robij

ok als er nog problemen optreden horen jullie het wel Enorm bedant voor de hulp allemaal... jullie zijn top!! Mvg Robin

jha hij heeft er ondertussen al meer dan 100 gedaan Ben ze allemaal aan het installeren nu ... Mvg

ok dat is goed voor mij dan en het probleem met windows verkenner is tot nu toe nog opgelost... moet ik service packs downloaden eigenlijk?...Ik heb nu service pack 1, ik weet niet of er meerdere zijn? Mvg

jha dit is voor mij niet echt een probleem... er stonden geen belangrijke bestanden op mijn pc en de software die ik nodig heb staat er al terug op... Er is geen permanente schade ofzo? Mvg

wat zijn de gevolgen dan precies? En jha ik zal volgende keer minder snel zijn... ik dacht niet dat er nog andere gevolgen waren dan alle bestanden die weg zijn. Hij is tot zover nog niet gecrasht.. dat is al een goed teken Mvg Robin

Ok ik heb mijn pc terug gebracht naar fabrieksinstellingen... ik weet niet goed wat de gevolgen hiervan zijn... maar er stond tog al enorm veel rotzooi op dat eraf moest dusjha... ik zal even afwachten of hij nog crasht, ik heb de laatste rode ook verwijderd... je zal nog van me horen Mvg Robin

Dus ik moet eigenlijk gewoon fabrieksinstellingen terug halen?... mvg

yup asus ... mvg

Wel , hij crasht meestal als ik de pc opstart , als ik eender wat open vanuit Mijn bibliotheek, dus documenten, afbeeldingen, downloads... bij wat hij precies crasht weet ik niet. Mvg - - - Updated - - - Ik denkt dat het meestal onder afbeeldingen crasht...

het bestaat nog steeds vrees ik... dus er zal waarschijnlijk iets beschadigd zijn, maar hoe kom ik erachter welke foto/document dit is? Mvg Robin

Ik begrijp dit gedeelte niet zo goed: "Navigeer nu naar de mappen met de afbeeldingen en kijk of u het probleem kunt reproduceren en of het wellicht al is opgelost. Als Windows Verkenner wederom niet meer werkt, bevat de map die u bekeek mogelijk nog meer afbeeldingsbestanden die zijn beschadigd of die beschadigde miniatuurgegevens bevatten." de rest is gebeurd, mvg Robin

Bij mijn weten heb ik dat niet geinstalleerd nee, bij zoeken vind ik het ook niet dus ik neem aan dat ik Div X niet heb. Mvg

Ok de updates zijn gebeurd , maar Windows Verkenner crasht nog steeds... Mvg en alvast bedankt

waar doe ik dit?

Nee , hij crasht nog steeds , ook meestal bij het opstarten. Mvg

hier is het logje: Mvg Robin Farbar Service Scanner Version: 03-03-2013 Ran by robin (administrator) on 23-03-2013 at 13:26:47 Running from "C:\Users\robin\Downloads" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

Ik heb het programma laten scannen , hier is het logje , voor de moment is het nog niet gecrasht. Mvg Robin Starting Repairs... Start (22/03/2013 18:30:18) Reset File Permissions 01/20 C:\$AVG & Sub Folders Start (22/03/2013 18:30:18) Running Repair Under System Account Done (22/03/2013 18:30:20) Reset File Permissions 02/20 C:\AeriaGames & Sub Folders Start (22/03/2013 18:30:20) Running Repair Under System Account Done (22/03/2013 18:30:23) Reset File Permissions 03/20 C:\AsusVibeData & Sub Folders Start (22/03/2013 18:30:23) Running Repair Under System Account Done (22/03/2013 18:30:25) Reset File Permissions 04/20 C:\Boot & Sub Folders Start (22/03/2013 18:30:26) Running Repair Under System Account Done (22/03/2013 18:30:28) Reset File Permissions 05/20 C:\codec-info & Sub Folders Start (22/03/2013 18:30:28) Running Repair Under System Account Done (22/03/2013 18:30:31) Reset File Permissions 06/20 C:\Config.Msi & Sub Folders Start (22/03/2013 18:30:31) Running Repair Under System Account Done (22/03/2013 18:30:33) Reset File Permissions 07/20 C:\eSupport & Sub Folders Start (22/03/2013 18:30:33) Running Repair Under System Account Done (22/03/2013 18:30:48) Reset File Permissions 08/20 C:\gPotato.eu & Sub Folders Start (22/03/2013 18:30:48) Running Repair Under System Account Done (22/03/2013 18:30:50) Reset File Permissions 09/20 C:\Intel & Sub Folders Start (22/03/2013 18:30:50) Running Repair Under System Account Done (22/03/2013 18:30:53) Reset File Permissions 10/20 C:\MSOCache & Sub Folders Start (22/03/2013 18:30:53) Running Repair Under System Account Done (22/03/2013 18:30:55) Reset File Permissions 11/20 C:\Perfect World Entertainment & Sub Folders Start (22/03/2013 18:30:55) Running Repair Under System Account Done (22/03/2013 18:30:58) Reset File Permissions 12/20 C:\PerfLogs & Sub Folders Start (22/03/2013 18:30:58) Running Repair Under System Account Done (22/03/2013 18:31:00) Reset File Permissions 13/20 C:\Program Files & Sub Folders Start (22/03/2013 18:31:00) Running Repair Under System Account Done (22/03/2013 18:31:13) Reset File Permissions 14/20 C:\Program Files (x86) & Sub Folders Start (22/03/2013 18:31:13) Running Repair Under System Account Done (22/03/2013 18:32:13) Reset File Permissions 15/20 C:\ProgramData & Sub Folders Start (22/03/2013 18:32:13) Running Repair Under System Account Done (22/03/2013 18:32:38) Reset File Permissions 16/20 C:\Qoobox & Sub Folders Start (22/03/2013 18:32:38) Running Repair Under System Account Done (22/03/2013 18:32:41) Reset File Permissions 17/20 C:\Recovery & Sub Folders Start (22/03/2013 18:32:41) Running Repair Under System Account Done (22/03/2013 18:32:44) Reset File Permissions 18/20 C:\T3fun & Sub Folders Start (22/03/2013 18:32:44) Running Repair Under System Account Done (22/03/2013 18:32:46) Reset File Permissions 19/20 C:\temp & Sub Folders Start (22/03/2013 18:32:46) Running Repair Under System Account Done (22/03/2013 18:32:49) Reset File Permissions 20/20 C:\Windows & Sub Folders Start (22/03/2013 18:32:49) Running Repair Under System Account Done (22/03/2013 18:42:19) Reset File Permissions: Cleanup & Sub Folders Start (22/03/2013 18:42:19) Running Repair Under System Account Done (22/03/2013 18:42:22) Register System Files Start (22/03/2013 18:42:22) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:42:51) Repair WMI Start (22/03/2013 18:42:51) Running Repair Under Current User Account Ongeldige schakeloptie voor Global. Ongeldige schakeloptie voor Global. Running Repair Under System Account Ongeldige schakeloptie voor Global. Ongeldige schakeloptie voor Global. Done (22/03/2013 18:44:10) Repair Windows Firewall Start (22/03/2013 18:44:10) Running Repair Under Current User Account De Internet Connection Sharing (ICS)-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. Kan de Internet Connection Sharing (ICS)-service niet starten. De service heeft geen fout gemeld. Typ NET HELPMSG 3534 voor meer hulp. Running Repair Under System Account De Internet Connection Sharing (ICS)-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. Kan de Internet Connection Sharing (ICS)-service niet starten. De service heeft geen fout gemeld. Typ NET HELPMSG 3534 voor meer hulp. Done (22/03/2013 18:44:41) Repair Internet Explorer Start (22/03/2013 18:44:41) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:44:50) Repair MDAC/MS Jet Start (22/03/2013 18:44:50) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:44:57) Remove Policies Set By Infections Start (22/03/2013 18:44:57) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:45:02) Repair Winsock & DNS Cache Start (22/03/2013 18:45:02) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:45:15) Repair Proxy Settings Start (22/03/2013 18:45:15) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:45:19) Unhide Non System Files Start (22/03/2013 18:45:19) C:\ - Total Files Unhidden: 479 D:\ - Total Files Unhidden: 0 E:\ - Total Files Unhidden: 0 F:\ - Total Files Unhidden: 0 Q:\ - Total Files Unhidden: 0 Done (22/03/2013 18:46:00) Repair Windows Updates Start (22/03/2013 18:46:00) Running Repair Under Current User Account De Background Intelligent Transfer Service-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. De Windows Update-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. Het systeem kan het opgegeven bestand niet vinden. Running Repair Under System Account De Cryptographic Services-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. De Background Intelligent Transfer Service-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. De Windows Update-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. Het systeem kan het opgegeven bestand niet vinden. Done (22/03/2013 18:46:11) Repair Volume Shadow Copy Service Start (22/03/2013 18:46:11) Running Repair Under Current User Account De Volume Shadow Copy-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. De Microsoft Software Shadow Copy Provider-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. Running Repair Under System Account De Volume Shadow Copy-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. De Microsoft Software Shadow Copy Provider-service is niet gestart. Typ NET HELPMSG 3521 voor meer hulp. Done (22/03/2013 18:46:16) Repair MSI (Windows Installer) Start (22/03/2013 18:46:16) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:46:25) Repair Windows Safe Mode Start (22/03/2013 18:46:25) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:46:29) Repair Print Spooler Start (22/03/2013 18:46:29) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:46:42) Restore Important Windows Services Start (22/03/2013 18:46:42) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:46:47) Set Windows Services To Default Startup Start (22/03/2013 18:46:47) Running Repair Under Current User Account Running Repair Under System Account Done (22/03/2013 18:46:52) Cleaning up empty logs... All Selected Repairs Done. Done (22/03/2013 18:46:52) Total Repair Time: 00:16:34 ...YOU MUST RESTART YOUR SYSTEM... Running Repair Under System Account - - - Updated - - - ok hij is net terug gecrasht... probleem dus nog niet opgelost... Mvg

jha dat had ik ook al door... weet je iets dat misschien zou kunnen helpen?

Moet ik hitman nog eens laten scannen? ik heb er in ieder geval niets meer van gehoord en windows verkenner crasht nog steeds... er komt meestal een explorer foutmelding op die het volgende zegt: explorer.exe-toepassingsfout De instructie op 0X800051da verwijst naar geheugen op 0X026b8000. Een lees- of schrijfbewerking op het geheugen mislukt: written. Klik op OK als u het programma wilt beëindigen. Ik weet niet of dit hier iets mee te maken heeft , ik laat het maar gewoon weten Mvg Robin

hier het logje: Alvast bedankt ComboFix 13-03-21.01 - robin 21/03/2013 21:56:58.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8098.5978 [GMT 1:00] Gestart vanuit: c:\users\robin\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\robin\AppData\Local\assembly\tmp c:\users\robin\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll c:\windows\msvcr71.dll c:\windows\SysWow64\muzapp.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-02-21 to 2013-03-21 )))))))))))))))))))))))))))))) . . 2013-03-21 19:10 . 2013-03-21 21:03 -------- d-----w- c:\users\robin\AppData\Local\Temp 2013-03-21 19:10 . 2013-03-21 18:59 24064 ----a-w- c:\windows\zoek-delete.exe 2013-03-21 17:24 . 2013-03-21 17:24 388096 ----a-r- c:\users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-21 17:24 . 2013-03-21 17:24 -------- d-----w- c:\program files (x86)\Trend Micro 2013-03-21 17:21 . 2013-03-21 17:21 12872 ----a-w- c:\windows\system32\bootdelete.exe 2013-03-21 17:13 . 2013-03-21 17:13 -------- d-----w- c:\program files\HitmanPro 2013-03-21 17:11 . 2013-03-21 17:21 -------- d-----w- c:\programdata\HitmanPro 2013-03-20 21:05 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-19 17:20 . 2013-03-19 17:20 -------- d-----w- c:\users\robin\AppData\Roaming\InstallShield 2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\Profiles 2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\bin 2013-03-19 00:13 . 2013-03-19 00:13 -------- d-----w- C:\gPotato.eu 2013-03-18 18:26 . 2013-03-18 18:51 -------- d-----w- c:\program files (x86)\WEBZEN 2013-03-18 18:26 . 2012-03-27 18:13 230920 ----a-w- c:\windows\SysWow64\EPWZCmnCtrl.dll 2013-03-18 18:26 . 2013-03-18 18:26 -------- d-----w- c:\programdata\WEBZEN 2013-03-18 17:30 . 2013-03-18 17:30 -------- d-----w- c:\users\robin\AppData\Local\Aeria Games 2013-03-18 17:29 . 2013-03-18 17:29 -------- d-----w- c:\programdata\Aeria Games 2013-03-18 17:27 . 2013-03-18 23:03 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2013-03-18 17:18 . 2013-03-18 17:18 -------- d-----w- c:\users\robin\AppData\Local\Akamai 2013-03-18 17:18 . 2013-03-18 17:27 -------- d-----w- C:\AeriaGames 2013-03-18 16:49 . 2013-03-18 16:49 -------- d-----w- C:\T3fun 2013-03-18 05:46 . 2012-10-24 17:16 4702568 ----a-w- c:\windows\SysWow64\GameMon.des 2013-03-18 05:46 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys 2013-03-18 05:46 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd 2013-03-18 05:45 . 2013-03-18 05:45 -------- d-----w- c:\program files\Common Files\INCA Shared 2013-03-18 02:57 . 2013-03-21 21:01 -------- d-----w- c:\users\robin\AppData\Local\assembly 2013-03-18 02:56 . 2013-03-19 17:20 -------- d-----w- c:\program files (x86)\NCSoft 2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\programdata\Computer Updater 2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\users\robin\AppData\Local\Programs 2013-03-18 00:47 . 2013-03-18 01:03 -------- d-----w- c:\program files (x86)\Smart PC Cleaner 2013-03-18 00:16 . 2013-03-18 00:16 -------- d-----w- c:\users\robin\AppData\Roaming\TuneUp Software 2013-03-17 22:57 . 2013-03-17 22:57 -------- d-----w- c:\users\robin\.swt 2013-02-28 01:41 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-21 21:03 . 2012-01-04 12:32 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe 2013-03-14 02:04 . 2012-12-26 21:57 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-02-18 22:13 . 2012-08-03 20:21 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-02-12 05:45 . 2013-03-13 22:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 22:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45 . 2013-03-13 22:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 22:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48 . 2013-03-13 22:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 22:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-31 16:29 . 2013-01-31 16:29 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx 2013-01-31 16:29 . 2013-01-31 16:29 421888 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx 2013-01-31 16:29 . 2013-01-31 16:29 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx 2013-01-05 05:53 . 2013-02-16 17:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-01-05 05:00 . 2013-02-16 17:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-01-05 05:00 . 2013-02-16 17:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-01-04 05:46 . 2013-02-16 17:21 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-01-04 04:51 . 2013-02-16 17:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-01-04 04:43 . 2013-02-16 17:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-01-04 03:26 . 2013-02-16 17:21 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-01-04 02:47 . 2013-02-16 17:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-01-04 02:47 . 2013-02-16 17:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-01-04 02:47 . 2013-02-16 17:21 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-01-04 02:47 . 2013-02-16 17:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-01-03 06:00 . 2013-02-16 17:21 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-01-03 06:00 . 2013-02-16 17:21 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480] "KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-17 3093624] "NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2013-03-19 43304] "Akamai NetSession Interface"="c:\users\robin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992] "ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032] "ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360] "UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-11-23 3058304] "CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528] SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536] R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736] R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088] R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-04 25960] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768] S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . Inhoud van de 'Gedeelde Taken' map . 2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job - c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02] . 2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job - c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 416024] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 Trusted Zone: aeriagames.com TCP: DhcpNameServer = 192.168.1.1 195.130.131.4 195.130.130.132 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-PlayNC Launcher - (no file) Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe AddRemove-outsparktb - c:\program files (x86)\outsparktb\uninstall.exe AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe AddRemove-Funmoods - c:\users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\ASUS\Splendid\ACMON.exe c:\windows\SysWOW64\ACEngSvr.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe . ************************************************************************** . Voltooingstijd: 2013-03-21 22:07:53 - machine werd herstart ComboFix-quarantined-files.txt 2013-03-21 21:07 . Pre-Run: 141.664.661.504 bytes beschikbaar Post-Run: 141.072.855.040 bytes beschikbaar . - - End Of File - - 9D15F91023430192AFD3B1B36D98FF22

Het duurde al iets langer maar hij valt nog steeds uit.... hij moest ook al minder keer opnieuw opstarten voor het terug werkte... Mvg

Ik heb gedaan wat u zei , hier is het logje: Zoek.exe Version 4.0.0.2 Updated 20-03-2013 Tool run by robin on do 21/03/2013 at 19:59:51,13. Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64 Running in: Normal Mode Internet Access Detected ==== Running Processes ====================== C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\winlogon.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files\P4G\BatteryLife.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\syncables\syncables desktop\syncables.exe C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe C:\Program Files\Logitech\SetPoint II\SetPointII.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\explorer.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\Desktop\zoek.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully ==== Installed Programs ====================== ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? ???? ??? Windows Live ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? ??????? Windows Live Mesh ActiveX ??? ???????? ?????????? Windows Live @C:\\Program Files (x86)\\Intel\\Intel Control Center\\Uninstaller\\SetupICC.exe,-100 @C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\Uninstall\\Setup.exe,-2018 @C:\\Program Files (x86)\\Intel\\Intel® Processor Graphics\\Uninstall\\Setup.exe,-1166 Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Story AION Free-To-Play Akamai NetSession Interface Alcor Micro USB Card Reader Allods Online 4.0.00.63 ASUS AI Recovery ASUS LifeFrame3 ASUS SmartLogon ASUS Splendid Video Enhancement Technology ASUS Virtual Camera ASUS WebStorage ASUS_Screensaver AsusVibe2.0 ATK Package AVG Security Toolbar Babylon Chrome Toolbar Babylon toolbar Bing Bar Bookworm Deluxe Browser Manager Cisco EAP-FAST Module Cisco LEAP Module Cisco PEAP Module Codecv Control ActiveX de Windows Live Mesh para conexiones remotas Contr“le ActiveX Windows Live Mesh pour connexions … distance Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas CyberLink LabelPrint CyberLink Power2Go D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition EPSON Scan EPSON SX420W Series Handboek EpsonNet Setup 3.2 erLT Funmoods Galeria de Fotografias do Windows Live Galer¡a fotogr fica de Windows Live Galerie de photos Windows Live Game Park Console Google Chrome Governor of Poker HiJackThis Hotel Dash Suite Success Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Junk Mail filter update Mahjongg dimensions Mesh Runtime Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (Dutch) 2010 Microsoft Office Excel MUI (Dutch) 2010 Microsoft Office Klik-en-Klaar 2010 Microsoft Office OneNote MUI (Dutch) 2010 Microsoft Office Outlook MUI (Dutch) 2010 Microsoft Office PowerPoint MUI (Dutch) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (Dutch) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proofing (Dutch) 2010 Microsoft Office Publisher MUI (Dutch) 2010 Microsoft Office Shared MUI (Dutch) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (Dutch) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MSVCRT MSVCRT Redists MSVCRT_amd64 MyFreeCodec NCsoft Launcher Netwerkhandleiding EPSON SX420W Series Nuance PDF Reader Outspark Toolbar Pando Media Booster PDF Creator Packages PriceGong 2.6.11 Raccolta foto di Windows Live Ralink RT2860 Wireless LAN Card Realtek High Definition Audio Driver S?????? f?t???af??? t?? Windows Live Samsung Kies Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870) SkypeT 6.1 St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se?? syncables desktop SE TeamSpeak 3 Client Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Version Checker for Funmoods Visual Studio 2008 x64 Redistributables WEBZEN Browser Extension Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotogalerie Windows Live Installer Windows Live Mail Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinFlash Wireless Console 3 World of Goo ==== Deleting Services ====================== HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browser manager deleted successfully HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\browser manager deleted successfully ==== Registry Fix Code ====================== Windows Registry Editor Version 5.00 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "bProtector Start Page"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "bProtectorDefaultScope"=- ==== Deleting Files \ Folders ====================== "C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx" deleted "C:\Users\robin\AppData\Local\funmoods.crx" deleted "C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted "C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted "C:\user.js" deleted "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" deleted "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not deleted "C:\Program Files (x86)\outsparktb" deleted "C:\Program Files (x86)\BabylonToolbar" deleted "C:\Program Files (x86)\Yontoo" deleted "C:\Program Files (x86)\PriceGong" deleted "C:\Program Files (x86)\Funmoods" deleted "C:\Users\robin\AppData\Roaming\Funmoods" deleted "C:\Users\robin\AppData\Roaming\Babylon" deleted "C:\Users\robin\AppData\Roaming\BabylonToolbar" deleted "C:\Windows\SysWow64\searchplugins" deleted "C:\Windows\SysWow64\Extensions" deleted "C:\ProgramData\Browser Manager" not deleted "C:\ProgramData\APN" deleted "C:\ProgramData\Partner" deleted "C:\ProgramData\Codecv" deleted "C:\ProgramData\InstallMate" deleted "C:\ProgramData\Tarma Installer" deleted "C:\ProgramData\Premium" deleted "C:\ProgramData\Babylon" deleted "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted "C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager" deleted "C:\Users\robin\AppData\LocalLow\BabylonToolbar" deleted "C:\ProgramData\Browser Manager\2.3.796.11" not deleted "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}" not deleted ==== System Specs ====================== Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601) Internet Explorer: 9.0.8112.16421 Memory (RAM): 8099 MB CPU Info: Intel® Core i7-2670QM CPU @ 2.20GHz CPU Speed: 2251,2 MHz Sound Card: Speakers (Realtek High Definiti | Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | NVIDIA GeForce GT 520M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver Monitors: 1x; Generic PnP Monitor | Screen Resolution: 1600 X 900 - 32 bit Network: Network Present Network Adapters: 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) CD / DVD Drives: 1x (G: | ) G: MATSHITADVD-RAM UJ8B0AW Ports: COM Ports NOT Present. LPT Port NOT Present. Mouse: 16 Button Wheel Mouse Present Hard Disks: C: 279,5GB | D: 394,2GB | E: 349,3GB | F: 349,3GB | Q: 0,0MB Hard Disks - Free: C: 114,3GB | D: 394,1GB | E: 349,2GB | F: 349,2GB | Q: 0,0MB Manufacturer *: American Megatrends Inc. BIOS Info: AT/AT COMPATIBLE | 10/06/11 | _ASUS_ - 6222004 Time Zone: West-Europa (standaardtijd) Motherboard *: ASUSTeK Computer Inc. K73SJ Sun Java version: niet Sun Java version: opdracht, Country: Belgi‰ Language: NLB ==== Files Recently Created / Modified ====================== ====== C:\Windows ==== ====== C:\Users\robin\AppData\Local\Temp ==== 2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe 2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe 2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe 2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe 2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe 2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe 2013-03-17 22:57:48 B9270BA1B0D210F786D2E001A7BB902B 430080 ----a-w- C:\Users\robin\AppData\Local\Temp\swt-win32-3740.dll ====== C:\Windows\SysWOW64 ===== 2013-03-18 18:26:31 B5CB3F2022BB0BF733688ABC119009E1 230920 ----a-w- C:\Windows\SysWOW64\EPWZCmnCtrl.dll 2013-03-18 05:46:25 97EDC6088C69DF575377860926EB6181 4702568 ----a-w- C:\Windows\SysWOW64\GameMon.des 2013-03-18 05:46:13 FB820C142B89F3037B8BEE0968B0276B 5174 ----a-w- C:\Windows\SysWOW64\nppt9x.vxd 2013-03-18 05:46:13 9131FE60ADFAB595C8DA53AD6A06AA31 4682 ----a-w- C:\Windows\SysWOW64\npptNT2.sys 2013-03-14 02:02:42 E7E671A2A0159ED8D86CA98DF134BB70 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll 2013-03-14 02:02:42 60D6B33E77A297AA1B14BF0452C20471 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb 2013-03-14 02:02:41 C9A2D460FD5E409C9320B4CE68A81549 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll 2013-03-14 02:02:40 D0F2CB059B2A89AD5B24FD9EB8D784BE 231936 ----a-w- C:\Windows\SysWOW64\url.dll 2013-03-14 02:02:40 C43AFA13B552BCC4352106193F008229 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe 2013-03-14 02:02:40 2A324C44A1B2352EF5F2E1C8984935C0 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl 2013-03-14 02:02:40 180D098704551DE37C6299AA888D6821 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll 2013-03-14 02:02:40 15CF0E37F2B406BDE06CBA4F507B25DE 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll 2013-03-14 02:02:39 C798EB903A4FA90D2961E164518090C5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll 2013-03-14 02:02:39 03728C624D05C2F157BBD46F6B7F6EA0 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll 2013-03-14 02:02:38 73BDB1C0801D44BEA5F6749FD340CC0F 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll 2013-03-14 02:02:38 69F42E40A0C4344939437D86A8893DA6 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll 2013-03-14 02:02:38 6428A1B56B4F426F35A029231FF0BB1E 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll 2013-03-14 02:02:38 1895402C57C32BF8281E8F6C65522253 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll 2013-03-14 02:02:37 263963D93A3CA8F685EFA5966F1E6581 12321792 ----a-w- C:\Windows\SysWOW64\mshtml.dll 2013-03-14 02:02:35 D3EAB9BCB2B92EFCA615781C215644C0 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll ====== C:\Windows\SysWOW64\drivers ===== ====== C:\Windows\Sysnative ===== 2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe 2013-03-21 17:21:11 0327055BD9661F6BBEA18EBE4E9FDEF3 276 ----a-w- C:\Windows\Sysnative\bootdelete.lst 2013-03-14 02:02:42 E532E71207987BE22BEEE1F1F7E5B371 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll 2013-03-14 02:02:42 315BD7958BD33C71442A7383BBAD2237 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb 2013-03-14 02:02:40 FF1AAEDD4A1A0FC3C5ED66B4EE0B254A 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll 2013-03-14 02:02:40 F5F7A06D538619CB3B8081DF766F1D39 237056 ----a-w- C:\Windows\Sysnative\url.dll 2013-03-14 02:02:40 ACFA7C9F9DBAE8143598F23C3DE8934A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll 2013-03-14 02:02:40 6BE16F52FAFFCD4BC628C6AE95C0B887 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe 2013-03-14 02:02:39 FA274190682AA41A46B285208ED46A74 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll 2013-03-14 02:02:39 D845B455663AE3B4AEB153D9B2E6A4C3 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll 2013-03-14 02:02:39 406533EADD808A7A9B5A022F298C6841 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl 2013-03-14 02:02:39 0A1BB8FF664EA24C2679B70F731A6F7A 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll 2013-03-14 02:02:38 B9996038ABB1664E49DE171AD14DE275 816640 ----a-w- C:\Windows\Sysnative\jscript.dll 2013-03-14 02:02:38 A54A16DAE7497CDCB8C5A021C0F6FEB8 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll 2013-03-14 02:02:38 7784649104ED574EC129C3282F54E846 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll 2013-03-14 02:02:38 0E92BD6EBE215FA80288AFA7996A622B 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll 2013-03-14 02:02:35 E829C45F0D77852C43BE99C4B1BD215D 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll 2013-03-14 02:02:35 460723A080D6F22E56D45BC8C1F15B2A 17815040 ----a-w- C:\Windows\Sysnative\mshtml.dll ====== C:\Windows\Sysnative\drivers ===== 2013-03-20 21:05:27 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys ====== C:\Windows\Tasks ====== ====== C:\Windows\Temp ====== ======= C:\Program Files ===== 2013-03-21 17:13:56 -------- d-----w- C:\Program Files\HitmanPro 2013-03-18 05:45:50 -------- d-----w- C:\Program Files\Common Files\INCA Shared ======= C:\Program Files (x86) ===== 2013-03-21 17:24:18 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-03-18 18:26:31 -------- d-----w- C:\Program Files (x86)\WEBZEN 2013-03-18 02:56:46 -------- d-----w- C:\Program Files (x86)\NCSoft 2013-03-18 00:47:02 -------- d-----w- C:\Program Files (x86)\Smart PC Cleaner ======= C: ===== ====== C:\Users\robin\AppData\Roaming ====== 2013-03-19 17:20:01 -------- d-----w- C:\users\robin\AppData\Roaming\InstallShield 2013-03-18 17:30:50 -------- d-----w- C:\users\robin\AppData\Local\Aeria Games 2013-03-18 17:18:14 -------- d-----w- C:\users\robin\AppData\Local\Akamai 2013-03-18 00:47:06 -------- d-----w- C:\users\robin\AppData\Local\Programs 2013-03-18 00:16:27 -------- d-----w- C:\users\robin\AppData\Roaming\TuneUp Software ====== C:\Users\robin ====== 2013-03-21 17:11:48 -------- d-----w- C:\ProgramData\HitmanPro 2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\Profiles 2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\bin 2013-03-18 18:26:09 -------- d-----w- C:\ProgramData\WEBZEN 2013-03-18 17:29:55 -------- d-----w- C:\ProgramData\Aeria Games 2013-03-18 00:47:14 -------- d-----w- C:\ProgramData\Computer Updater 2013-03-17 22:57:48 -------- d-----w- C:\Users\robin\.swt ====== C: exe-files == 2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2013-03-21 17:13:56 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe 2013-03-21 17:12:58 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64 (1).exe 2013-03-21 17:11:54 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64.exe 2013-03-21 17:11:40 79060AAD779E5650EF8D02616E1769A1 8790920 ----a-w- C:\Users\robin\Downloads\HitmanPro.exe 2013-03-21 16:17:31 EE2E7C607CEA49133781AD5BB8282BA2 10570224 ----a-w- C:\gPotato.eu\Allods Online\bin\Launcher.exe 2013-03-21 16:15:58 95C3FF4918A5A07BE3BE504FA741D724 18117104 ----a-w- C:\gPotato.eu\Allods Online\bin\AOgame.exe 2013-03-21 16:14:37 E0562532FC9C70A57C39C516D30573F1 522208 ----a-w- C:\gPotato.eu\Allods Online\bin\protect.exe 2013-03-21 16:13:13 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\Patches\Patch_AllodsOnline_en_4.0.00.63_4.0.00.67_.patch\SyncVersion.exe 2013-03-19 17:20:25 FC356A72FEAEA5D80F312604651D711F 43304 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe 2013-03-19 17:20:25 E9D4DE46A45E865F3D7FBBC972571531 257024 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NC.Bootstrap.exe 2013-03-19 17:20:25 776C76D2D42CFFA3D4650E99DEDC3EEA 1126400 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\XDelta.exe 2013-03-19 17:20:25 50AE228A68AF39A6B57FA931ACECAB3C 30576 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCAccess.exe 2013-03-19 17:20:25 4F6878FC7BEDCF90D6EB116AAE0AFBE4 3468584 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\_Launcher.exe 2013-03-19 17:20:24 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe 2013-03-19 17:20:24 35FEAD5D5287E6C111BB9C7FD94CDB7E 22008 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\AllowFoldersToBeUpdated.exe 2013-03-19 01:11:50 682643D75B1FD61EA790B7ADE1A2CF46 436072 ----a-w- C:\gPotato.eu\Allods Online\Mods\protect.exe 2013-03-19 01:08:57 F0938B075106C09DCFE116F8533C911F 57344 ----a-w- C:\gPotato.eu\Allods Online\Mods\UITextureConvertEditor.exe 2013-03-19 00:34:42 52EA16D347630022056B5EA438CF6E9B 15902208 ----a-w- C:\Users\robin\Desktop\repair.exe 2013-03-19 00:33:39 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\Users\robin\bin\Launcher.exe 2013-03-19 00:17:03 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\gPotato.eu\Allods Online\Patches\Launcher\Launcher.exe 2013-03-19 00:13:54 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\bin\SyncVersion.exe 2013-03-19 00:13:52 313E12B63831FF30858C1329A4C8BF26 453432 ----a-w- C:\gPotato.eu\Allods Online\bin\AwesomiumProcess.exe 2013-03-19 00:13:08 71419860275321D5BE5D3E2ACE91A6B4 356432 ----a-w- C:\Users\robin\Desktop\4.0.00.63_Installer\Europe\UsingCAB\setup.exe 2013-03-18 23:35:39 6B7BE7519BBB3CE1DF7D462DF25AC056 357072 ----a-w- C:\Users\robin\Downloads\setup.exe 2013-03-18 23:06:21 6B1C3B805DE40EB0BFA9227DA07C98E9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IJ897CX.exe 2013-03-18 23:06:03 07472F9894F154A22A6039A4D146E800 52832 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RJ897CX.exe 2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe 2013-03-18 22:21:52 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader (1).exe 2013-03-18 22:21:23 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader.exe 2013-03-18 22:19:25 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN (1).exe 2013-03-18 22:19:08 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN.exe 2013-03-18 22:10:13 E4D7D418A28217A5600B56D569CC43C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I914ZT9.exe 2013-03-18 22:10:13 B36F01D47BD4EA35A437E9D1A8E56D05 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IG1EVO2.exe 2013-03-18 22:10:13 700C4D09D6279052C61E7B56EE344855 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IYZG0HJ.exe 2013-03-18 22:10:13 5AF0776A89816FB10157CF5B4D976570 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IXHJ992.exe 2013-03-18 22:10:13 4B4AE36B9EEC78977CC7F2B2DB290AC8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I5JNTKE.exe 2013-03-18 22:10:13 2FBEE6078063EDE26D10B152B174326A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IX6BIHB.exe 2013-03-18 22:08:57 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RG1EVO2.exe 2013-03-18 22:01:45 E020A3976D16E1F2A8069594858087C8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQJ7LUT.exe 2013-03-18 22:01:45 AC65A53BB90940109F9766FD86833934 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IZJK9KD.exe 2013-03-18 22:01:45 A475A61BCE820EE9DF95612DA94CAC99 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQCTZSG.exe 2013-03-18 22:01:45 61D92262779C9B93C80FE2EB74C38DD5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IABHSHK.exe 2013-03-18 22:01:45 5990C9386F30B9B8718C51B7506E0FBB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IBTIBUK.exe 2013-03-18 22:01:45 3FA22321062DF55B1FFD6C166F8D7A78 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIGXSNV.exe 2013-03-18 22:01:45 249C75DEE13ECBE399865E82FC32DA49 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I46J528.exe 2013-03-18 22:01:45 0D5EB6EDE52DA1BEB81F858CFC8EAE69 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I07JNGH.exe 2013-03-18 21:28:41 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R5JNTKE.exe 2013-03-18 20:58:13 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RX6BIHB.exe 2013-03-18 20:55:06 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RXHJ992.exe 2013-03-18 20:53:03 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RYZG0HJ.exe 2013-03-18 20:51:30 E53D24956C2F58369A4EB0E6C93BD50C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IFFT6G8.exe 2013-03-18 20:22:05 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R914ZT9.exe 2013-03-18 18:46:24 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RFFT6G8.exe 2013-03-18 18:43:16 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\Users\robin\Downloads\GP_Archlord_120927\ArchLord_Install_Global.exe 2013-03-18 18:26:32 88B0E7B40936A6C2E797F51307C5DC29 382000 ----a-w- C:\ProgramData\WEBZEN\BrowserPlugIns\CMStarterCore.exe 2013-03-18 18:26:31 BC49243557991AC42FCC01B8E3BB05D2 393216 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{95723791-2C44-454B-9220-C65D47D70E9C}\setup.exe 2013-03-18 18:25:36 3AC2E42844457F045A49613335CF8A93 2988376 ----a-w- C:\Users\robin\Downloads\WebzenBrowserExt.exe 2013-03-18 17:18:45 EC36905F2BF48A04478352A904940423 1502532270 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304sfx.exe 2013-03-18 17:18:45 9885ABD427DD3D4365AAB6FD2408C443 3555040 ----a-w- C:\AeriaGames\Downloader\aeria_ignite_install.exe 2013-03-18 17:18:43 D84C7A57E1CF45B6679C96AFDD219301 325936 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304.exe 2013-03-18 17:18:28 BCA477D7BF9EAF28656D4CD00749F7CD 4415736 ----a-w- C:\Users\robin\AppData\Local\Akamai\ControlPanel.exe 2013-03-18 17:18:18 495199CEAF9A4898499489DA7520FCDE 10027032 ----a-w- C:\Users\robin\AppData\Local\Akamai\netsession_installer.exe 2013-03-18 17:18:08 8732D16C1CAFE03844AEEC3C8B0B9EAD 471648 ----a-w- C:\Users\robin\Downloads\shaiya_us_downloader.exe 2013-03-18 16:45:22 22A5EC63B21858CFF6FF1CF24B63361C 750052485 ----a-w- C:\Users\robin\Downloads\AIKA_Setup_20130305.exe 2013-03-18 02:55:46 C0C9753E961614DC9F6C668E11D462BE 6523640 ----a-w- C:\Users\robin\Downloads\NCsoftLauncherSetup.exe 2013-03-18 02:48:06 5EB6B55DD94165E0E2ECBB4DD762B56B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIJN1T8.exe 2013-03-18 02:32:09 FAD9EC5660BBD7C1FD48B2ED8999F582 4517472 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\launcher\-gup-\jadeloadern.exe 2013-03-18 02:30:27 9C696DE81A6C41012248B274085CA5AC 289687 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\patcher\skin\image\patcher\patcher.exe 2013-03-18 01:18:53 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\uninstall.exe 2013-03-18 01:18:04 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\install.exe 2013-03-18 01:09:14 E2934E1222D095642AADD6C0EDF4457F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IC44ON1.exe 2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe 2013-03-18 00:47:02 5C98730B1E4BDBE19D8C5F9D86E74973 214992 ----a-w- C:\Program Files (x86)\Smart PC Cleaner\Startw3i.exe 2013-03-18 00:45:55 3217E030A7AA0ED2B2BAFEAAD4E8A3A0 1649344 ----a-w- C:\Users\robin\Downloads\FinalTorrent2012Setup.exe 2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe 2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe 2013-03-18 00:32:31 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RABHSHK.exe 2013-03-18 00:28:30 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQCTZSG.exe 2013-03-18 00:28:23 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RZJK9KD.exe 2013-03-18 00:26:25 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RBTIBUK.exe 2013-03-18 00:11:13 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R07JNGH.exe 2013-03-18 00:10:27 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RIGXSNV.exe 2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe 2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe 2013-03-17 23:42:23 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQJ7LUT.exe 2013-03-17 22:58:14 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\install.exe 2013-03-17 22:58:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\uninstall.exe 2013-03-17 22:57:10 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R46J528.exe 2013-03-16 11:39:53 609A3D40DE06CDD3A17B4D5D6E7AA279 1502560 ----a-w- C:\Users\robin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.152_chrome_updater.exe === C: other files == 2013-03-19 00:13:54 37C2C5AEDD2F2BA4A076D474B3FD1BFD 3651080 ----a-w- C:\gPotato.eu\Allods Online\data\Mods\Docs\ModdingDocuments.zip 2013-03-18 23:03:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{012D6546-A8C8-45F1-9258-65590D307975}.bat 2013-03-18 17:27:20 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{D752F0DB-4189-41A7-9F1B-0C55298C40F8}.bat 2013-03-18 16:44:29 23C513D4833724C563F7796FC154EE1E 30804 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174429.zip 2013-03-18 16:43:57 444CEFBA2C0D43D46C93995AF24A2FC5 38708 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174357.zip 2013-03-18 16:43:27 B05EF378F602749AA345445827C8D127 33050 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174327.zip ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler" "Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun" [HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU" "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" "NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized" "Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe" [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce] "mctadmin"="C:\Windows\System32\mctadmin.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" "ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE" "ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S" "ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" "ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" "HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" "Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" "UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0" "KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe" "AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" "vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe" "ASUS Screen Saver Protector"="C:\Windows\AsScrPro.exe" "CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe" "msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background" "KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s" "KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" "EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU" "EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU" "Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun" "Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe" "NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized" "Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe" ==== Startup Registry Enabled x64 ====================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="C:\Windows\system32\igfxtray.exe" "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" "Persistence"="C:\Windows\system32\igfxpers.exe" "RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 " "AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s" "SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe " "SynAsusAcpi"="%ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe " ==== Startup Folders ====================== 2011-04-13 02:49:43 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk 2012-10-20 14:05:57 848 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk ==== Task Scheduler Jobs ====================== C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe [] C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS.exe [] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02] C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02] ==== Chrome Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[] bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx[] cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[] dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[] ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[18/02/2013 23:13] niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[] pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx[] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[] cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[] Funmoods - robin - Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh PriceGong - robin - Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok New Tab - robin - Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj ==== Chrome Fix ====================== C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs] "Tabs"="res://ieframe.dll/tabswelcome.htm" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" {35F54DFA-9BA6-A5F8-7509-102794E0C91A} AVG Secure Search Url="https://isearch.avg.com/search?cid={3571B91F-00F3-445F-90B1-23010F2B643F}&mid=060a13a6465a47d1b57f854de0d1e797-9fce1abf496bcc088b96d1054144cc7e07d5cee6〈=nl&ds=AVG&pr=fr&d=2012-08-03" {6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}" ==== Reset Google Chrome ====================== C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== shortcuts on Users Desktops ====================== C:\Users\robin\Desktop\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\Desktop\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe C:\Users\UpdatusUser\Desktop\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe C:\Users\Public\Desktop\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe C:\Users\Public\Desktop\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe ==== shortcuts in Users Start Menu ====================== C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AikaOnline\AikaOnline.lnk - C:\T3fun\AikaOnline\AIKALauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online Website.lnk - C:\gPotato.eu\Allods Online\Allods Online.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Register.lnk - C:\gPotato.eu\Allods Online\Register.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Remove Allods Online.lnk - C:\gPotato.eu\Allods Online\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Forsaken World\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyOverride"="<local>" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.aeriagames.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Users\robin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ will be deleted at reboot C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4 will be deleted at reboot C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19 will be deleted at reboot C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738 will be deleted at reboot C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6 will be deleted at reboot C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR will be deleted at reboot C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found After Reboot ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\robin\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not found "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found "C:\ProgramData\Browser Manager" not found "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ" not found "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4" not found "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19" not found "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738" not found "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6" not found "C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR" not found Alvast bedankt

Ik heb hetzelfde probleem , als ik mijn documenten ofzo wil openen komt er op ' windows verkenner werkt niet meer' Deze word dan afgesloten en opnieuw opgestart, en zo gaat dat een aantal keer. Ik heb alles hierboven gelezen en heb de 2 logjes al gemaakt: Hitman: HitmanPro 3.7.2.190 www.hitmanpro.com Computer name . . . . : ROBIN-PC Windows . . . . . . . : 6.1.1.7601.X64/8 User name . . . . . . : robin-PC\robin UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-03-21 18:13:57 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 403 Objects scanned . . . : 1.520.864 Files scanned . . . . : 33.988 Remnants scanned . . : 441.914 files / 1.044.962 keys Malware _____________________________________________________________________ C:\Users\robin\Downloads\DownloadManagerSetup.exe -> Deleted Size . . . . . . . : 1.115.544 bytes Age . . . . . . . : 106.7 days (2012-12-05 01:22:05) Entropy . . . . . : 6.8 SHA-256 . . . . . : 0549C54DBE2F1A671046DD883BF2DD94C4E6A6B4458E2D412A21812A72243062 > G Data . . . . . . : Gen:Variant.Graftor.73061 (Engine A) > Ikarus . . . . . . : AdWare.SuspectCRC!IK Fuzzy . . . . . . : 106.0 C:\Users\robin\Downloads\PDFCreatorSetup.exe -> Quarantined Size . . . . . . . : 561.160 bytes Age . . . . . . . : 429.0 days (2012-01-17 18:48:29) Entropy . . . . . : 7.9 SHA-256 . . . . . : 58B5EB841EF73D9F4BAA5C3C612054C150D7DD2F00AC79A507AD8E77ABFAFFA6 RSA Key Size . . . : 2048 Authenticode . . . : Self-signed > G Data . . . . . . : Gen:Variant.Application.InstallCore.1 (Engine A) Fuzzy . . . . . . : 117.0 Suspicious files ____________________________________________________________ C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe Size . . . . . . . : 10.570.224 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:49:56) Entropy . . . . . : 7.4 SHA-256 . . . . . : 79F24008F237E01DEDF4D4A74F272937A56D2B3733C6D6523AC8EC915D8CB448 Product . . . . . : Allods Online EU EN Publisher . . . . : © 2011 Allods Team, Mail.Ru Games Description . . . : Allods Online. Update system. Version . . . . . : 4.0.0.67 Copyright . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/> RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 25.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Authors name is missing in version info. This is not common to most programs. Forensic Cluster -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\ -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent -1.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ 0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe 7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll 9.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll 12.6s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll 12.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll 13.4s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll 16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version 16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll Size . . . . . . . : 4.422.992 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:50:03) Entropy . . . . . : 5.2 SHA-256 . . . . . : 9022B710AC31D9697656623E0FBFC15D85EA603F22296671AB7F58041FC0D62F Product . . . . . : Microsoft® Visual Studio® 10 Publisher . . . . : Microsoft Corporation Description . . . : MFCDLL Shared Library - Retail Version Version . . . . . : 10.00.40219.325 Copyright . . . . : © Microsoft Corporation. All rights reserved. RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 22.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Time indicates that the file appeared recently on this computer. Forensic Cluster -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\ -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ -7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe 0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll 1.5s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll 4.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll 5.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll 5.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll 9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version 9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe Size . . . . . . . : 10.570.224 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:40:52) Entropy . . . . . : 5.9 SHA-256 . . . . . : 7E008347D34B45ECD104E58BF82DD02C8AAECA3FA68267B5B75768829F3C7C00 Product . . . . . : Allods Online EU EN Publisher . . . . : © 2011 Allods Team, Mail.Ru Games Description . . . : Allods Online. Update system. Version . . . . . : 4.0.0.67 Copyright . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/> RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 23.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Time indicates that the file appeared recently on this computer. Authors name is missing in version info. This is not common to most programs. Forensic Cluster -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\ -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ 0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe 2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll 2.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll 3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll 3.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll 3.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll 5.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll 5.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll 13.2s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll Size . . . . . . . : 4.422.992 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:40:54) Entropy . . . . . : 3.8 SHA-256 . . . . . : A8CF1635FCA88FFA01EBF14C6B307601A5C34837C8C0C211B81D2E01F45CA68D Product . . . . . : Microsoft® Visual Studio® 10 Publisher . . . . : Microsoft Corporation Description . . . : MFCDLL Shared Library - Retail Version Version . . . . . : 10.00.40219.325 Copyright . . . . : © Microsoft Corporation. All rights reserved. RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 22.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Time indicates that the file appeared recently on this computer. Forensic Cluster -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\ -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ -2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe 0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll 0.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll 0.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll 1.4s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll 1.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll 2.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll 3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll 10.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version C:\Windows\SysWOW64\GameMon.des Size . . . . . . . : 4.702.568 bytes Age . . . . . . . : 3.5 days (2013-03-18 06:46:25) Entropy . . . . . : 7.9 SHA-256 . . . . . : 05312FF57D5FB500E5C14669A4409840F25BB524731C75F5F220744F4B687460 Product . . . . . : nProtect Game Monitor Publisher . . . . : INCA Internet Co., Ltd. Description . . . : nProtect Game Monitor Rev 1909 Version . . . . . : 2012.10.25.1 Copyright . . . . : Copyright ⓒ 2000-2011 INCA Internet Service . . . . . : npggsvc Fuzzy . . . . . . : 31.0 The file name extension of this program is not common. Starts automatically as a service during system bootup. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Time indicates that the file appeared recently on this computer. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Startup HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\ Forensic Cluster -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgl.erl -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgl.erl -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgg.erl -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg.erl -35.7s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.ver -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Lineage2us.ini -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.des -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgmup.erl -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.erl -35.4s C:\Program Files\Common Files\INCA Shared\ -35.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\ -14.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameMon.des -14.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg9x.des -12.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.des -12.4s C:\Windows\SysWOW64\nppt9x.vxd -11.9s C:\Windows\SysWOW64\npptNT2.sys -11.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Splash.jpg -8.9s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggscan.des -8.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggerror.des -6.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.des -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgm.erl -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgm.erl 0.0s C:\Windows\SysWOW64\GameMon.des 3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npsc.erl 3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.erl Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\BabylonToolbar\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll (Babylon) Size . . . . . . . : 333.824 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:10) Entropy . . . . . : 6.3 SHA-256 . . . . . : D309E2C318742254C950EAD3C53FA2B2A35BFBD019371CA79EC6C2159650C520 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll (Babylon) Size . . . . . . . : 546.816 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 6.4 SHA-256 . . . . . : C177A19D6A6E7CEF31A97332F09FE7B9A7B9B1B3672A8BA78588584C38D33C03 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe (Babylon) Size . . . . . . . : 368.640 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 6.3 SHA-256 . . . . . : EB45B35335FD017B270D4540ECF54CD222C6008A86D4368372CF1AF2E8B72243 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon) Size . . . . . . . : 256.000 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 6.3 SHA-256 . . . . . : 10C5F609A94F6CD865E541C3D05AA5D1E971EF4B74BF6CF10388181741E50B16 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon) Size . . . . . . . : 240.640 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:10) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9618A5E352853748D42AC2980C55B51C5146A94EDC8D14A293432A7BFA9C53FA Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon BHO Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll (Babylon) Size . . . . . . . : 58.880 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 5.6 SHA-256 . . . . . : 00489A8E6828E7F11E37CBCF5A97F43AD45908655426790F602AB60496136341 Fuzzy . . . . . . : 6.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe (Babylon) Size . . . . . . . : 200.914 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 7.9 SHA-256 . . . . . : 11491E5936388AFEAD34FB739426B206ED17E93150769289A6DCD3F2DD7F3271 Product . . . . . : ${PRDCT_DSP} Publisher . . . . : BabylonToolbar Version . . . . . : 1.5.29.1 Fuzzy . . . . . . : 8.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll (Babylon) Size . . . . . . . : 308.736 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.3 SHA-256 . . . . . : ADD621CD1EC5A282E07CFA41250B52EE820D8A89C0A819E82557897089FD712B Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll (Babylon) Size . . . . . . . : 579.584 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.4 SHA-256 . . . . . : AC4E68C20B4F64B1546F7B55AFBB32DED38D0CF0337CE4742E1D0CBDB15A5BC6 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe (Babylon) Size . . . . . . . : 374.784 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.3 SHA-256 . . . . . : 47C8F3A5AC427F18C545CDA027257C38BDAEAED2CBD49518838FEEF6592E7D52 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon) Size . . . . . . . : 314.368 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.4 SHA-256 . . . . . : 21275C775E5E93EEBE3F6E803E73054653426F283423578141D3F57F1AD6A33C Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon) Size . . . . . . . : 242.176 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.3 SHA-256 . . . . . : F85834893853C11B10425403A6938675446692445695B5F87C39A6A762E9851C Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon BHO Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Gossip . . . . . . : (x86) Fuzzy . . . . . . : 2.0 Startup HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ References HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr.1\ HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr\ HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\ HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}\ C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\escortShld.dll (Babylon) Size . . . . . . . : 58.880 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 5.6 SHA-256 . . . . . : 8B38150889A505698CEE1255D5B12C9E6C98CC084319A8BE8895B22C726094C3 Fuzzy . . . . . . : 6.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe (Babylon) Size . . . . . . . : 340.632 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:24) Entropy . . . . . : 6.3 SHA-256 . . . . . : 271FA432566E331545A31BF6AF149897CE5EB70E0A3F4FBEFA355E6986BE5294 Product . . . . . : Uninstaller Publisher . . . . : Babylon Ltd. Description . . . : Uninstaller Application Version . . . . . : 9.0.6.15 Copyright . . . . : Copyright © Babylon Ltd. 1997-2012 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : -7.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\uninstall.exe (Babylon) Size . . . . . . . : 203.616 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 7.9 SHA-256 . . . . . : 9934FFDBE0630FB072A603BE60CDDC43CAD16AC1C8209291DFD2643A7082B695 Product . . . . . : ${PRDCT_DSP} Publisher . . . . : BabylonToolbar Version . . . . . : 1.8.3.8 Fuzzy . . . . . . : 8.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\BabylonTB.xpi (Babylon) C:\Program Files (x86)\Funmoods\ (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\ (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\bh\ (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods) Size . . . . . . . : 243.664 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.3 SHA-256 . . . . . : 28DB84D7AB96A9C4ECF008B812A78D914BCA89850AD75E33FDBF3BE43C09129A Product . . . . . : Funmoods Publisher . . . . : Funmoods BHO Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -13.0 Startup HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ References HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr.1\ HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr\ HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\ HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (Funmoods) Size . . . . . . . : 338.384 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.4 SHA-256 . . . . . : A7533C3D5F698AF138D64F0D77F4680A56878BD421ACAA810C8D685F61232B80 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (Funmoods) Size . . . . . . . : 551.888 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.4 SHA-256 . . . . . : 78DB11A88A4F49304980D8FE2F6B13FDA74E1A67515BF0915DF3435B9497E71A Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) Size . . . . . . . : 251.856 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.3 SHA-256 . . . . . : BAC85636258261878970E711F8F7DBFD3AD01997BAB124A14CF7DCB376152AAE Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (Funmoods) Size . . . . . . . : 64.464 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 5.9 SHA-256 . . . . . : 5C0BC2F9A2BED296F4E76E834C091B7F62E9250A929F9EB4483D1264F8678F52 RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -9.0 C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (Funmoods) Size . . . . . . . : 410.064 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.3 SHA-256 . . . . . : 783C77CF63113685A76DBA8163B19D6FF1394E79AC007FF5795CCBD485680939 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (Funmoods) Size . . . . . . . : 599.419 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.5 SHA-256 . . . . . : 3E5A28FFDE07AC661C26B6CCF94E64C1C90B1F25B3B24C90605AA922B87642EB Fuzzy . . . . . . : -2.0 C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (Funmoods) Size . . . . . . . : 397.312 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9715DA68E2DD04EECD6A11233EA154D7BAE56B5613B68E670EE497DCE7F983C5 Product . . . . . : Setup© Publisher . . . . : Setup © Description . . . : Setup Version . . . . . : 2.2.0.344 Copyright . . . . : Fuzzy . . . . . . : -11.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\ (Funmoods) C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\ (Funmoods) C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll (Funmoods) Size . . . . . . . : 243.664 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.3 SHA-256 . . . . . : D11C298153EF7BFE88EDC082BF8BE03CF0681DAA22864D6A228E58BA9321EB6D Product . . . . . : Funmoods Publisher . . . . : Funmoods BHO Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\escortShld.dll (Funmoods) Size . . . . . . . : 64.464 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 5.9 SHA-256 . . . . . : 00C1673F3405E82CBA80E1AB03CF3C955C4BB52F4480F472BA5D1728DD177111 RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -9.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsApp.dll (Funmoods) Size . . . . . . . : 337.872 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.4 SHA-256 . . . . . : 65293818E9A72B09CF2EA293FDDD132FA0EBFA04D6BC5D2A56D06E909F2879C4 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsEng.dll (Funmoods) Size . . . . . . . : 550.352 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.4 SHA-256 . . . . . : AFF4B25637A43F303EE5E32A479677853CFC3E3E68AAD1A4B76AE1D33D042410 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsOEM.crx (Funmoods) C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodssrv.exe (Funmoods) Size . . . . . . . : 409.040 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.3 SHA-256 . . . . . : BE806BE8713C56753EB0B1D33126B62B5738FF98FD10CA5F1F20127198B958C8 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll (Funmoods) Size . . . . . . . : 251.344 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.3 SHA-256 . . . . . : C1CC903567551BFD219D075432618FF0571D61DE04EA38923BCD37BD32D70720 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\uninstall.exe (Funmoods) Size . . . . . . . : 238.518 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 7.5 SHA-256 . . . . . : C669B52408A0163B16B40BC75D29421CBB33DC6D3C208A90B1892911B40DFCCA Product . . . . . : Funmoods Publisher . . . . : Funmoods Version . . . . . : 1.5.19.3 Fuzzy . . . . . . : -4.0 C:\Program Files (x86)\Yontoo\ (Yontoo) C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo) Size . . . . . . . : 133.632 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:44:00) Entropy . . . . . : 6.4 SHA-256 . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66 Fuzzy . . . . . . : 6.0 C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo) Size . . . . . . . : 194.928 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:44:00) Entropy . . . . . : 6.3 SHA-256 . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9 Product . . . . . : Yontoo Runtime Publisher . . . . : Yontoo LLC Description . . . : Yontoo Runtime Version . . . . . : 1.10.01 Copyright . . . . : Copyright (c) 2011 Yontoo LLC. All rights reserved. RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : -5.0 Startup HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ References HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\ HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\ HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo) C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx (Funmoods) C:\Users\robin\AppData\Local\funmoods.crx (Funmoods) C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (Claro) C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (Claro) C:\Users\robin\AppData\LocalLow\BabylonToolbar\ (Babylon) C:\Users\robin\AppData\Roaming\Babylon\ (Babylon) C:\Users\robin\AppData\Roaming\Babylon\log_file.txt (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 225.1 days (2012-08-08 14:43:56) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:30) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:30) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BabyTBConf.ini (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 225.1 days (2012-08-08 14:43:56) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\Funmoods\ (Funmoods) C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\ (Funmoods) C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\config.dat (Funmoods) C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (Funmoods) Size . . . . . . . : 94.720 bytes Age . . . . . . . : 22.7 days (2013-02-27 01:54:19) Entropy . . . . . : 6.5 SHA-256 . . . . . : 491E56FC62E891DD80A5321BB201577FD42BFFB11627F44220EA10D6CA3F0107 Fuzzy . . . . . . : 6.0 HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo) HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo) HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods) HKLM\SOFTWARE\Classes\b\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods) HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon) HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1\ (Funmoods) HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc\ (Funmoods) HKLM\SOFTWARE\Classes\f\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.dskBnd.1\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.dskBnd\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr\ (Funmoods) HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1\ (Funmoods) HKLM\SOFTWARE\Classes\funmoodsApp.appCore\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo) HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo) HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon) HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) HKLM\SOFTWARE\Classes\s\ (Softonic) HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo) HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo) HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo) HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo) HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo) HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods) HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\ (Claro) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon) HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon) HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph\ (Claro) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\funmoods\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ (Claro) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\BabylonToolbar\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr\ (SearchQU) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr_Toolbar\ (SearchQU) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Funmoods\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Main\bProtector Start Page (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo) Cookies _____________________________________________________________________ C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:123sexmatch.be C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adperium.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.nl C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.inhabitat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.movielush.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pixfuture.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.publicidad.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.zenoviaexchange.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:avgtechnologies.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmedbelgique.solution.weborama.fr C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livenation.122.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.sexsearchcom.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hub.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hubcam.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubads.g.doubleclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexdatingamateur.be C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexefriend.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexychicks4youn0w.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.be C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:view.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:wt.socialsex.biz C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.belstat.nl C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.****hub.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexefriend.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.socialsex.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.you****.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:you****.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\2F8KSW7R.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\5O2TP21U.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\CNASHRJV.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\MARL94OR.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\U2S53DK7.txt Hijack This: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:29:49, on 21/03/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16470) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\syncables\syncables desktop\syncables.exe C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file) O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing) O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing) O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE" O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU" O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU" O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe" O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe O4 - Global Startup: SetPointII.lnk = ? O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.aeriagames.com O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15376 bytes

ja die nieuwe versie van avg heb ik al gedownload , ik zal service pack nu ff doen... maar waarvoor heb je die nodig? en updates van windows? groeten

ok heb ik allemaal gedaan denk ik , hier zijn de logs mbam: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Databaseversie: 5199 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 27/11/2010 19:04:12 mbam-log-2010-11-27 (19-04-12).txt Scantype: Snelle scan Objecten gescand: 172130 Verstreken tijd: 51 minuut/minuten, 31 seconde(n) Geheugenprocessen geïnfecteerd: 0 Geheugenmodulen geïnfecteerd: 0 Registersleutels geïnfecteerd: 1 Registerwaarden geïnfecteerd: 0 Registerdata geïnfecteerd: 0 Mappen geïnfecteerd: 0 Bestanden geïnfecteerd: 1 Geheugenprocessen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registersleutels geïnfecteerd: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registerwaarden geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Registerdata geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Mappen geïnfecteerd: (Geen kwaadaardige objecten gedetecteerd) Bestanden geïnfecteerd: C:\Windows\Temp\TMP000000019DE0946EF35DD1D5 (Trojan.Dropper) -> Quarantined and deleted successfully. hjt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:10:38, on 27/11/2010 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.17037) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe C:\Program Files\Dell\MediaDirect\PCMService.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\wlcsdk.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - HouseCall - Free Online Virus Scan - Trend Micro USA O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe O23 - Service: Google Updateservice (gupdate1c99cdc18d1c445) (gupdate1c99cdc18d1c445) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 11665 bytes groeten