robij
-
Items
40 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door robij
-
-
jha hij heeft er ondertussen al meer dan 100 gedaan
Ben ze allemaal aan het installeren nu ...
Mvg
-
ok dat is goed voor mij dan en het probleem met windows verkenner is tot nu toe nog opgelost...
moet ik service packs downloaden eigenlijk?...Ik heb nu service pack 1, ik weet niet of er meerdere zijn?
Mvg
-
jha dit is voor mij niet echt een probleem... er stonden geen belangrijke bestanden op mijn pc en de software die ik nodig heb staat er al terug op... Er is geen permanente schade ofzo?
Mvg
-
wat zijn de gevolgen dan precies? En jha ik zal volgende keer minder snel zijn... ik dacht niet dat er nog andere gevolgen waren dan alle bestanden die weg zijn.
Hij is tot zover nog niet gecrasht.. dat is al een goed teken
Mvg Robin
-
Ok ik heb mijn pc terug gebracht naar fabrieksinstellingen... ik weet niet goed wat de gevolgen hiervan zijn... maar er stond tog al enorm veel rotzooi op dat eraf moest dusjha... ik zal even afwachten of hij nog crasht, ik heb de laatste rode ook verwijderd... je zal nog van me horen
Mvg Robin
-
Dus ik moet eigenlijk gewoon fabrieksinstellingen terug halen?...
mvg
-
yup asus ...
mvg
-
Wel , hij crasht meestal als ik de pc opstart , als ik eender wat open vanuit Mijn bibliotheek, dus documenten, afbeeldingen, downloads... bij wat hij precies crasht weet ik niet.
Mvg
- - - Updated - - -
Ik denkt dat het meestal onder afbeeldingen crasht...
-
het bestaat nog steeds vrees ik... dus er zal waarschijnlijk iets beschadigd zijn, maar hoe kom ik erachter welke foto/document dit is?
Mvg Robin
-
Ik begrijp dit gedeelte niet zo goed:
"Navigeer nu naar de mappen met de afbeeldingen en kijk of u het probleem kunt reproduceren en of het wellicht al is opgelost. Als Windows Verkenner wederom niet meer werkt, bevat de map die u bekeek mogelijk nog meer afbeeldingsbestanden die zijn beschadigd of die beschadigde miniatuurgegevens bevatten."
de rest is gebeurd, mvg Robin
-
Bij mijn weten heb ik dat niet geinstalleerd nee, bij zoeken vind ik het ook niet dus ik neem aan dat ik Div X niet heb.
Mvg
-
Ok de updates zijn gebeurd , maar Windows Verkenner crasht nog steeds...
Mvg en alvast bedankt
-
waar doe ik dit?
-
Nee , hij crasht nog steeds , ook meestal bij het opstarten.
Mvg
-
hier is het logje: Mvg Robin
Farbar Service Scanner Version: 03-03-2013
Ran by robin (administrator) on 23-03-2013 at 13:26:47
Running from "C:\Users\robin\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
-
Ik heb het programma laten scannen , hier is het logje , voor de moment is het nog niet gecrasht.
Mvg Robin
Starting Repairs...
Start (22/03/2013 18:30:18)
Reset File Permissions 01/20
C:\$AVG & Sub Folders
Start (22/03/2013 18:30:18)
Running Repair Under System Account
Done (22/03/2013 18:30:20)
Reset File Permissions 02/20
C:\AeriaGames & Sub Folders
Start (22/03/2013 18:30:20)
Running Repair Under System Account
Done (22/03/2013 18:30:23)
Reset File Permissions 03/20
C:\AsusVibeData & Sub Folders
Start (22/03/2013 18:30:23)
Running Repair Under System Account
Done (22/03/2013 18:30:25)
Reset File Permissions 04/20
C:\Boot & Sub Folders
Start (22/03/2013 18:30:26)
Running Repair Under System Account
Done (22/03/2013 18:30:28)
Reset File Permissions 05/20
C:\codec-info & Sub Folders
Start (22/03/2013 18:30:28)
Running Repair Under System Account
Done (22/03/2013 18:30:31)
Reset File Permissions 06/20
C:\Config.Msi & Sub Folders
Start (22/03/2013 18:30:31)
Running Repair Under System Account
Done (22/03/2013 18:30:33)
Reset File Permissions 07/20
C:\eSupport & Sub Folders
Start (22/03/2013 18:30:33)
Running Repair Under System Account
Done (22/03/2013 18:30:48)
Reset File Permissions 08/20
C:\gPotato.eu & Sub Folders
Start (22/03/2013 18:30:48)
Running Repair Under System Account
Done (22/03/2013 18:30:50)
Reset File Permissions 09/20
C:\Intel & Sub Folders
Start (22/03/2013 18:30:50)
Running Repair Under System Account
Done (22/03/2013 18:30:53)
Reset File Permissions 10/20
C:\MSOCache & Sub Folders
Start (22/03/2013 18:30:53)
Running Repair Under System Account
Done (22/03/2013 18:30:55)
Reset File Permissions 11/20
C:\Perfect World Entertainment & Sub Folders
Start (22/03/2013 18:30:55)
Running Repair Under System Account
Done (22/03/2013 18:30:58)
Reset File Permissions 12/20
C:\PerfLogs & Sub Folders
Start (22/03/2013 18:30:58)
Running Repair Under System Account
Done (22/03/2013 18:31:00)
Reset File Permissions 13/20
C:\Program Files & Sub Folders
Start (22/03/2013 18:31:00)
Running Repair Under System Account
Done (22/03/2013 18:31:13)
Reset File Permissions 14/20
C:\Program Files (x86) & Sub Folders
Start (22/03/2013 18:31:13)
Running Repair Under System Account
Done (22/03/2013 18:32:13)
Reset File Permissions 15/20
C:\ProgramData & Sub Folders
Start (22/03/2013 18:32:13)
Running Repair Under System Account
Done (22/03/2013 18:32:38)
Reset File Permissions 16/20
C:\Qoobox & Sub Folders
Start (22/03/2013 18:32:38)
Running Repair Under System Account
Done (22/03/2013 18:32:41)
Reset File Permissions 17/20
C:\Recovery & Sub Folders
Start (22/03/2013 18:32:41)
Running Repair Under System Account
Done (22/03/2013 18:32:44)
Reset File Permissions 18/20
C:\T3fun & Sub Folders
Start (22/03/2013 18:32:44)
Running Repair Under System Account
Done (22/03/2013 18:32:46)
Reset File Permissions 19/20
C:\temp & Sub Folders
Start (22/03/2013 18:32:46)
Running Repair Under System Account
Done (22/03/2013 18:32:49)
Reset File Permissions 20/20
C:\Windows & Sub Folders
Start (22/03/2013 18:32:49)
Running Repair Under System Account
Done (22/03/2013 18:42:19)
Reset File Permissions: Cleanup
& Sub Folders
Start (22/03/2013 18:42:19)
Running Repair Under System Account
Done (22/03/2013 18:42:22)
Register System Files
Start (22/03/2013 18:42:22)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:42:51)
Repair WMI
Start (22/03/2013 18:42:51)
Running Repair Under Current User Account
Ongeldige schakeloptie voor Global.
Ongeldige schakeloptie voor Global.
Running Repair Under System Account
Ongeldige schakeloptie voor Global.
Ongeldige schakeloptie voor Global.
Done (22/03/2013 18:44:10)
Repair Windows Firewall
Start (22/03/2013 18:44:10)
Running Repair Under Current User Account
De Internet Connection Sharing (ICS)-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
Kan de Internet Connection Sharing (ICS)-service niet starten.
De service heeft geen fout gemeld.
Typ NET HELPMSG 3534 voor meer hulp.
Running Repair Under System Account
De Internet Connection Sharing (ICS)-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
Kan de Internet Connection Sharing (ICS)-service niet starten.
De service heeft geen fout gemeld.
Typ NET HELPMSG 3534 voor meer hulp.
Done (22/03/2013 18:44:41)
Repair Internet Explorer
Start (22/03/2013 18:44:41)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:44:50)
Repair MDAC/MS Jet
Start (22/03/2013 18:44:50)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:44:57)
Remove Policies Set By Infections
Start (22/03/2013 18:44:57)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:45:02)
Repair Winsock & DNS Cache
Start (22/03/2013 18:45:02)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:45:15)
Repair Proxy Settings
Start (22/03/2013 18:45:15)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:45:19)
Unhide Non System Files
Start (22/03/2013 18:45:19)
C:\ - Total Files Unhidden: 479
D:\ - Total Files Unhidden: 0
E:\ - Total Files Unhidden: 0
F:\ - Total Files Unhidden: 0
Q:\ - Total Files Unhidden: 0
Done (22/03/2013 18:46:00)
Repair Windows Updates
Start (22/03/2013 18:46:00)
Running Repair Under Current User Account
De Background Intelligent Transfer Service-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
De Windows Update-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
Het systeem kan het opgegeven bestand niet vinden.
Running Repair Under System Account
De Cryptographic Services-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
De Background Intelligent Transfer Service-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
De Windows Update-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
Het systeem kan het opgegeven bestand niet vinden.
Done (22/03/2013 18:46:11)
Repair Volume Shadow Copy Service
Start (22/03/2013 18:46:11)
Running Repair Under Current User Account
De Volume Shadow Copy-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
De Microsoft Software Shadow Copy Provider-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
Running Repair Under System Account
De Volume Shadow Copy-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
De Microsoft Software Shadow Copy Provider-service is niet gestart.
Typ NET HELPMSG 3521 voor meer hulp.
Done (22/03/2013 18:46:16)
Repair MSI (Windows Installer)
Start (22/03/2013 18:46:16)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:25)
Repair Windows Safe Mode
Start (22/03/2013 18:46:25)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:29)
Repair Print Spooler
Start (22/03/2013 18:46:29)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:42)
Restore Important Windows Services
Start (22/03/2013 18:46:42)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:47)
Set Windows Services To Default Startup
Start (22/03/2013 18:46:47)
Running Repair Under Current User Account
Running Repair Under System Account
Done (22/03/2013 18:46:52)
Cleaning up empty logs...
All Selected Repairs Done.
Done (22/03/2013 18:46:52)
Total Repair Time: 00:16:34
...YOU MUST RESTART YOUR SYSTEM...
Running Repair Under System Account
- - - Updated - - -
ok hij is net terug gecrasht... probleem dus nog niet opgelost... Mvg
-
jha dat had ik ook al door... weet je iets dat misschien zou kunnen helpen?
-
Moet ik hitman nog eens laten scannen? ik heb er in ieder geval niets meer van gehoord en windows verkenner crasht nog steeds... er komt meestal een explorer foutmelding op die het volgende zegt:
explorer.exe-toepassingsfout
De instructie op 0X800051da verwijst naar geheugen op 0X026b8000. Een lees- of schrijfbewerking op het geheugen mislukt: written.
Klik op OK als u het programma wilt beëindigen.
Ik weet niet of dit hier iets mee te maken heeft , ik laat het maar gewoon weten
Mvg Robin
-
hier het logje: Alvast bedankt
ComboFix 13-03-21.01 - robin 21/03/2013 21:56:58.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.8098.5978 [GMT 1:00]
Gestart vanuit: c:\users\robin\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\robin\AppData\Local\assembly\tmp
c:\users\robin\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-02-21 to 2013-03-21 ))))))))))))))))))))))))))))))
.
.
2013-03-21 19:10 . 2013-03-21 21:03 -------- d-----w- c:\users\robin\AppData\Local\Temp
2013-03-21 19:10 . 2013-03-21 18:59 24064 ----a-w- c:\windows\zoek-delete.exe
2013-03-21 17:24 . 2013-03-21 17:24 388096 ----a-r- c:\users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-03-21 17:24 . 2013-03-21 17:24 -------- d-----w- c:\program files (x86)\Trend Micro
2013-03-21 17:21 . 2013-03-21 17:21 12872 ----a-w- c:\windows\system32\bootdelete.exe
2013-03-21 17:13 . 2013-03-21 17:13 -------- d-----w- c:\program files\HitmanPro
2013-03-21 17:11 . 2013-03-21 17:21 -------- d-----w- c:\programdata\HitmanPro
2013-03-20 21:05 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-03-19 17:20 . 2013-03-19 17:20 -------- d-----w- c:\users\robin\AppData\Roaming\InstallShield
2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\Profiles
2013-03-19 00:33 . 2013-03-19 00:33 -------- d-----w- c:\users\robin\bin
2013-03-19 00:13 . 2013-03-19 00:13 -------- d-----w- C:\gPotato.eu
2013-03-18 18:26 . 2013-03-18 18:51 -------- d-----w- c:\program files (x86)\WEBZEN
2013-03-18 18:26 . 2012-03-27 18:13 230920 ----a-w- c:\windows\SysWow64\EPWZCmnCtrl.dll
2013-03-18 18:26 . 2013-03-18 18:26 -------- d-----w- c:\programdata\WEBZEN
2013-03-18 17:30 . 2013-03-18 17:30 -------- d-----w- c:\users\robin\AppData\Local\Aeria Games
2013-03-18 17:29 . 2013-03-18 17:29 -------- d-----w- c:\programdata\Aeria Games
2013-03-18 17:27 . 2013-03-18 23:03 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2013-03-18 17:18 . 2013-03-18 17:18 -------- d-----w- c:\users\robin\AppData\Local\Akamai
2013-03-18 17:18 . 2013-03-18 17:27 -------- d-----w- C:\AeriaGames
2013-03-18 16:49 . 2013-03-18 16:49 -------- d-----w- C:\T3fun
2013-03-18 05:46 . 2012-10-24 17:16 4702568 ----a-w- c:\windows\SysWow64\GameMon.des
2013-03-18 05:46 . 2005-01-02 21:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2013-03-18 05:46 . 2003-07-19 06:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2013-03-18 05:45 . 2013-03-18 05:45 -------- d-----w- c:\program files\Common Files\INCA Shared
2013-03-18 02:57 . 2013-03-21 21:01 -------- d-----w- c:\users\robin\AppData\Local\assembly
2013-03-18 02:56 . 2013-03-19 17:20 -------- d-----w- c:\program files (x86)\NCSoft
2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\programdata\Computer Updater
2013-03-18 00:47 . 2013-03-18 00:47 -------- d-----w- c:\users\robin\AppData\Local\Programs
2013-03-18 00:47 . 2013-03-18 01:03 -------- d-----w- c:\program files (x86)\Smart PC Cleaner
2013-03-18 00:16 . 2013-03-18 00:16 -------- d-----w- c:\users\robin\AppData\Roaming\TuneUp Software
2013-03-17 22:57 . 2013-03-17 22:57 -------- d-----w- c:\users\robin\.swt
2013-02-28 01:41 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 21:03 . 2012-01-04 12:32 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2013-03-14 02:04 . 2012-12-26 21:57 72013344 ----a-w- c:\windows\system32\MRT.exe
2013-02-18 22:13 . 2012-08-03 20:21 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-12 05:45 . 2013-03-13 22:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45 . 2013-03-13 22:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45 . 2013-03-13 22:32 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45 . 2013-03-13 22:32 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48 . 2013-03-13 22:32 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 22:32 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-31 16:29 . 2013-01-31 16:29 69632 ----a-w- c:\windows\SysWow64\CUUpdateComponent.ocx
2013-01-31 16:29 . 2013-01-31 16:29 421888 ----a-w- c:\windows\SysWow64\ComputerUpdaterLM.ocx
2013-01-31 16:29 . 2013-01-31 16:29 131072 ----a-w- c:\windows\SysWow64\SafeAppRichList.ocx
2013-01-05 05:53 . 2013-02-16 17:21 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-05 05:00 . 2013-02-16 17:21 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-16 17:21 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-01-04 05:46 . 2013-02-16 17:21 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 04:51 . 2013-02-16 17:21 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-01-04 04:43 . 2013-02-16 17:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-01-04 03:26 . 2013-02-16 17:21 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 02:47 . 2013-02-16 17:21 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-04 02:47 . 2013-02-16 17:21 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-04 02:47 . 2013-02-16 17:21 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-04 02:47 . 2013-02-16 17:21 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-01-03 06:00 . 2013-02-16 17:21 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 06:00 . 2013-02-16 17:21 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-03-17 3093624]
"NCsoft Launcher"="c:\program files (x86)\NCSoft\Launcher\NCLauncher.exe" [2013-03-19 43304]
"Akamai NetSession Interface"="c:\users\robin\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-06-10 2255360]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-11-19 2598520]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-11-23 3058304]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe [2009-07-14 27136]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-05 1255736]
R3 WSDScan;Ondersteuning voor WSD-scan via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R3 X6va011;X6va011;c:\windows\SysWOW64\Drivers\X6va011 [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-04 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-26 17536]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-11-08 307040]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-11-02 5174392]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-12-10 127328]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-10-14 1147232]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2013-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job
- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]
.
2013-03-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job
- c:\users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-04 14:02]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-01 416024]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-19 12632168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: aeriagames.com
TCP: DhcpNameServer = 192.168.1.1 195.130.131.4 195.130.130.132
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
AddRemove-BabylonToolbar - c:\program files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe
AddRemove-funmoods - c:\program files (x86)\Funmoods\1.5.23.22\uninstall.exe
AddRemove-outsparktb - c:\program files (x86)\outsparktb\uninstall.exe
AddRemove-PriceGong - c:\program files (x86)\PriceGong\uninst.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\uninstall.exe
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codecv\uninstall.exe
AddRemove-Funmoods - c:\users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va011]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va011"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Voltooingstijd: 2013-03-21 22:07:53 - machine werd herstart
ComboFix-quarantined-files.txt 2013-03-21 21:07
.
Pre-Run: 141.664.661.504 bytes beschikbaar
Post-Run: 141.072.855.040 bytes beschikbaar
.
- - End Of File - - 9D15F91023430192AFD3B1B36D98FF22
-
Het duurde al iets langer maar hij valt nog steeds uit.... hij moest ook al minder keer opnieuw opstarten voor het terug werkte...
Mvg
-
Ik heb gedaan wat u zei , hier is het logje:
Zoek.exe Version 4.0.0.2 Updated 20-03-2013
Tool run by robin on do 21/03/2013 at 19:59:51,13.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Running Processes ======================
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\winlogon.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\explorer.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\Desktop\zoek.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully
==== Installed Programs ======================
??? ActiveX ?? Windows Live Mesh ???? ??????? ???????
???? ??? Windows Live
???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ???????
???? Windows Live
????? Windows Live
?????? ??????? ?? Windows Live
??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ???????????
??????? Windows Live Mesh ActiveX ???
???????? ?????????? Windows Live
@C:\\Program Files (x86)\\Intel\\Intel Control Center\\Uninstaller\\SetupICC.exe,-100
@C:\\Program Files (x86)\\Intel\\Intel® Management Engine Components\\Uninstall\\Setup.exe,-2018
@C:\\Program Files (x86)\\Intel\\Intel® Processor Graphics\\Uninstall\\Setup.exe,-1166
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Story
AION Free-To-Play
Akamai NetSession Interface
Alcor Micro USB Card Reader
Allods Online 4.0.00.63
ASUS AI Recovery
ASUS LifeFrame3
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
ASUS Virtual Camera
ASUS WebStorage
ASUS_Screensaver
AsusVibe2.0
ATK Package
AVG Security Toolbar
Babylon Chrome Toolbar
Babylon toolbar
Bing Bar
Bookworm Deluxe
Browser Manager
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Codecv
Control ActiveX de Windows Live Mesh para conexiones remotas
Contr“le ActiveX Windows Live Mesh pour connexions … distance
Controlo ActiveX do Windows Live Mesh para Liga‡äes Remotas
CyberLink LabelPrint
CyberLink Power2Go
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EPSON Scan
EPSON SX420W Series Handboek
EpsonNet Setup 3.2
erLT
Funmoods
Galeria de Fotografias do Windows Live
Galer¡a fotogr fica de Windows Live
Galerie de photos Windows Live
Game Park Console
Google Chrome
Governor of Poker
HiJackThis
Hotel Dash Suite Success
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Junk Mail filter update
Mahjongg dimensions
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (Dutch) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSVCRT
MSVCRT Redists
MSVCRT_amd64
MyFreeCodec
NCsoft Launcher
Netwerkhandleiding EPSON SX420W Series
Nuance PDF Reader
Outspark Toolbar
Pando Media Booster
PDF Creator Packages
PriceGong 2.6.11
Raccolta foto di Windows Live
Ralink RT2860 Wireless LAN Card
Realtek High Definition Audio Driver
S?????? f?t???af??? t?? Windows Live
Samsung Kies
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
SkypeT 6.1
St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?æa???sæ??e? s??d?se??
syncables desktop SE
TeamSpeak 3 Client
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Version Checker for Funmoods
Visual Studio 2008 x64 Redistributables
WEBZEN Browser Extension
Windows Live ???
Windows Live ????
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Installer
Windows Live Mail
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Mesh ActiveX control for remote connections
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFlash
Wireless Console 3
World of Goo
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\browser manager deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\browser manager deleted successfully
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"bProtector Start Page"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"bProtectorDefaultScope"=-
==== Deleting Files \ Folders ======================
"C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx" deleted
"C:\Users\robin\AppData\Local\funmoods.crx" deleted
"C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data" deleted
"C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences" deleted
"C:\user.js" deleted
"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.dll" deleted
"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not deleted
"C:\Program Files (x86)\outsparktb" deleted
"C:\Program Files (x86)\BabylonToolbar" deleted
"C:\Program Files (x86)\Yontoo" deleted
"C:\Program Files (x86)\PriceGong" deleted
"C:\Program Files (x86)\Funmoods" deleted
"C:\Users\robin\AppData\Roaming\Funmoods" deleted
"C:\Users\robin\AppData\Roaming\Babylon" deleted
"C:\Users\robin\AppData\Roaming\BabylonToolbar" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
"C:\ProgramData\Browser Manager" not deleted
"C:\ProgramData\APN" deleted
"C:\ProgramData\Partner" deleted
"C:\ProgramData\Codecv" deleted
"C:\ProgramData\InstallMate" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Premium" deleted
"C:\ProgramData\Babylon" deleted
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PriceGong" deleted
"C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager" deleted
"C:\Users\robin\AppData\LocalLow\BabylonToolbar" deleted
"C:\ProgramData\Browser Manager\2.3.796.11" not deleted
"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}" not deleted
==== System Specs ======================
Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Internet Explorer: 9.0.8112.16421
Memory (RAM): 8099 MB
CPU Info: Intel® Core i7-2670QM CPU @ 2.20GHz
CPU Speed: 2251,2 MHz
Sound Card: Speakers (Realtek High Definiti |
Display Adapters: Intel® HD Graphics Family | Intel® HD Graphics Family | NVIDIA GeForce GT 520M | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: 802.11n Wireless LAN Card | Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
CD / DVD Drives: 1x (G: | ) G: MATSHITADVD-RAM UJ8B0AW
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C: 279,5GB | D: 394,2GB | E: 349,3GB | F: 349,3GB | Q: 0,0MB
Hard Disks - Free: C: 114,3GB | D: 394,1GB | E: 349,2GB | F: 349,2GB | Q: 0,0MB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 10/06/11 | _ASUS_ - 6222004
Time Zone: West-Europa (standaardtijd)
Motherboard *: ASUSTeK Computer Inc. K73SJ
Sun Java version: niet
Sun Java version: opdracht,
Country: Belgi‰
Language: NLB
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\robin\AppData\Local\Temp ====
2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe
2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe
2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe
2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe
2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe
2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe
2013-03-17 22:57:48 B9270BA1B0D210F786D2E001A7BB902B 430080 ----a-w- C:\Users\robin\AppData\Local\Temp\swt-win32-3740.dll
====== C:\Windows\SysWOW64 =====
2013-03-18 18:26:31 B5CB3F2022BB0BF733688ABC119009E1 230920 ----a-w- C:\Windows\SysWOW64\EPWZCmnCtrl.dll
2013-03-18 05:46:25 97EDC6088C69DF575377860926EB6181 4702568 ----a-w- C:\Windows\SysWOW64\GameMon.des
2013-03-18 05:46:13 FB820C142B89F3037B8BEE0968B0276B 5174 ----a-w- C:\Windows\SysWOW64\nppt9x.vxd
2013-03-18 05:46:13 9131FE60ADFAB595C8DA53AD6A06AA31 4682 ----a-w- C:\Windows\SysWOW64\npptNT2.sys
2013-03-14 02:02:42 E7E671A2A0159ED8D86CA98DF134BB70 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-03-14 02:02:42 60D6B33E77A297AA1B14BF0452C20471 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-03-14 02:02:41 C9A2D460FD5E409C9320B4CE68A81549 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-03-14 02:02:40 D0F2CB059B2A89AD5B24FD9EB8D784BE 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-03-14 02:02:40 C43AFA13B552BCC4352106193F008229 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-03-14 02:02:40 2A324C44A1B2352EF5F2E1C8984935C0 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-03-14 02:02:40 180D098704551DE37C6299AA888D6821 1103872 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-03-14 02:02:40 15CF0E37F2B406BDE06CBA4F507B25DE 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-03-14 02:02:39 C798EB903A4FA90D2961E164518090C5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-03-14 02:02:39 03728C624D05C2F157BBD46F6B7F6EA0 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-03-14 02:02:38 73BDB1C0801D44BEA5F6749FD340CC0F 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-03-14 02:02:38 69F42E40A0C4344939437D86A8893DA6 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-03-14 02:02:38 6428A1B56B4F426F35A029231FF0BB1E 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-03-14 02:02:38 1895402C57C32BF8281E8F6C65522253 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-03-14 02:02:37 263963D93A3CA8F685EFA5966F1E6581 12321792 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-03-14 02:02:35 D3EAB9BCB2B92EFCA615781C215644C0 9738240 ----a-w- C:\Windows\SysWOW64\ieframe.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\Sysnative\bootdelete.exe
2013-03-21 17:21:11 0327055BD9661F6BBEA18EBE4E9FDEF3 276 ----a-w- C:\Windows\Sysnative\bootdelete.lst
2013-03-14 02:02:42 E532E71207987BE22BEEE1F1F7E5B371 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-03-14 02:02:42 315BD7958BD33C71442A7383BBAD2237 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-03-14 02:02:40 FF1AAEDD4A1A0FC3C5ED66B4EE0B254A 1346048 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-03-14 02:02:40 F5F7A06D538619CB3B8081DF766F1D39 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-03-14 02:02:40 ACFA7C9F9DBAE8143598F23C3DE8934A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-03-14 02:02:40 6BE16F52FAFFCD4BC628C6AE95C0B887 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-03-14 02:02:39 FA274190682AA41A46B285208ED46A74 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-03-14 02:02:39 D845B455663AE3B4AEB153D9B2E6A4C3 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-03-14 02:02:39 406533EADD808A7A9B5A022F298C6841 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-03-14 02:02:39 0A1BB8FF664EA24C2679B70F731A6F7A 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-03-14 02:02:38 B9996038ABB1664E49DE171AD14DE275 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-03-14 02:02:38 A54A16DAE7497CDCB8C5A021C0F6FEB8 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-03-14 02:02:38 7784649104ED574EC129C3282F54E846 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-03-14 02:02:38 0E92BD6EBE215FA80288AFA7996A622B 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-03-14 02:02:35 E829C45F0D77852C43BE99C4B1BD215D 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-03-14 02:02:35 460723A080D6F22E56D45BC8C1F15B2A 17815040 ----a-w- C:\Windows\Sysnative\mshtml.dll
====== C:\Windows\Sysnative\drivers =====
2013-03-20 21:05:27 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-03-21 17:13:56 -------- d-----w- C:\Program Files\HitmanPro
2013-03-18 05:45:50 -------- d-----w- C:\Program Files\Common Files\INCA Shared
======= C:\Program Files (x86) =====
2013-03-21 17:24:18 -------- d-----w- C:\Program Files (x86)\Trend Micro
2013-03-18 18:26:31 -------- d-----w- C:\Program Files (x86)\WEBZEN
2013-03-18 02:56:46 -------- d-----w- C:\Program Files (x86)\NCSoft
2013-03-18 00:47:02 -------- d-----w- C:\Program Files (x86)\Smart PC Cleaner
======= C: =====
====== C:\Users\robin\AppData\Roaming ======
2013-03-19 17:20:01 -------- d-----w- C:\users\robin\AppData\Roaming\InstallShield
2013-03-18 17:30:50 -------- d-----w- C:\users\robin\AppData\Local\Aeria Games
2013-03-18 17:18:14 -------- d-----w- C:\users\robin\AppData\Local\Akamai
2013-03-18 00:47:06 -------- d-----w- C:\users\robin\AppData\Local\Programs
2013-03-18 00:16:27 -------- d-----w- C:\users\robin\AppData\Roaming\TuneUp Software
====== C:\Users\robin ======
2013-03-21 17:11:48 -------- d-----w- C:\ProgramData\HitmanPro
2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\Profiles
2013-03-19 00:33:39 -------- d-----w- C:\Users\robin\bin
2013-03-18 18:26:09 -------- d-----w- C:\ProgramData\WEBZEN
2013-03-18 17:29:55 -------- d-----w- C:\ProgramData\Aeria Games
2013-03-18 00:47:14 -------- d-----w- C:\ProgramData\Computer Updater
2013-03-17 22:57:48 -------- d-----w- C:\Users\robin\.swt
====== C: exe-files ==
2013-03-21 17:21:11 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2013-03-21 17:13:56 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Program Files\HitmanPro\HitmanPro.exe
2013-03-21 17:12:58 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64 (1).exe
2013-03-21 17:11:54 637A86CE9F7F276EFA56092E0CBACB82 9565552 ----a-w- C:\Users\robin\Downloads\HitmanPro_x64.exe
2013-03-21 17:11:40 79060AAD779E5650EF8D02616E1769A1 8790920 ----a-w- C:\Users\robin\Downloads\HitmanPro.exe
2013-03-21 16:17:31 EE2E7C607CEA49133781AD5BB8282BA2 10570224 ----a-w- C:\gPotato.eu\Allods Online\bin\Launcher.exe
2013-03-21 16:15:58 95C3FF4918A5A07BE3BE504FA741D724 18117104 ----a-w- C:\gPotato.eu\Allods Online\bin\AOgame.exe
2013-03-21 16:14:37 E0562532FC9C70A57C39C516D30573F1 522208 ----a-w- C:\gPotato.eu\Allods Online\bin\protect.exe
2013-03-21 16:13:13 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\Patches\Patch_AllodsOnline_en_4.0.00.63_4.0.00.67_.patch\SyncVersion.exe
2013-03-19 17:20:25 FC356A72FEAEA5D80F312604651D711F 43304 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
2013-03-19 17:20:25 E9D4DE46A45E865F3D7FBBC972571531 257024 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NC.Bootstrap.exe
2013-03-19 17:20:25 776C76D2D42CFFA3D4650E99DEDC3EEA 1126400 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\XDelta.exe
2013-03-19 17:20:25 50AE228A68AF39A6B57FA931ACECAB3C 30576 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\NCAccess.exe
2013-03-19 17:20:25 4F6878FC7BEDCF90D6EB116AAE0AFBE4 3468584 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\_Launcher.exe
2013-03-19 17:20:24 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}\setup.exe
2013-03-19 17:20:24 35FEAD5D5287E6C111BB9C7FD94CDB7E 22008 ----a-w- C:\Program Files (x86)\NCSoft\Launcher\AllowFoldersToBeUpdated.exe
2013-03-19 01:11:50 682643D75B1FD61EA790B7ADE1A2CF46 436072 ----a-w- C:\gPotato.eu\Allods Online\Mods\protect.exe
2013-03-19 01:08:57 F0938B075106C09DCFE116F8533C911F 57344 ----a-w- C:\gPotato.eu\Allods Online\Mods\UITextureConvertEditor.exe
2013-03-19 00:34:42 52EA16D347630022056B5EA438CF6E9B 15902208 ----a-w- C:\Users\robin\Desktop\repair.exe
2013-03-19 00:33:39 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\Users\robin\bin\Launcher.exe
2013-03-19 00:17:03 1A80D9D23C10EE806969373891625234 10570224 ----a-w- C:\gPotato.eu\Allods Online\Patches\Launcher\Launcher.exe
2013-03-19 00:13:54 DC4AAD2E23AEDA30FC35A143111B99FD 8744432 ----a-w- C:\gPotato.eu\Allods Online\bin\SyncVersion.exe
2013-03-19 00:13:52 313E12B63831FF30858C1329A4C8BF26 453432 ----a-w- C:\gPotato.eu\Allods Online\bin\AwesomiumProcess.exe
2013-03-19 00:13:08 71419860275321D5BE5D3E2ACE91A6B4 356432 ----a-w- C:\Users\robin\Desktop\4.0.00.63_Installer\Europe\UsingCAB\setup.exe
2013-03-18 23:35:39 6B7BE7519BBB3CE1DF7D462DF25AC056 357072 ----a-w- C:\Users\robin\Downloads\setup.exe
2013-03-18 23:06:21 6B1C3B805DE40EB0BFA9227DA07C98E9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IJ897CX.exe
2013-03-18 23:06:03 07472F9894F154A22A6039A4D146E800 52832 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RJ897CX.exe
2013-03-18 23:03:45 FBAB280D0CAC5E21C72F0A1A7B5B9608 455600 ----a-w- C:\Users\robin\AppData\Local\Temp\_isECED.exe
2013-03-18 22:21:52 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader (1).exe
2013-03-18 22:21:23 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\Users\robin\Downloads\Allods_Downloader.exe
2013-03-18 22:19:25 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN (1).exe
2013-03-18 22:19:08 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\Users\robin\Downloads\Allods_EN.exe
2013-03-18 22:10:13 E4D7D418A28217A5600B56D569CC43C9 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I914ZT9.exe
2013-03-18 22:10:13 B36F01D47BD4EA35A437E9D1A8E56D05 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IG1EVO2.exe
2013-03-18 22:10:13 700C4D09D6279052C61E7B56EE344855 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IYZG0HJ.exe
2013-03-18 22:10:13 5AF0776A89816FB10157CF5B4D976570 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IXHJ992.exe
2013-03-18 22:10:13 4B4AE36B9EEC78977CC7F2B2DB290AC8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I5JNTKE.exe
2013-03-18 22:10:13 2FBEE6078063EDE26D10B152B174326A 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IX6BIHB.exe
2013-03-18 22:08:57 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RG1EVO2.exe
2013-03-18 22:01:45 E020A3976D16E1F2A8069594858087C8 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQJ7LUT.exe
2013-03-18 22:01:45 AC65A53BB90940109F9766FD86833934 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IZJK9KD.exe
2013-03-18 22:01:45 A475A61BCE820EE9DF95612DA94CAC99 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IQCTZSG.exe
2013-03-18 22:01:45 61D92262779C9B93C80FE2EB74C38DD5 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IABHSHK.exe
2013-03-18 22:01:45 5990C9386F30B9B8718C51B7506E0FBB 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IBTIBUK.exe
2013-03-18 22:01:45 3FA22321062DF55B1FFD6C166F8D7A78 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIGXSNV.exe
2013-03-18 22:01:45 249C75DEE13ECBE399865E82FC32DA49 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I46J528.exe
2013-03-18 22:01:45 0D5EB6EDE52DA1BEB81F858CFC8EAE69 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$I07JNGH.exe
2013-03-18 21:28:41 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R5JNTKE.exe
2013-03-18 20:58:13 47369AA599CF7DA579C5229CCC6CD548 695128 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RX6BIHB.exe
2013-03-18 20:55:06 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RXHJ992.exe
2013-03-18 20:53:03 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RYZG0HJ.exe
2013-03-18 20:51:30 E53D24956C2F58369A4EB0E6C93BD50C 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IFFT6G8.exe
2013-03-18 20:22:05 4B6CAB775AA5D81274063B5555A3735E 696368 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R914ZT9.exe
2013-03-18 18:46:24 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RFFT6G8.exe
2013-03-18 18:43:16 216B6D2E2C14269EA8E66968F13517B7 533670 ----a-w- C:\Users\robin\Downloads\GP_Archlord_120927\ArchLord_Install_Global.exe
2013-03-18 18:26:32 88B0E7B40936A6C2E797F51307C5DC29 382000 ----a-w- C:\ProgramData\WEBZEN\BrowserPlugIns\CMStarterCore.exe
2013-03-18 18:26:31 BC49243557991AC42FCC01B8E3BB05D2 393216 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{95723791-2C44-454B-9220-C65D47D70E9C}\setup.exe
2013-03-18 18:25:36 3AC2E42844457F045A49613335CF8A93 2988376 ----a-w- C:\Users\robin\Downloads\WebzenBrowserExt.exe
2013-03-18 17:18:45 EC36905F2BF48A04478352A904940423 1502532270 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304sfx.exe
2013-03-18 17:18:45 9885ABD427DD3D4365AAB6FD2408C443 3555040 ----a-w- C:\AeriaGames\Downloader\aeria_ignite_install.exe
2013-03-18 17:18:43 D84C7A57E1CF45B6679C96AFDD219301 325936 ----a-w- C:\AeriaGames\Downloader\shaiya_us_installer_20130304.exe
2013-03-18 17:18:28 BCA477D7BF9EAF28656D4CD00749F7CD 4415736 ----a-w- C:\Users\robin\AppData\Local\Akamai\ControlPanel.exe
2013-03-18 17:18:18 495199CEAF9A4898499489DA7520FCDE 10027032 ----a-w- C:\Users\robin\AppData\Local\Akamai\netsession_installer.exe
2013-03-18 17:18:08 8732D16C1CAFE03844AEEC3C8B0B9EAD 471648 ----a-w- C:\Users\robin\Downloads\shaiya_us_downloader.exe
2013-03-18 16:45:22 22A5EC63B21858CFF6FF1CF24B63361C 750052485 ----a-w- C:\Users\robin\Downloads\AIKA_Setup_20130305.exe
2013-03-18 02:55:46 C0C9753E961614DC9F6C668E11D462BE 6523640 ----a-w- C:\Users\robin\Downloads\NCsoftLauncherSetup.exe
2013-03-18 02:48:06 5EB6B55DD94165E0E2ECBB4DD762B56B 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IIJN1T8.exe
2013-03-18 02:32:09 FAD9EC5660BBD7C1FD48B2ED8999F582 4517472 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\launcher\-gup-\jadeloadern.exe
2013-03-18 02:30:27 9C696DE81A6C41012248B274085CA5AC 289687 ----a-w- C:\Perfect World Entertainment\Jade Dynasty\patcher\skin\image\patcher\patcher.exe
2013-03-18 01:18:53 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\uninstall.exe
2013-03-18 01:18:04 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\Users\robin\Documents\My Downloads\FW_EN_Installer_0.331.0\install.exe
2013-03-18 01:09:14 E2934E1222D095642AADD6C0EDF4457F 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$IC44ON1.exe
2013-03-18 01:07:42 EB8A9ABDFF6422B9B65750AC05CC3C67 397312 ----a-w- C:\Users\robin\AppData\Local\Temp\59581uninstall.exe
2013-03-18 00:47:02 5C98730B1E4BDBE19D8C5F9D86E74973 214992 ----a-w- C:\Program Files (x86)\Smart PC Cleaner\Startw3i.exe
2013-03-18 00:45:55 3217E030A7AA0ED2B2BAFEAAD4E8A3A0 1649344 ----a-w- C:\Users\robin\Downloads\FinalTorrent2012Setup.exe
2013-03-18 00:37:20 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1643.exe
2013-03-18 00:37:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall14899.exe
2013-03-18 00:32:31 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RABHSHK.exe
2013-03-18 00:28:30 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQCTZSG.exe
2013-03-18 00:28:23 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RZJK9KD.exe
2013-03-18 00:26:25 CBA39F0EC78EEB67F1CFB13A2E359C57 3064808 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RBTIBUK.exe
2013-03-18 00:11:13 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R07JNGH.exe
2013-03-18 00:10:27 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RIGXSNV.exe
2013-03-17 23:56:52 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall1144.exe
2013-03-17 23:56:47 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\Users\robin\AppData\Local\Temp\uninstall16288.exe
2013-03-17 23:42:23 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RQJ7LUT.exe
2013-03-17 22:58:14 F6C681AC7FD27F3DE0E3F3EFADF42E95 1239552 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\install.exe
2013-03-17 22:58:14 180C9FE03C9B229B1E5167BC43297C6A 270336 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$RL0MDQ8.0\uninstall.exe
2013-03-17 22:57:10 06CCF8D1A19411B009ECCCB14DA4F191 3080192 ----a-w- C:\$Recycle.Bin\S-1-5-21-2864857089-3384620632-1191010466-1001\$R46J528.exe
2013-03-16 11:39:53 609A3D40DE06CDD3A17B4D5D6E7AA279 1502560 ----a-w- C:\Users\robin\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\25.0.1364.172\25.0.1364.172_25.0.1364.152_chrome_updater.exe
=== C: other files ==
2013-03-19 00:13:54 37C2C5AEDD2F2BA4A076D474B3FD1BFD 3651080 ----a-w- C:\gPotato.eu\Allods Online\data\Mods\Docs\ModdingDocuments.zip
2013-03-18 23:03:16 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{012D6546-A8C8-45F1-9258-65590D307975}.bat
2013-03-18 17:27:20 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\robin\AppData\Local\Temp\{D752F0DB-4189-41A7-9F1B-0C55298C40F8}.bat
2013-03-18 16:44:29 23C513D4833724C563F7796FC154EE1E 30804 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174429.zip
2013-03-18 16:43:57 444CEFBA2C0D43D46C93995AF24A2FC5 38708 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174357.zip
2013-03-18 16:43:27 B05EF378F602749AA345445827C8D127 33050 ----a-w- C:\Users\robin\AppData\Local\Temp\Pando_WinCrash_031813_174327.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler"
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"
"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"
"Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe -r C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
"ASUSPRP"="C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
"ASUSWebStorage"="C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S"
"ATKOSD2"="C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"ATKMEDIA"="C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"HControlUser"="C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"Wireless Console 3"="C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"UpdateLBPShortCut"="C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\LabelPrint UpdateWithCreateOnce Software\CyberLink\LabelPrint\2.5"
"UpdateP2GoShortCut"="C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe C:\Program Files (x86)\CyberLink\Power2Go UpdateWithCreateOnce SOFTWARE\CyberLink\Power2Go\6.0"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"AVG_TRAY"="C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
"vProt"="C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"ASUS Screen Saver Protector"="C:\Windows\AsScrPro.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe /c"
"Syncables"="C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
"KiesHelper"="C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s"
"KiesPDLR"="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"EPSON19C2FA (Epson Stylus SX420W)"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SE8A9.tmp /EF HKCU"
"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_S56D.tmp /EF HKCU"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"NCsoft Launcher"="C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized"
"Akamai NetSession Interface"="C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 "
"AmIcoSinglun64"="C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"SynAsusAcpi"="%ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe "
==== Startup Folders ======================
2011-04-13 02:49:43 2062 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
2012-10-20 14:05:57 848 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SetPointII.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\AutoKMSDaily.job --a------ C:\Windows\AutoKMS.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001Core.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2864857089-3384620632-1191010466-1001UA.job --a------ C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe [04/01/2012 15:02]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]
bkomkajifikmkfnjgphkjcfeepbnojok - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]
dhkplhfnhceodhffomolpfigojocbpcb - C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx[]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\ProgramData\AVG Secure Search\ChromeExt\14.2.0.1\avg.crx[18/02/2013 23:13]
niapdbllcanepiiimjjndipklodoedlc - C:\Program Files (x86)\Yontoo\YontooLayers.crx[]
pgafcinpmmpklohkojmllohd****efph - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx[]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjciahceamgodcoidkjpchnokgfpphh - C:\Users\robin\AppData\Local\funmoods.crx[]
cjpglkicenollcignonpgiafdgfeehoj - C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx[]
Funmoods - robin - Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
PriceGong - robin - Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok
New Tab - robin - Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
==== Chrome Fix ======================
C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully
C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzuyByEtB0FyCzz0DtA0D0F0D0E0D0B0BtDtN0D0Tzu0CtAtCyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1304550728"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{35F54DFA-9BA6-A5F8-7509-102794E0C91A} AVG Secure Search Url="https://isearch.avg.com/search?cid={3571B91F-00F3-445F-90B1-23010F2B643F}&mid=060a13a6465a47d1b57f854de0d1e797-9fce1abf496bcc088b96d1054144cc7e07d5cee6〈=nl&ds=AVG&pr=fr&d=2012-08-03"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_USERS\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\robin\Desktop\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\Desktop\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\UpdatusUser\Desktop\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe
C:\Users\Public\Desktop\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\Users\Public\Desktop\HitmanPro.lnk - C:\Program Files (x86)\HitmanPro\HitmanPro.exe
C:\Users\Public\Desktop\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
==== shortcuts in Users Start Menu ======================
C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\robin\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AikaOnline\AikaOnline.lnk - C:\T3fun\AikaOnline\AIKALauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG 2012.lnk - C:\Program Files (x86)\AVG\AVG2012\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online Website.lnk - C:\gPotato.eu\Allods Online\Allods Online.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Allods Online.lnk - C:\gPotato.eu\Allods Online\bin\Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Register.lnk - C:\gPotato.eu\Allods Online\Register.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\gPotato.eu\Allods Online\Remove Allods Online.lnk - C:\gPotato.eu\Allods Online\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCsoft\NCsoft Launcher.lnk - C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment\Forsaken World\Forsaken World.lnk - C:\Perfect World Entertainment\Forsaken World\patcher.exe
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="<local>"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj deleted successfully
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\robin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6 will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR will be deleted at reboot
C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\users\robin\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\robin\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.settings" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\ProgramData\Browser Manager" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3Z93H3DJ" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8JHI8BE4" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JI2O5H19" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KCT5C738" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R5XY3CE6" not found
"C:\Users\robin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V3NXHGLR" not found
Alvast bedankt
-
Ik heb hetzelfde probleem , als ik mijn documenten ofzo wil openen komt er op ' windows verkenner werkt niet meer' Deze word dan afgesloten en opnieuw opgestart, en zo gaat dat een aantal keer. Ik heb alles hierboven gelezen en heb de 2 logjes al gemaakt:
Hitman:
HitmanPro 3.7.2.190 www.hitmanpro.com Computer name . . . . : ROBIN-PC Windows . . . . . . . : 6.1.1.7601.X64/8 User name . . . . . . : robin-PC\robin UAC . . . . . . . . . : Enabled License . . . . . . . : Trial (30 days left) Scan date . . . . . . : 2013-03-21 18:13:57 Scan mode . . . . . . : Normal Scan duration . . . . : 6m 28s Disk access mode . . : Direct disk access (SRB) Cloud . . . . . . . . : Internet Reboot . . . . . . . : No Threats . . . . . . . : 2 Traces . . . . . . . : 403 Objects scanned . . . : 1.520.864 Files scanned . . . . : 33.988 Remnants scanned . . : 441.914 files / 1.044.962 keys Malware _____________________________________________________________________ C:\Users\robin\Downloads\DownloadManagerSetup.exe -> Deleted Size . . . . . . . : 1.115.544 bytes Age . . . . . . . : 106.7 days (2012-12-05 01:22:05) Entropy . . . . . : 6.8 SHA-256 . . . . . : 0549C54DBE2F1A671046DD883BF2DD94C4E6A6B4458E2D412A21812A72243062 > G Data . . . . . . : Gen:Variant.Graftor.73061 (Engine A) > Ikarus . . . . . . : AdWare.SuspectCRC!IK Fuzzy . . . . . . : 106.0 C:\Users\robin\Downloads\PDFCreatorSetup.exe -> Quarantined Size . . . . . . . : 561.160 bytes Age . . . . . . . : 429.0 days (2012-01-17 18:48:29) Entropy . . . . . : 7.9 SHA-256 . . . . . : 58B5EB841EF73D9F4BAA5C3C612054C150D7DD2F00AC79A507AD8E77ABFAFFA6 RSA Key Size . . . : 2048 Authenticode . . . : Self-signed > G Data . . . . . . : Gen:Variant.Application.InstallCore.1 (Engine A) Fuzzy . . . . . . : 117.0 Suspicious files ____________________________________________________________ C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe Size . . . . . . . : 10.570.224 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:49:56) Entropy . . . . . : 7.4 SHA-256 . . . . . : 79F24008F237E01DEDF4D4A74F272937A56D2B3733C6D6523AC8EC915D8CB448 Product . . . . . : Allods Online EU EN Publisher . . . . : © 2011 Allods Team, Mail.Ru Games Description . . . : Allods Online. Update system. Version . . . . . : 4.0.0.67 Copyright . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/> RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 25.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Time indicates that the file appeared recently on this computer. Authors name is missing in version info. This is not common to most programs. Forensic Cluster -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\ -1.3s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent -1.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ 0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe 7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll 9.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll 12.6s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll 12.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll 13.4s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll 16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version 16.8s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll Size . . . . . . . : 4.422.992 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:50:03) Entropy . . . . . : 5.2 SHA-256 . . . . . : 9022B710AC31D9697656623E0FBFC15D85EA603F22296671AB7F58041FC0D62F Product . . . . . : Microsoft® Visual Studio® 10 Publisher . . . . : Microsoft Corporation Description . . . : MFCDLL Shared Library - Retail Version Version . . . . . : 10.00.40219.325 Copyright . . . . : © Microsoft Corporation. All rights reserved. RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 22.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Time indicates that the file appeared recently on this computer. Forensic Cluster -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\ -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher.torrent -8.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ -7.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\Launcher.exe 0.0s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\mfc100u.dll 1.5s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libexpatw.dll 4.9s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcp100.dll 5.2s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\msvcr100.dll 5.7s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\ssleay32.dll 9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\game.version 9.1s C:\Users\robin\AppData\Local\Temp\LAU1DED.tmp\Launcher\libeay32.dll C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe Size . . . . . . . : 10.570.224 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:40:52) Entropy . . . . . : 5.9 SHA-256 . . . . . : 7E008347D34B45ECD104E58BF82DD02C8AAECA3FA68267B5B75768829F3C7C00 Product . . . . . : Allods Online EU EN Publisher . . . . : © 2011 Allods Team, Mail.Ru Games Description . . . : Allods Online. Update system. Version . . . . . : 4.0.0.67 Copyright . . . . : © 2011 Allods Team, Mail.Ru Games. All rights reserved. Powered by Mail.Ru <http://www.mail.ru/> RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 23.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Time indicates that the file appeared recently on this computer. Authors name is missing in version info. This is not common to most programs. Forensic Cluster -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\ -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent -1.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ 0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe 2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll 2.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll 3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll 3.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll 3.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll 5.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll 5.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll 13.2s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll Size . . . . . . . : 4.422.992 bytes Age . . . . . . . : 2.7 days (2013-03-19 01:40:54) Entropy . . . . . : 3.8 SHA-256 . . . . . : A8CF1635FCA88FFA01EBF14C6B307601A5C34837C8C0C211B81D2E01F45CA68D Product . . . . . : Microsoft® Visual Studio® 10 Publisher . . . . : Microsoft Corporation Description . . . : MFCDLL Shared Library - Retail Version Version . . . . . : 10.00.40219.325 Copyright . . . . : © Microsoft Corporation. All rights reserved. RSA Key Size . . . : 2048 Authenticode . . . : Invalid Fuzzy . . . . . . : 22.0 Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software. Time indicates that the file appeared recently on this computer. Forensic Cluster -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\ -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher.torrent -3.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ -2.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\Launcher.exe 0.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\mfc100u.dll 0.3s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcp100.dll 0.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\msvcr100.dll 1.4s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\ssleay32.dll 1.6s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\zlib1.dll 2.7s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libeay32.dll 3.0s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\libexpatw.dll 10.9s C:\Users\robin\AppData\Local\Temp\LAUD23E.tmp\Launcher\game.version C:\Windows\SysWOW64\GameMon.des Size . . . . . . . : 4.702.568 bytes Age . . . . . . . : 3.5 days (2013-03-18 06:46:25) Entropy . . . . . : 7.9 SHA-256 . . . . . : 05312FF57D5FB500E5C14669A4409840F25BB524731C75F5F220744F4B687460 Product . . . . . : nProtect Game Monitor Publisher . . . . : INCA Internet Co., Ltd. Description . . . : nProtect Game Monitor Rev 1909 Version . . . . . : 2012.10.25.1 Copyright . . . . : Copyright ⓒ 2000-2011 INCA Internet Service . . . . . : npggsvc Fuzzy . . . . . . : 31.0 The file name extension of this program is not common. Starts automatically as a service during system bootup. Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs. Time indicates that the file appeared recently on this computer. The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities. Startup HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\ Forensic Cluster -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgl.erl -36.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgl.erl -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgg.erl -35.8s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg.erl -35.7s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.ver -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Lineage2us.ini -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.des -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgmup.erl -35.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgmup.erl -35.4s C:\Program Files\Common Files\INCA Shared\ -35.4s C:\Program Files\Common Files\INCA Shared\OnlineEngine\ -14.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameMon.des -14.1s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgg9x.des -12.6s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.des -12.4s C:\Windows\SysWOW64\nppt9x.vxd -11.9s C:\Windows\SysWOW64\npptNT2.sys -11.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\Splash.jpg -8.9s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggscan.des -8.3s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\ggerror.des -6.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\GameGuard.des -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npgm.erl -5.5s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npgm.erl 0.0s C:\Windows\SysWOW64\GameMon.des 3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\0npsc.erl 3.0s C:\Program Files (x86)\NCSoft\Lineage II\System\GameGuard\npsc.erl Potential Unwanted Programs _________________________________________________ C:\Program Files (x86)\BabylonToolbar\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarApp.dll (Babylon) Size . . . . . . . : 333.824 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:10) Entropy . . . . . : 6.3 SHA-256 . . . . . : D309E2C318742254C950EAD3C53FA2B2A35BFBD019371CA79EC6C2159650C520 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarEng.dll (Babylon) Size . . . . . . . : 546.816 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 6.4 SHA-256 . . . . . : C177A19D6A6E7CEF31A97332F09FE7B9A7B9B1B3672A8BA78588584C38D33C03 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarsrv.exe (Babylon) Size . . . . . . . : 368.640 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 6.3 SHA-256 . . . . . : EB45B35335FD017B270D4540ECF54CD222C6008A86D4368372CF1AF2E8B72243 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\BabylonToolbarTlbr.dll (Babylon) Size . . . . . . . : 256.000 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 6.3 SHA-256 . . . . . : 10C5F609A94F6CD865E541C3D05AA5D1E971EF4B74BF6CF10388181741E50B16 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\bh\BabylonToolbar.dll (Babylon) Size . . . . . . . : 240.640 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:10) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9618A5E352853748D42AC2980C55B51C5146A94EDC8D14A293432A7BFA9C53FA Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon BHO Description Version . . . . . : 1.5.29.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\escortShld.dll (Babylon) Size . . . . . . . : 58.880 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 5.6 SHA-256 . . . . . : 00489A8E6828E7F11E37CBCF5A97F43AD45908655426790F602AB60496136341 Fuzzy . . . . . . : 6.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.29.1\uninstall.exe (Babylon) Size . . . . . . . : 200.914 bytes Age . . . . . . . : 240.8 days (2012-07-23 23:49:11) Entropy . . . . . : 7.9 SHA-256 . . . . . : 11491E5936388AFEAD34FB739426B206ED17E93150769289A6DCD3F2DD7F3271 Product . . . . . : ${PRDCT_DSP} Publisher . . . . : BabylonToolbar Version . . . . . : 1.5.29.1 Fuzzy . . . . . . : 8.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarApp.dll (Babylon) Size . . . . . . . : 308.736 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.3 SHA-256 . . . . . : ADD621CD1EC5A282E07CFA41250B52EE820D8A89C0A819E82557897089FD712B Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarEng.dll (Babylon) Size . . . . . . . : 579.584 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.4 SHA-256 . . . . . : AC4E68C20B4F64B1546F7B55AFBB32DED38D0CF0337CE4742E1D0CBDB15A5BC6 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarsrv.exe (Babylon) Size . . . . . . . : 374.784 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.3 SHA-256 . . . . . : 47C8F3A5AC427F18C545CDA027257C38BDAEAED2CBD49518838FEEF6592E7D52 Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll (Babylon) Size . . . . . . . : 314.368 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.4 SHA-256 . . . . . : 21275C775E5E93EEBE3F6E803E73054653426F283423578141D3F57F1AD6A33C Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon Ltd. Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Fuzzy . . . . . . : 0.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\ (Babylon) C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll (Babylon) Size . . . . . . . : 242.176 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 6.3 SHA-256 . . . . . : F85834893853C11B10425403A6938675446692445695B5F87C39A6A762E9851C Product . . . . . : Babylon Toolbar Publisher . . . . : Babylon BHO Description Version . . . . . : 1.8.3.0 Copyright . . . . : (c) Babylon Ltd. All rights reserved. Gossip . . . . . . : (x86) Fuzzy . . . . . . : 2.0 Startup HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ References HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr.1\ HKLM\SOFTWARE\Wow6432Node\Classes\bbylntlbr.bbylntlbrHlpr\ HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\ HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4a99-B4B6-146BF802613B}\ C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\escortShld.dll (Babylon) Size . . . . . . . : 58.880 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 5.6 SHA-256 . . . . . : 8B38150889A505698CEE1255D5B12C9E6C98CC084319A8BE8895B22C726094C3 Fuzzy . . . . . . : 6.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe (Babylon) Size . . . . . . . : 340.632 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:24) Entropy . . . . . : 6.3 SHA-256 . . . . . : 271FA432566E331545A31BF6AF149897CE5EB70E0A3F4FBEFA355E6986BE5294 Product . . . . . : Uninstaller Publisher . . . . : Babylon Ltd. Description . . . : Uninstaller Application Version . . . . . : 9.0.6.15 Copyright . . . . : Copyright © Babylon Ltd. 1997-2012 RSA Key Size . . . : 2048 Authenticode . . . : Valid Fuzzy . . . . . . : -7.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\uninstall.exe (Babylon) Size . . . . . . . : 203.616 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:20) Entropy . . . . . : 7.9 SHA-256 . . . . . : 9934FFDBE0630FB072A603BE60CDDC43CAD16AC1C8209291DFD2643A7082B695 Product . . . . . : ${PRDCT_DSP} Publisher . . . . : BabylonToolbar Version . . . . . : 1.8.3.8 Fuzzy . . . . . . : 8.0 C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\BabylonTB.xpi (Babylon) C:\Program Files (x86)\Funmoods\ (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\ (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\bh\ (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll (Funmoods) Size . . . . . . . : 243.664 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.3 SHA-256 . . . . . : 28DB84D7AB96A9C4ECF008B812A78D914BCA89850AD75E33FDBF3BE43C09129A Product . . . . . : Funmoods Publisher . . . . : Funmoods BHO Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -13.0 Startup HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ References HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr.1\ HKLM\SOFTWARE\Wow6432Node\Classes\funmoods.funmoodsHlpr\ HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}\ HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ C:\Program Files (x86)\Funmoods\1.5.23.22\escortApp.dll (Funmoods) Size . . . . . . . : 338.384 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.4 SHA-256 . . . . . : A7533C3D5F698AF138D64F0D77F4680A56878BD421ACAA810C8D685F61232B80 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\escortEng.dll (Funmoods) Size . . . . . . . : 551.888 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.4 SHA-256 . . . . . : 78DB11A88A4F49304980D8FE2F6B13FDA74E1A67515BF0915DF3435B9497E71A Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll (Funmoods) Size . . . . . . . : 251.856 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.3 SHA-256 . . . . . : BAC85636258261878970E711F8F7DBFD3AD01997BAB124A14CF7DCB376152AAE Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\escortShld.dll (Funmoods) Size . . . . . . . : 64.464 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 5.9 SHA-256 . . . . . : 5C0BC2F9A2BED296F4E76E834C091B7F62E9250A929F9EB4483D1264F8678F52 RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -9.0 C:\Program Files (x86)\Funmoods\1.5.23.22\FavIcon.ico (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\funmoodssrv.exe (Funmoods) Size . . . . . . . : 410.064 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.3 SHA-256 . . . . . : 783C77CF63113685A76DBA8163B19D6FF1394E79AC007FF5795CCBD485680939 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.23.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\1.5.23.22\Sqlite3.dll (Funmoods) Size . . . . . . . : 599.419 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.5 SHA-256 . . . . . : 3E5A28FFDE07AC661C26B6CCF94E64C1C90B1F25B3B24C90605AA922B87642EB Fuzzy . . . . . . : -2.0 C:\Program Files (x86)\Funmoods\1.5.23.22\uninst.dat (Funmoods) C:\Program Files (x86)\Funmoods\1.5.23.22\uninstall.exe (Funmoods) Size . . . . . . . : 397.312 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:43:57) Entropy . . . . . : 6.2 SHA-256 . . . . . : 9715DA68E2DD04EECD6A11233EA154D7BAE56B5613B68E670EE497DCE7F983C5 Product . . . . . : Setup© Publisher . . . . : Setup © Description . . . : Setup Version . . . . . : 2.2.0.344 Copyright . . . . : Fuzzy . . . . . . : -11.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\ (Funmoods) C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\ (Funmoods) C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\bh\funmoods.dll (Funmoods) Size . . . . . . . : 243.664 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.3 SHA-256 . . . . . : D11C298153EF7BFE88EDC082BF8BE03CF0681DAA22864D6A228E58BA9321EB6D Product . . . . . : Funmoods Publisher . . . . : Funmoods BHO Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\escortShld.dll (Funmoods) Size . . . . . . . : 64.464 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 5.9 SHA-256 . . . . . : 00C1673F3405E82CBA80E1AB03CF3C955C4BB52F4480F472BA5D1728DD177111 RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -9.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsApp.dll (Funmoods) Size . . . . . . . : 337.872 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.4 SHA-256 . . . . . : 65293818E9A72B09CF2EA293FDDD132FA0EBFA04D6BC5D2A56D06E909F2879C4 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsEng.dll (Funmoods) Size . . . . . . . : 550.352 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.4 SHA-256 . . . . . : AFF4B25637A43F303EE5E32A479677853CFC3E3E68AAD1A4B76AE1D33D042410 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsOEM.crx (Funmoods) C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodssrv.exe (Funmoods) Size . . . . . . . : 409.040 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.3 SHA-256 . . . . . : BE806BE8713C56753EB0B1D33126B62B5738FF98FD10CA5F1F20127198B958C8 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\funmoodsTlbr.dll (Funmoods) Size . . . . . . . : 251.344 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 6.3 SHA-256 . . . . . : C1CC903567551BFD219D075432618FF0571D61DE04EA38923BCD37BD32D70720 Product . . . . . : Funmoods Publisher . . . . : Funmoods Description Version . . . . . : 1.5.19.0 Copyright . . . . : (c) Funmoods.com. All rights reserved. RSA Key Size . . . : 4096 Authenticode . . . : Valid Fuzzy . . . . . . : -15.0 C:\Program Files (x86)\Funmoods\funmoods\1.5.19.3\uninstall.exe (Funmoods) Size . . . . . . . : 238.518 bytes Age . . . . . . . : 324.8 days (2012-04-30 22:48:54) Entropy . . . . . : 7.5 SHA-256 . . . . . : C669B52408A0163B16B40BC75D29421CBB33DC6D3C208A90B1892911B40DFCCA Product . . . . . : Funmoods Publisher . . . . : Funmoods Version . . . . . : 1.5.19.3 Fuzzy . . . . . . : -4.0 C:\Program Files (x86)\Yontoo\ (Yontoo) C:\Program Files (x86)\Yontoo\OptChrome.exe (Yontoo) Size . . . . . . . : 133.632 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:44:00) Entropy . . . . . : 6.4 SHA-256 . . . . . : 829D936424BF6598883B8913505942BBC64F739A2FCECA493CA1C5FD42A90B66 Fuzzy . . . . . . : 6.0 C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo) Size . . . . . . . : 194.928 bytes Age . . . . . . . : 130.1 days (2012-11-11 14:44:00) Entropy . . . . . : 6.3 SHA-256 . . . . . : 37A3A24A2F115AE7571086399C64A7335186F1AF67160B5D022519E454A69AE9 Product . . . . . : Yontoo Runtime Publisher . . . . : Yontoo LLC Description . . . : Yontoo Runtime Version . . . . . : 1.10.01 Copyright . . . . : Copyright (c) 2011 Yontoo LLC. All rights reserved. RSA Key Size . . . : 1024 Authenticode . . . : Valid Fuzzy . . . . . . : -5.0 Startup HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ References HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ HKLM\SOFTWARE\Wow6432Node\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers.1\ HKLM\SOFTWARE\Wow6432Node\Classes\YontooIEClient.Layers\ HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ C:\Program Files (x86)\Yontoo\YontooLayers.crx (Yontoo) C:\Users\robin\AppData\Local\funmoods-speeddial_sf.crx (Funmoods) C:\Users\robin\AppData\Local\funmoods.crx (Funmoods) C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (Claro) C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (Claro) C:\Users\robin\AppData\LocalLow\BabylonToolbar\ (Babylon) C:\Users\robin\AppData\Roaming\Babylon\ (Babylon) C:\Users\robin\AppData\Roaming\Babylon\log_file.txt (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BabylonChrome1.crx (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\CR\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 225.1 days (2012-08-08 14:43:56) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\FF\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:30) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\IE\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 130.2 days (2012-11-11 14:35:30) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\ (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BabyTBConf.ini (Babylon) C:\Users\robin\AppData\Roaming\BabylonToolbar\Shared\BUSolution.dll (Babylon) Size . . . . . . . : 531.968 bytes Age . . . . . . . : 225.1 days (2012-08-08 14:43:56) Entropy . . . . . : 6.3 SHA-256 . . . . . : 65D5F21046FB63A9C85ADC777F6F2F4E78DE3763BEF183E582DD2C341070ECED Product . . . . . : BU Dynamic Link Library Description . . . : BU Dynamic Link Library Version . . . . . : 2.0.0.4 Copyright . . . . : Copyright (C) 1997-2012 Fuzzy . . . . . . : -7.0 C:\Users\robin\AppData\Roaming\Funmoods\ (Funmoods) C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\ (Funmoods) C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\config.dat (Funmoods) C:\Users\robin\AppData\Roaming\Funmoods\UpdateProc\UpdateTask.exe (Funmoods) Size . . . . . . . : 94.720 bytes Age . . . . . . . : 22.7 days (2013-02-27 01:54:19) Entropy . . . . . : 6.5 SHA-256 . . . . . : 491E56FC62E891DD80A5321BB201577FD42BFFB11627F44220EA10D6CA3F0107 Fuzzy . . . . . . : 6.0 HKLM\SOFTWARE\Classes\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL\ (Yontoo) HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo) HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods) HKLM\SOFTWARE\Classes\b\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd.1\ (Babylon) HKLM\SOFTWARE\Classes\Babylon.dskBnd\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylnApp.appCore\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1\ (Babylon) HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr\ (Babylon) HKLM\SOFTWARE\Classes\escort.escortIEPane.1\ (Funmoods) HKLM\SOFTWARE\Classes\escort.escortIEPane\ (Funmoods) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1\ (Babylon) HKLM\SOFTWARE\Classes\esrv.BabylonESrvc\ (Babylon) HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1\ (Funmoods) HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc\ (Funmoods) HKLM\SOFTWARE\Classes\f\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.dskBnd.1\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.dskBnd\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1\ (Funmoods) HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr\ (Funmoods) HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1\ (Funmoods) HKLM\SOFTWARE\Classes\funmoodsApp.appCore\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo) HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo) HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods) HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon) HKLM\SOFTWARE\Classes\Prod.cap\ (Claro) HKLM\SOFTWARE\Classes\s\ (Softonic) HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo) HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escort.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortApp.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escortEng.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\escorTlbr.DLL\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\esrv.EXE\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\YontooIEClient.DLL\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{291BCCC1-6890-484a-89D3-318C928DAC1B}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{97F2FF5B-260C-4ccf-834A-2DDA4E29E39E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{99066096-8989-4612-841F-621A01D54AD7}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FE9271F2-6EFD-44b0-A826-84C829536E93}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}\ (Babylon) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}\ (Funmoods) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}\ (Yontoo) HKLM\SOFTWARE\Classes\Wow6432Node\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}\ (Funmoods) HKLM\SOFTWARE\Classes\YontooIEClient.Api.1\ (Yontoo) HKLM\SOFTWARE\Classes\YontooIEClient.Api\ (Yontoo) HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1\ (Yontoo) HKLM\SOFTWARE\Classes\YontooIEClient.Layers\ (Yontoo) HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods) HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\ (Claro) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{8D8654CD-7FBC-4C7E-84E9-371BFA8DB04E}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{9307081B-7444-494C-8CF6-2FA7C0E92BFB}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{9D9785E5-3424-40B6-A287-BA143AD53109}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{B6783DFA-B8C8-4CB6-AB9F-EF1A1F7F7AE8}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Components\{F5F971A9-DBF8-4EEC-81E3-5F1660573E6C}\ (Yontoo) HKLM\SOFTWARE\Tarma Installer\Products\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Babylon\ (Babylon) HKLM\SOFTWARE\Wow6432Node\BabylonToolbar\ (Babylon) HKLM\SOFTWARE\Wow6432Node\DataMngr\ (SearchQU) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohd****efph\ (Claro) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar\ (Babylon) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\funmoods\ (Funmoods) HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}\ (Claro) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\BabylonToolbar\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr\ (SearchQU) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\DataMngr_Toolbar\ (SearchQU) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Funmoods\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{2EECD738-5844-4A99-B4B6-146BF802613B} (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\Main\bProtector Start Page (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}\ (Babylon) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}\ (Funmoods) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}\ (Yontoo) HKU\S-1-5-21-2864857089-3384620632-1191010466-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}\ (Yontoo) Cookies _____________________________________________________________________ C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:123sexmatch.be C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:247realmedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad-emea.doubleclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.360yield.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adc-serv.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adperium.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.adserver01.de C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.mlnadvertising.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.nl C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.yieldmanager.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ad.zanox.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adbrite.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adlegend.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.ad4game.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.as4x.tmcs.ticketmaster.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.crakmedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.creative-serving.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.glispa.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.inhabitat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.intergi.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.mail3x.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.movielush.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.p161.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pixfuture.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.publicidad.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.pubmatic.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ads.trafficjunky.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adreactor.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.adtechus.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adserver.zenoviaexchange.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtech.de C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adtechus.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adultfriendfinder.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:advertising.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:adviva.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ar.atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:at.atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:avgtechnologies.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:be.sitestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:bs.serving-sys.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:burstnet.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:c1.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:casalemedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clicksor.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmedbelgique.solution.weborama.fr C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:clubmednl.solution.weborama.fr C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:collective-media.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:doubleclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:eas.apm.emediate.eu C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:engine.phn.doublepimp.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ero-advertising.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:exoclick.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fastclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:fl01.ct2.comclick.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:getclicky.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:h.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:in.getclicky.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:interclick.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:invitemedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kaspersky.122.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:kontera.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:linksynergy.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livejasmin.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:livenation.122.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:media6degrees.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mediaplex.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:microsoftsto.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:mm.chitika.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:msnportal.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:nl.sitestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:openx.sexsearchcom.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:overture.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:partypoker.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hub.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:****hubcam.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:pubads.g.doubleclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:questionmarket.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:realmedia.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:revsci.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:ru4.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:server.cpmstar.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:serving-sys.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexad.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexdatingamateur.be C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexefriend.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:sexychicks4youn0w.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:smartadserver.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:specificclick.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:spylog.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stat.onestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statcounter.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:static.getclicky.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:statse.webtrendslive.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:stepstone.112.2o7.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:streamate.doublepimp.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tacoda.at.atwola.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.adform.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.hubrus.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.solocpm.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:track.zalando.be C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tradedoubler.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:tribalfusion.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:uk.sitestat.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:view.atdmt.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:weborama.fr C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:wt.socialsex.biz C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.belstat.nl C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.googleadservices.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.****hub.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.sexefriend.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.socialsex.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www.you****.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:www4.smartadserver.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:xiti.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yadro.ru C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:yieldmanager.net C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:you****.com C:\Users\robin\AppData\Local\Google\Chrome\User Data\Default\Cookies:zedo.com C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\2F8KSW7R.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\5O2TP21U.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\CNASHRJV.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\MARL94OR.txt C:\Users\robin\AppData\Roaming\Microsoft\Windows\Cookies\U2S53DK7.txt
Hijack This:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:29:49, on 21/03/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16470)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\robin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Funmoods Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PriceGong - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.11\PriceGongIE.dll
O2 - BHO: Codecv - {21F1CCEE-165F-4A2B-BA30-A598DEABB778} - (no file)
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\bh\BabylonToolbar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (file missing)
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files (x86)\Funmoods\1.5.23.22\bh\escort.dll
O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Outspark Toolbar - {94709E6D-4459-4223-9730-18F5763CA1E6} - C:\Program Files (x86)\outsparktb\outsparkdx.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files (x86)\Funmoods\1.5.23.22\escorTlbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\BabylonToolbarTlbr.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\robin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [EPSON19C2FA (Epson Stylus SX420W)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SE8A9.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_S56D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [NCsoft Launcher] C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\robin\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2864857089-3384620632-1191010466-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: SetPointII.lnk = ?
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.aeriagames.com
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll C:\Windows\SysWOW64\nvinit.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V5 Service4(04) (EPSON_EB_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
O23 - Service: EPSON V3 Service4(04) (EPSON_PM_RPCV4_04) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.2.0 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15376 bytes
-
ja die nieuwe versie van avg heb ik al gedownload , ik zal service pack nu ff doen... maar waarvoor heb je die nodig?
en updates van windows?
groeten
-
ok heb ik allemaal gedaan denk ik , hier zijn de logs
mbam:
Malwarebytes' Anti-Malware 1.46
Databaseversie: 5199
Windows 6.0.6000
Internet Explorer 7.0.6000.17037
27/11/2010 19:04:12
mbam-log-2010-11-27 (19-04-12).txt
Scantype: Snelle scan
Objecten gescand: 172130
Verstreken tijd: 51 minuut/minuten, 31 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 1
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 1
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Windows\Temp\TMP000000019DE0946EF35DD1D5 (Trojan.Dropper) -> Quarantined and deleted successfully.
hjt:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:10:38, on 27/11/2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Gepersonaliseerde startpagina
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer aangeboden door Dell
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [iSUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - HouseCall - Free Online Virus Scan - Trend Micro USA
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldnl-be.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game14.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: AVGRSSTX.DLL C:\PROGRA~1\GOOGLE\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate1c99cdc18d1c445) (gupdate1c99cdc18d1c445) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 11665 bytes
groeten
windows verkenner werkt niet meer
in Archief Bestrijding malware & virussen
Geplaatst:
ok als er nog problemen optreden horen jullie het wel
Enorm bedant voor de hulp allemaal... jullie zijn top!!
Mvg Robin