1 195.130.131.4 195.130.130.132

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr

AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe

AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe

AddRemove-outsparktb - c:\program files (x86)\outsparktb\uninstall.exe

AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe

AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe

AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe

AddRemove-Funmoods - c:\users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\ASUS\Splendid\ACMON.exe

c:\windows\SysWOW64\ACEngSvr.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

.

**************************************************************************

.

Voltooingstijd: 2013-03-21 22:07:53 - machine werd herstart

ComboFix-quarantined-files.txt 2013-03-21 21:07

.

Pre-Run: 141.664.661.504 bytes beschikbaar

Post-Run: 141.072.855.040 bytes beschikbaar

.

- - End Of File - - 9D15F91023430192AFD3B1B36D98FF22

Link naar reactie
Delen op andere sites

Moet ik hitman nog eens laten scannen? ik heb er in ieder geval niets meer van gehoord :) en windows verkenner crasht nog steeds... er komt meestal een explorer foutmelding op die het volgende zegt:

explorer.exe-toepassingsfout

De instructie op 0X800051da verwijst naar geheugen op 0X026b8000. Een lees- of schrijfbewerking op het geheugen mislukt: written.

Klik op OK als u het programma wilt beëindigen.

Ik weet niet of dit hier iets mee te maken heeft , ik laat het maar gewoon weten

Mvg Robin

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.