Ga naar inhoud

Qvo6


WBH

Aanbevolen berichten

Mijn log is:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:18:10, on 10-9-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16660)

Boot mode: Normal

Running processes:

C:\Users\WBH\AppData\Local\Temp\Svg64.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\MagicDisc\MagicDisc.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe

C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe

C:\PROGRA~2\RELEVA~1\rlvknlg32.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll

O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [NPE File Analyzer] C:\Users\WBH\AppData\Local\Temp\Svg64.exe

O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SB3E6.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [watchcat] "C:\Program Files (x86)\GorillaPrice\GPI64Tool.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1054695275-82366836-2359058252-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NeroMediaHomeUser.4')

O4 - HKUS\S-1-5-21-1054695275-82366836-2359058252-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NeroMediaHomeUser.4')

O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GorillaPrice - Unknown owner - C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files (x86)\RelevantKnowledge\rlservice.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Update WebConnect - WebConnect - C:\Program Files (x86)\WebConnect\updateWebConnect.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: WatGorp - Unknown owner - C:\ProgramData\GorillaPrice\WatGorp.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: Wsys Service (WsysSvc) - Wsys Co., Ltd. - C:\ProgramData\eSafe\eGdpSvc.exe

--

End of file - 9947 bytes

Link naar reactie
Delen op andere sites

Ga naar Start - Alle programma's - Bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor “uitvoeren als administrator” om het opdrachtprompt te openen.

Tik in: sc stop RelevantKnowledge en druk op Enter.

Tik in: sc delete RelevantKnowledge en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = QVO6

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Delta Search

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: WebConnect - {2316c625-b487-4410-a1a5-ff040b65245f} - C:\Program Files (x86)\WebConnect\WebConnectbho.dll

O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.24.6\bh\delta.dll

O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download 51a46ae42d560-malwarebytes_anti_malware.pngMalwareBytes' Anti-Malware (website) en sla het op je bureaublad op.

Zorg dat er na de installatie een vinkje is geplaatst bij:

  • Update MalwareBytes' Anti-Malware
  • Start MalwareBytes' Anti-Malware
  • Je krijgt hier ook de keuze om de evaluatie versie van MBAM te gebruiken, indien je dit niet wilt vink dit dan uit.

Klik daarna op "Voltooien".

Indien een update gevonden wordt, zal die gedownload en geïnstalleerd worden.

  • Zodra het programma gestart is, ga dan naar het tabblad "Instellingen".
  • Vink hier aan: "Sluit Internet Explorer tijdens verwijdering van malware".
  • Ga daarna naar het tabblad "Scanner", kies hier voor "Snelle Scan".
  • Druk vervolgens op "Scannen" om de scan te starten.
  • Het scannen kan een tijdje duren, dus wees geduldig.
  • Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
  • Zorg ervoor dat daar alles aangevinkt is, daarna klik op: "Verwijder geselecteerde".
  • Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten.
  • Herstart de computer indien nodig en post hierna de log in het volgende bericht, samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Malwarebytes Anti-Malware 1.75.0.1300

Malwarebytes : Free anti-malware download

Databaseversie: v2013.09.10.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

WBH :: CC1153238-A [administrator]

10-9-2013 19:51:34

mbam-log-2013-09-10 (19-51-34).txt

Scan type: Snelle scan

Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scan opties: P2P

Objecten gescand: 244545

Verstreken tijd: 6 minuut/minuten, 52 seconde(n)

Geheugenprocessen gedetecteerd: 6

C:\Users\WBH\AppData\Local\Temp\Svg64.exe (Backdoor.Messa) -> 1060 -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> 1972 -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> 4844 -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe (PUP.Adware.RelevantKnowledge) -> 4420 -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> 4476 -> Zal worden verwijderd tijdens het herstarten.

C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> 1388 -> Zal worden verwijderd tijdens het herstarten.

Geheugenmodulen gedetecteerd: 1

C:\Windows\System32\rlls.dll (PUP.Adware.RelevantKnowledge) -> Zal worden verwijderd tijdens het herstarten.

Registersleutels gedetecteerd: 40

HKLM\SYSTEM\CurrentControlSet\Services\Update WebConnect (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (PUP.Adware.RelevantKnowledge) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} (PUP.Optional.BrowseFox.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2316C625-B487-4410-A1A5-FF040B65245F} (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc (PUP.Optional.Esafe.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WsysControl (PUP.Optional.Esafe.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\VB and VBA Program Settings\SrvID (Malware.Trace) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\WEBCONNECT (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\delta.deltaappCore.1 (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\delta.deltaappCore (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B} (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKCR\d (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\delta (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Registerwaarden gedetecteerd: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NPE File Analyzer (Backdoor.Messa) -> Data: C:\Users\WBH\AppData\Local\Temp\Svg64.exe -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta.A) -> Data: -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0W0U -> Succesvol in quarantaine geplaatst en verwijderd.

HKCU\Software\WebConnect|iid (PUP.Optional.WebConnect.A) -> Data: def_WebConnect -> Succesvol in quarantaine geplaatst en verwijderd.

HKLM\SYSTEM\CurrentControlSet\Services\WsysSvc|ImagePath (PUP.Optional.Esafe.A) -> Data: C:\ProgramData\eSafe\eGdpSvc.exe -> Succesvol in quarantaine geplaatst en verwijderd.

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 49

C:\Users\WBH\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\Delta (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\WebConnect (PUP.Optional.WebConnect.A) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge (PUP.Spyware.MarketScore) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge\components (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\defaults (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\addon (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\dom (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\lang (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\net (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\platform (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\preferences (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\window (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\toolkit (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Delta\delta\1.8.24.6\bh (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\mt_ffx\Delta (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\mt_ffx\Delta\delta (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\mt_ffx\Delta\delta\1.8.24.6 (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

Bestanden gedetecteerd: 172

C:\Windows\System32\rlls.dll (PUP.Adware.RelevantKnowledge) -> Zal worden verwijderd tijdens het herstarten.

C:\Users\WBH\AppData\Local\Temp\Svg64.exe (Backdoor.Messa) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\WebConnect\updateWebConnect.exe (PUP.Optional.WebConnect.A) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe (PUP.Adware.RelevantKnowledge) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge\rlvknlg32.exe (PUP.Adware.RelevantKnowledge) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\RelevantKnowledge\rlvknlg64.exe (PUP.Adware.RelevantKnowledge) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\Delta\delta\1.8.24.6\deltasrv.exe (PUP.Optional.Delta) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaTlbr.dll (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\DSearchLink\DSearchLink.exe (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\CSM709D.tmp (PUP.Adware.RelevantKnowledge) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\E89A806B-BAB0-7891-B3C7-182A2A7483B1\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\E89A806B-BAB0-7891-B3C7-182A2A7483B1\Latest\DSearchLink.exe (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\E89A806B-BAB0-7891-B3C7-182A2A7483B1\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\E89A806B-BAB0-7891-B3C7-182A2A7483B1\Latest\searchInstaller2013 v024.exe (PUP.Optional.BabylonSearch.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\E89A806B-BAB0-7891-B3C7-182A2A7483B1\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\is357113909\cor_ar_201381417179_qvo6.exe (PUP.Optional.Elex) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Temp\is357113909\WebConnect.exe (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Downloads\BestCodecsPackSetup.exe (Adware.InstallBrain) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Downloads\download_torntv.exe (PUP.Optional.OneClickDownloader.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Downloads\iLividSetup-r1117-t-bc.exe (PUP.Optional.Bandoo) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Downloads\rcpsetup_3335_ggnl.exe (PUP.Optional.RegCleanerPro) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Downloads\SKIDROW.rar (Trojan.Agent.CK) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Downloads\SoftonicDownloader_voor_grabit.exe (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Downloads\UltimateCodec.exe (PUP.Optional.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Local Settings\Temporary Internet Files\Content.IE5\15RDLKBF\optin[1].php (PUP.Adware.RelevantKnowledge) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Local Settings\Temporary Internet Files\Content.IE5\6VO2XRAW\optin[1].php (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Local Settings\Temporary Internet Files\Content.IE5\6VO2XRAW\optin[3].php (PUP.Adware.RelevantKnowledge) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\Local Settings\Temporary Internet Files\Content.IE5\7XG2VERD\Setup[1].exe (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\WinUpdtr.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Windows\System32\rlls.dll (Trojan.Agent) -> Zal worden verwijderd tijdens het herstarten.

C:\Windows\SysWOW64\rlls.dll (Trojan.Agent) -> Zal worden verwijderd tijdens het herstarten.

C:\Users\WBH\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\eSafe\eGdpSvc.exe (PUP.Optional.Esafe.A) -> Zal worden verwijderd tijdens het herstarten.

C:\Users\WBH\AppData\Roaming\Delta\sqlite3.dll (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\WebConnect\ieakfmpjhljbpbfpldjkddkjmmgjmgon.crx (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\WebConnect\Microsoft.Win32.TaskScheduler.dll (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\WebConnect\sqlite3.exe (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\WebConnect\updateWebConnect.InstallState (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\WebConnect\WebConnect.Common.dll (PUP.Optional.WebConnect.A) -> Zal worden verwijderd tijdens het herstarten.

C:\Program Files (x86)\WebConnect\WebConnect.ico (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\WebConnect\WebConnectUninstall.exe (PUP.Optional.WebConnect.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage (PUP.Optional.BrowserDefender.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\chrome.manifest (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\install.rdf (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\nscf.dat (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\readme.txt (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rlcm.crx (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rlcm.txt (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rlls.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rlls64.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rloci.bin (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rlph.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rlservice.exe (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\rlxf.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\components\rlxg.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\bootstrap.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\harness-options.json (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\install.rdf (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\locales.json (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\rlnx.dll (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\defaults\preferences\prefs.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\chrome.manifest (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\base64.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\self.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\timers.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\url.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\addon\runner.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\plain-text.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\console\traceback.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-proxy.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\content-worker.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\loader.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\thumbnail.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\content\worker.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\heritage.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\namespace.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\core\promise.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\api-utils.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\cortex.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\errors.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\light-traits.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\list.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\memory.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\observer-service.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\window-utils.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\events\assembler.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\deprecated\traits\core.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\dom\events.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\core.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\event\target.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\byte-streams.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\data.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\file.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\io\text-streams.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\core.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\html.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\loader.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\locale.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\l10n\prefs.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\lang\functional.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\cuddlefish.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\loader\sandbox.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\net\url.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\page-mod\match-pattern.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\platform\xpcom.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\preferences\service.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\utils.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\private-browsing\window\utils.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\environment.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\events.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\globals.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\runtime.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\unload.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\system\xul-app.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\common.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\events.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\helpers.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\namespace.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\observer.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-fennec.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab-firefox.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tab.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs-firefox.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\tabs.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\utils.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\tabs\worker.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\array.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\deprecate.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\list.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\object.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\registry.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\util\uuid.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\browser.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\namespace.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\window\utils.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\dom.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\fennec.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\firefox.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\loader.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\observer.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-fennec.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\sdk\windows\tabs-firefox.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\addon-sdk\lib\toolkit\loader.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\data\content.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dompilot.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\dputil.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\RelevantKnowledge\firefox\resources\dpjs\lib\main.js (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Member of GRID - Goodware Repository Information Database.lnk (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk (PUP.Spyware.MarketScore) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\CR\Delta.crx (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared\Delta.ico (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Users\WBH\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaApp.dll (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Delta\delta\1.8.24.6\deltaEng.dll (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Delta\delta\1.8.24.6\GUninstaller.exe (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

C:\Program Files (x86)\Delta\delta\1.8.24.6\uninstall.exe (PUP.Optional.Delta.A) -> Succesvol in quarantaine geplaatst en verwijderd.

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 20:18:18, on 10-9-2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16660)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SB3E6.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [watchcat] "C:\Program Files (x86)\GorillaPrice\GPI64Tool.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1054695275-82366836-2359058252-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NeroMediaHomeUser.4')

O4 - HKUS\S-1-5-21-1054695275-82366836-2359058252-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NeroMediaHomeUser.4')

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GorillaPrice - Unknown owner - C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: WatGorp - Unknown owner - C:\ProgramData\GorillaPrice\WatGorp.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 8607 bytes

Link naar reactie
Delen op andere sites

Hiermee is behoorlijk wat rotzooi van de PC gehaald. Nu dit even:

Download 5217db3eb6d8b-AdwCleaner3.pngAdwCleaner by Xplode naar je bureaublad.

  • Sluit alle openstaande vensters.
  • Dubbelklik op AdwCleaner om hem te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren,
  • Door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Klik vervolgens op Scan.
  • Klik vervolgens op Clean als er items zijn gevonden.
  • Klik bij Herstarten Noodzakelijk op OK

Nadat de PC opnieuw is opgestart, opent meestal een logfile.

Anders is het hier terug te vinden C:\AdwCleaner\AdwCleaner[R1].txt.

Post aansluitend de inhoud van dit log in je volgende bericht.

Link naar reactie
Delen op andere sites

# AdwCleaner v3.003 - Report created 10/09/2013 at 21:24:01

# Updated 07/09/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : WBH - CC1153238-A

# Running from : C:\Users\WBH\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\eSafe

Folder Deleted : C:\Program Files (x86)\delta

Folder Deleted : C:\Users\WBH\AppData\Local\Temp\eIntaller

Folder Deleted : C:\Users\WBH\AppData\LocalLow\delta

Folder Deleted : C:\Users\WBH\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z

Folder Deleted : C:\Users\WBH\AppData\Roaming\DSite

Folder Deleted : C:\Users\WBH\AppData\Roaming\Systweak

File Deleted : C:\Windows\System32\roboot64.exe

File Deleted : C:\Windows\Tasks\DSite.job

File Deleted : C:\Windows\System32\Tasks\DSite

File Deleted : C:\Windows\System32\Tasks\EPUpdater

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\WBH\Desktop\Search.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\WBH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk

Shortcut Disinfected : C:\Users\WBH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\WBH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr

Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane

Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_grabit_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_voor_grabit_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command

Key Deleted : HKCU\Software\BabSolution

Key Deleted : HKCU\Software\Delta

Key Deleted : HKCU\Software\dsiteproducts

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Delta

Key Deleted : HKLM\Software\eSafeSecControl

Key Deleted : HKLM\Software\systweak

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

-\\ Google Chrome v29.0.1547.66

[ File : C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

Deleted : icon_url

Deleted : search_url

Deleted : keyword

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [7727 octets] - [10/09/2013 21:15:49]

AdwCleaner[R1].txt - [7787 octets] - [10/09/2013 21:22:41]

AdwCleaner[s0].txt - [6346 octets] - [10/09/2013 21:24:01]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6406 octets] ##########

Link naar reactie
Delen op andere sites

Download 51a612a8b27e2-Zoek.pngZoek.zip naar het bureaublad.

  • Wanneer Internet Explorer of een andere browser of virusscanner melding geeft dat dit bestand onveilig zou zijn kun je negeren, dit is namelijk een onterechte waarschuwing.
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe (hier en hier) kan je lezen hoe je dat doet.
  • Klik met de rechtermuisknop op Zoek.zip en klik op de optie "Alles uitpakken".
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

chromelook; 
firefoxlook; 
startupall; 
filesrcm;

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
  • HijackThis Log
  • Firefox Defaults
  • Reset Chrome
  • IE Defaults
  • Auto Clean
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.

Link naar reactie
Delen op andere sites

Zoek.exe Version 4.0.0.4 Updated 11-September-2013

Tool run by WBH on do 12-09-2013 at 18:00:10,44.

Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\WBH\Desktop\Zoek\zoek.exe [script inserted] [Checkboxes used]

==== System Restore Info ======================

12-9-2013 18:02:09 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1054695275-82366836-2359058252-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AF8F9D72-A6D0-4F8B-887F-0DB61D090CFD} deleted successfully

HKEY_USERS\S-1-5-21-1054695275-82366836-2359058252-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

"C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx" deleted

"C:\Users\WBH\Desktop\Search.lnk" deleted

"C:\ProgramData\GorillaPrice\WatGorp.exe" deleted

"C:\ProgramData\boost_interprocess\20130912134348.660800\GpReceiverName" deleted

"C:\Users\WBH\AppData\Roaming\Open Download Manager" deleted

"C:\ProgramData\boost_interprocess" not deleted

"C:\ProgramData\GorillaPrice" not deleted

"C:\ProgramData\boost_interprocess\20130912134348.660800" not deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-09-08 19:10:05 F6A4C801FB2848B03FD4520F118EF4F7 1991 ----a-w- C:\Windows\unins000.dat

2013-09-08 19:10:05 DDC0B6672AB7862A3C2D7AA2ADB6B645 715038 ----a-w- C:\Windows\unins000.exe

2013-09-08 15:56:35 E185BDA84E5F03F4E1D8DCA30E209277 1912 ----a-w- C:\Windows\epplauncher.mif

2013-09-08 14:31:30 127AA81343A7C6F665C22CB1293B0A90 67072 ----a-w- C:\Windows\splwow64.exe

2013-09-08 13:25:01 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Windows\ativpsrm.bin

====== C:\Users\WBH\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-09-11 20:08:57 BCA4913CDE903B4BDEEDAD1D6DBF5E2A 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-09-11 20:08:57 06EEAD5864F357ADC618F65A2F2C5156 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-09-11 20:08:54 7E540E07B97DCBCF8F76FA743B486BF2 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2013-09-11 20:08:53 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-11 20:08:53 3B74EADF1B70251D3CDB87BC338DC34D 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2013-09-11 20:08:53 000B55B43992179E69C2E83CCB8F1126 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2013-09-11 20:08:52 281A720B0A984E325599EE1F0342E8FB 2048000 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-09-11 20:08:48 2EC47CF6A36F6A83BB8B98C1425B4D41 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-09-11 20:08:47 00531B52C9468929F2C651B3BCADCBC9 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-09-11 20:08:45 79DC575FE905D5DD5C5A4C5993A7C7F9 2876928 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-09-11 20:08:44 E5D91D6B81A293AB6854CAD112240A4B 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-09-11 20:08:42 7C63629508BB87227C3C861355A155B4 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-09-11 20:08:41 535F6263035F2530A62D5D64EF6E73D3 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-09-11 20:08:39 4FCC53B82D91607FB9AE24E617108BB2 13761024 ----a-w- C:\Windows\SysWOW64\ieframe.dll

2013-09-11 20:08:33 5D2D7E7850CE963C2F401D4DEE7BB32A 14332928 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-09-11 19:52:24 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-11 19:52:23 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-11 19:52:22 0184CC60AB10C8124D69AFB332C6AF1C 1292192 ----a-w- C:\Windows\SysWOW64\ntdll.dll

2013-09-11 19:52:21 365A5034093AD9E04F433046C4CDF6AB 1114112 ----a-w- C:\Windows\SysWOW64\kernel32.dll

2013-09-11 19:52:20 57EC6102661E0E1D156C1EC251E7CAF8 14336 ----a-w- C:\Windows\SysWOW64\ntvdm64.dll

2013-09-11 19:52:20 1B7343C3765638D4D17CB925F84F8ABE 274944 ----a-w- C:\Windows\SysWOW64\KernelBase.dll

2013-09-11 19:52:19 73EF27E157855E3CB18B021BC9622E4C 5120 ----a-w- C:\Windows\SysWOW64\wow32.dll

2013-09-11 19:52:16 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2013-09-11 19:52:16 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2013-09-11 19:52:16 812A161FC470FA832C3F0CC3D7ACA2F9 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll

2013-09-11 19:52:16 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2013-09-11 19:50:16 E02781D4871844DCD30DF1D69A650F78 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll

2013-09-11 19:50:14 2C4A87CA8C00E98EFDCFA2E8EC9A3503 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll

2013-09-10 12:11:14 5B2E4E90C04FB9AE9F2C5E99FF59B283 1230336 ----a-w- C:\Windows\SysWOW64\WindowsCodecs.dll

2013-09-09 16:51:29 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll

2013-09-09 15:59:38 0402BFC25AB49E02256BC24E32829773 185344 ----a-w- C:\Windows\SysWOW64\elshyph.dll

2013-09-09 15:59:37 C28A634CF127DA67D566B5E14D0A0170 719360 ----a-w- C:\Windows\SysWOW64\mshtmlmedia.dll

2013-09-09 15:59:37 C225E5307D8D4982A1687F2702C37C78 158720 ----a-w- C:\Windows\SysWOW64\msls31.dll

2013-09-09 15:59:37 87E71F2A83681F41B796CA685818EF2D 163840 ----a-w- C:\Windows\SysWOW64\msrating.dll

2013-09-09 15:59:37 338520304B99471BD0ED121954FE7863 82432 ----a-w- C:\Windows\SysWOW64\inseng.dll

2013-09-09 15:59:36 AF0332E09DDBE0172237D1958A7DADB8 79872 ----a-w- C:\Windows\SysWOW64\mshtmled.dll

2013-09-09 15:59:36 9DF7A7C74D8632CB5EBD37E3A374825E 204800 ----a-w- C:\Windows\SysWOW64\webcheck.dll

2013-09-09 15:59:36 96E0F0BED5D9EBABB899D8CA83C36A7E 523264 ----a-w- C:\Windows\SysWOW64\vbscript.dll

2013-09-09 15:59:36 81C4D657D37C3A5418B54BFECE821B84 57344 ----a-w- C:\Windows\SysWOW64\pngfilt.dll

2013-09-09 15:59:36 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\SysWOW64\wextract.exe

2013-09-09 15:59:36 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\SysWOW64\iexpress.exe

2013-09-09 15:59:34 F8B9B71F32BC739402881D66DFE102E0 137216 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-09-09 15:59:34 B96C13B5C85AC4240FE95DE115945D59 38400 ----a-w- C:\Windows\SysWOW64\imgutil.dll

2013-09-09 15:59:34 80B47F0F45C3EBF41C30E0BA367D25D3 125440 ----a-w- C:\Windows\SysWOW64\occache.dll

2013-09-09 15:59:34 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe

2013-09-09 15:59:33 A7E8E3A9F92D9B0D495F636A1D282883 48640 ----a-w- C:\Windows\SysWOW64\mshtmler.dll

2013-09-09 15:59:33 8A45166CD9874463AB76B552C9C2D3AD 110592 ----a-w- C:\Windows\SysWOW64\IEAdvpack.dll

2013-09-09 15:59:33 828B4A41BE891A7AEC07E693422B4A3A 117248 ----a-w- C:\Windows\SysWOW64\iepeers.dll

2013-09-09 15:59:33 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-09-09 15:59:33 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe

2013-09-09 15:59:33 2D7A29C35D0894481A69FA3AC45F18F0 41984 ----a-w- C:\Windows\SysWOW64\msfeedsbs.dll

2013-09-09 15:59:32 E14A07B768EC49D382CABCE2F078D576 232960 ----a-w- C:\Windows\SysWOW64\url.dll

2013-09-09 15:59:32 DEFB55D4FF094673DF31FA89A8A8A2F0 226816 ----a-w- C:\Windows\SysWOW64\dxtrans.dll

2013-09-09 15:59:32 C68FBBF01E86CB6CF0B797748FBD6C1A 357888 ----a-w- C:\Windows\SysWOW64\dxtmsft.dll

2013-09-09 15:59:32 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\SysWOW64\ieapfltr.dat

2013-09-09 15:59:32 4A47CAEA8D3B82DE439A79771ECED4B1 361984 ----a-w- C:\Windows\SysWOW64\html.iec

2013-09-09 15:59:32 414A3D9AAE072CDEFE0B64C2EBEE18D2 61952 ----a-w- C:\Windows\SysWOW64\tdc.ocx

2013-09-09 15:59:32 0F44172A5B34E8F208CD0F209EDD4A73 629248 ----a-w- C:\Windows\SysWOW64\ieapfltr.dll

2013-09-09 15:59:31 F0D4AE074D9BC0741DC6E91C741F2F8C 23040 ----a-w- C:\Windows\SysWOW64\licmgr10.dll

2013-09-09 15:59:31 9D9AC6CE9A9D951AC40DE91CD6F0A620 1441280 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl

2013-09-09 15:59:31 932571EFF79B93F94E84ADF4989A277F 69120 ----a-w- C:\Windows\SysWOW64\icardie.dll

2013-09-09 15:59:31 404FAD93ABFBD86D1AAAB47D5DFA6505 242200 ----a-w- C:\Windows\SysWOW64\iedkcs32.dll

2013-09-09 15:59:31 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\SysWOW64\ieuinit.inf

2013-09-09 15:54:47 C7A730AFB80B11F93EFC81B1D6F920D7 364544 ----a-w- C:\Windows\SysWOW64\XpsGdiConverter.dll

2013-09-09 15:54:47 6A7B5A3EFCCDB53DA41CF6838056990F 1158144 ----a-w- C:\Windows\SysWOW64\XpsPrint.dll

2013-09-09 15:54:47 6A13B4F3B3F575F1E24B877B9359AABA 10752 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-09-09 15:54:47 6951562DC4625EEFC6EACD52AD165866 9728 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-09-09 15:54:47 60F4AEFA103D421EA4A40E31409B4756 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-09-09 15:54:47 589CBC4989F750E1DA35625AB481CF43 4096 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-09-09 15:54:47 49ACA548B2423F1C67898E6AC719A9A6 3584 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-09-09 15:54:47 3BE0D923AA45A4DBE091C2D84F0B4FE7 3072 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll

2013-09-09 15:54:47 2E33DFD10F28F86C3FC40EE123CC3904 2560 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-09-09 15:54:47 1C60E09CA1C3A045BC4D367F67C915B7 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-09-09 15:54:47 007863E45F25AA47A4C30D0930BBFD85 5632 ---ha-w- C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-09-09 15:54:46 FB3F036EF6A467F7AF46C821FF5D198D 220160 ----a-w- C:\Windows\SysWOW64\d3d10core.dll

2013-09-09 15:54:46 D4212AB475A3B25EC4DF574536C3EDC5 249856 ----a-w- C:\Windows\SysWOW64\d3d10_1core.dll

2013-09-09 15:54:46 8504944851DF6175CC489A8F3328459E 1080832 ----a-w- C:\Windows\SysWOW64\d3d10.dll

2013-09-09 15:54:46 62A6EB5771580CAE445804389F3F7432 207872 ----a-w- C:\Windows\SysWOW64\WindowsCodecsExt.dll

2013-09-09 15:54:46 600A65F922CCDCBB2D11467914241556 2284544 ----a-w- C:\Windows\SysWOW64\msmpeg2vdec.dll

2013-09-09 15:54:46 545F1BAAADD0BF1F4FE4586293FCA07D 417792 ----a-w- C:\Windows\SysWOW64\WMPhoto.dll

2013-09-09 15:54:46 4FF3EC04CD47DD62181894B71B004E40 604160 ----a-w- C:\Windows\SysWOW64\d3d10level9.dll

2013-09-09 15:54:46 3C1936A12C62254F914A01BBC6A8DC69 161792 ----a-w- C:\Windows\SysWOW64\d3d10_1.dll

2013-09-09 15:54:45 D4F264FE23F8953D840904418220C15E 293376 ----a-w- C:\Windows\SysWOW64\dxgi.dll

2013-09-09 15:54:45 B3170CCC779B682C3341873EA60CF084 1988096 ----a-w- C:\Windows\SysWOW64\d3d10warp.dll

2013-09-09 15:54:45 9FF8F684BACF326082E5562F7C104A79 3419136 ----a-w- C:\Windows\SysWOW64\d2d1.dll

2013-09-09 15:54:45 8B285BDAB7735FDFB18E6F7122923B77 187392 ----a-w- C:\Windows\SysWOW64\UIAnimation.dll

2013-09-09 15:36:32 E32230F4135D507E79509C998F4D8C92 34304 ----a-w- C:\Windows\SysWOW64\atmlib.dll

2013-09-09 15:36:30 5DAF8A6B7F127C4E70A5C1F707347859 295424 ----a-w- C:\Windows\SysWOW64\atmfd.dll

2013-09-08 20:03:08 A64711C9CF690718EADA750370EC5EB2 4659712 ----a-w- C:\Windows\SysWOW64\Redemption.dll

2013-09-08 20:02:59 37655385D1CF8560A52027B8008FAE0E 821824 ----a-w- C:\Windows\SysWOW64\dgderapi.dll

2013-09-08 19:10:21 E3833540C755C06EC18D414047448B14 645632 ----a-w- C:\Windows\SysWOW64\xvidcore.dll

2013-09-08 19:10:21 5E8CD1804C1A035311F5DA9C1048F024 153088 ----a-w- C:\Windows\SysWOW64\xvid.ax

2013-09-08 19:10:21 348AC3C5B87056E24C9E0039332BFB66 240640 ----a-w- C:\Windows\SysWOW64\xvidvfw.dll

2013-09-08 19:10:05 FA425C74CE2EB719B2A77A7A2ADDAE32 216064 ----a-w- C:\Windows\SysWOW64\lagarith.dll

2013-09-08 14:35:31 20104EA66332D24D7C65BBB087C56737 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe

2013-09-08 14:35:29 EF71BA5DF59034962B0C62314A71351A 193536 ----a-w- C:\Windows\SysWOW64\dhcpcore6.dll

2013-09-08 14:35:29 81F6C1AE23B1C493D9E996C3103915D7 44032 ----a-w- C:\Windows\SysWOW64\dhcpcsvc6.dll

2013-09-08 14:35:26 52D33A22DE04BD9F40E1B1A28B46A95C 3217408 ----a-w- C:\Windows\SysWOW64\mstscax.dll

2013-09-08 14:35:25 F5562EFA9E4867D30EC2330B80FCB25C 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll

2013-09-08 14:35:25 2A6BFDEDF2C57923E78F970BB15D7E7D 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll

2013-09-08 14:35:19 AE8EB083B050E17A7D6EB5E28AECDDD6 1166848 ----a-w- C:\Windows\SysWOW64\crypt32.dll

2013-09-08 14:35:19 7CA1BECEA5DE2643ADDAD32670E7A4C9 140288 ----a-w- C:\Windows\SysWOW64\cryptsvc.dll

2013-09-08 14:35:19 7B851A8018B1EA00A69707A390004884 103936 ----a-w- C:\Windows\SysWOW64\cryptnet.dll

2013-09-08 14:35:19 68EAAEDF0365168B804E8728368FA946 175104 ----a-w- C:\Windows\SysWOW64\wintrust.dll

2013-09-08 14:35:13 03F3B770DFBED6131653CEDA8CA780F0 442880 ----a-w- C:\Windows\SysWOW64\ntshrui.dll

2013-09-08 14:34:56 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll

2013-09-08 14:34:46 D5E18BA95F9E7D787D25EF07AC68603E 2048 ----a-w- C:\Windows\SysWOW64\tzres.dll

2013-09-08 14:34:38 0805487A6036A9F9C4E7AF7FEF835529 1620992 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL

2013-09-08 14:34:32 F93674263F6B07C77956E966953242D9 22016 ----a-w- C:\Windows\SysWOW64\secur32.dll

2013-09-08 14:34:32 EDA7AD21DF8945528F01F0A86D69E524 96768 ----a-w- C:\Windows\SysWOW64\sspicli.dll

2013-09-08 14:34:32 3D3CBD1847F980FB03343A63671E7886 225280 ----a-w- C:\Windows\SysWOW64\schannel.dll

2013-09-08 14:34:31 4DC999CED9429939D75682EBD7D48901 663552 ----a-w- C:\Windows\SysWOW64\rpcrt4.dll

2013-09-08 14:34:28 EAADD6E47ED2A7003ACE1793B98CF63F 1389568 ----a-w- C:\Windows\SysWOW64\msxml6.dll

2013-09-08 14:34:28 A45CB10FC8C4DCA23F96FE4D334F64FE 2048 ----a-w- C:\Windows\SysWOW64\msxml3r.dll

2013-09-08 14:34:28 21D3A18769EC2C4E56756D04E989A221 1236992 ----a-w- C:\Windows\SysWOW64\msxml3.dll

2013-09-08 14:34:19 5078492B9CAC9CB721698DB51F039035 175104 ----a-w- C:\Windows\SysWOW64\netcorehc.dll

2013-09-08 14:34:19 23FC8068953C9BE2D63AE4EF1129112A 18944 ----a-w- C:\Windows\SysWOW64\netevent.dll

2013-09-08 14:34:19 140D9F911182357626165EA0BEB98C4F 156672 ----a-w- C:\Windows\SysWOW64\ncsi.dll

2013-09-08 14:34:19 0BA65122FFA7E37564EE86422DBF7AE8 52224 ----a-w- C:\Windows\SysWOW64\nlaapi.dll

2013-09-08 14:34:01 310F6F492A3B4B1020ED9BF9CCBBE6B6 376832 ----a-w- C:\Windows\SysWOW64\dpnet.dll

2013-09-08 14:34:00 BF6D6ED5FADCEEE885BD0144ECF1BA27 220160 ----a-w- C:\Windows\SysWOW64\ncrypt.dll

2013-09-08 14:34:00 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll

2013-09-08 14:33:40 B7230010D97787AF3D25E4C82F2B06B9 626688 ----a-w- C:\Windows\SysWOW64\usp10.dll

2013-09-08 14:33:33 ED59143843560B5EDB543C2A48CB9E4B 45568 ----a-w- C:\Windows\SysWOW64\oflc-nz.rs

2013-09-08 14:33:33 DDD1C4AB9A9DAE6D4092C4C95E714650 51712 ----a-w- C:\Windows\SysWOW64\esrb.rs

2013-09-08 14:33:33 CBC69A055EF410CBD65593E4808B6DB4 23552 ----a-w- C:\Windows\SysWOW64\oflc.rs

2013-09-08 14:33:33 A704E750245D5D4EE4A23E99A00F27D5 46592 ----a-w- C:\Windows\SysWOW64\fpb.rs

2013-09-08 14:33:33 A067A19A91C2AA0198F9BD01A5CEF5C6 21504 ----a-w- C:\Windows\SysWOW64\grb.rs

2013-09-08 14:33:33 9EDCFA23CC081E38C86CA309D0F7E3DC 30720 ----a-w- C:\Windows\SysWOW64\usk.rs

2013-09-08 14:33:33 9B7D7F4D1F79E8B7D727BE94B1630D59 44544 ----a-w- C:\Windows\SysWOW64\pegibbfc.rs

2013-09-08 14:33:33 7752619457598CF057C4CC02A0867029 55296 ----a-w- C:\Windows\SysWOW64\cero.rs

2013-09-08 14:33:33 72035C97983745E742D71E9A8EF70BBB 20480 ----a-w- C:\Windows\SysWOW64\pegi-fi.rs

2013-09-08 14:33:33 6EC618588447B82EA8D88719EE46F725 43520 ----a-w- C:\Windows\SysWOW64\csrr.rs

2013-09-08 14:33:33 64E211E0FDFCE4D186DF58BB7D0503BC 2576384 ----a-w- C:\Windows\SysWOW64\gameux.dll

2013-09-08 14:33:33 5109C45498BC709C8A7E016D5FFCCAC2 20480 ----a-w- C:\Windows\SysWOW64\pegi.rs

2013-09-08 14:33:33 4F5C56DBF076D5BBB1D22B37BF281396 20480 ----a-w- C:\Windows\SysWOW64\pegi-pt.rs

2013-09-08 14:33:33 43C9CF6825CEA58F1815B7C3DBBB385C 308736 ----a-w- C:\Windows\SysWOW64\Wpc.dll

2013-09-08 14:33:33 41CE7975CAD7BCF92538D2C452239523 40960 ----a-w- C:\Windows\SysWOW64\cob-au.rs

2013-09-08 14:33:33 27828AAA24AA46F11036954ADE355C1C 15360 ----a-w- C:\Windows\SysWOW64\djctq.rs

2013-09-08 14:33:17 BDA0B954A30498B5A7EDC6204CBA07ED 542208 ----a-w- C:\Windows\SysWOW64\kerberos.dll

2013-09-08 14:32:50 A6C29DB53ECA94FA8591C5388D604B82 2342400 ----a-w- C:\Windows\SysWOW64\msi.dll

2013-09-08 14:32:46 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\SysWOW64\locale.nls

2013-09-08 14:32:20 FC415B303B1ECF80B5F130A1F7203D02 492544 ----a-w- C:\Windows\SysWOW64\win32spl.dll

2013-09-08 14:32:20 D23E615E0969AECC1134E372B0B295D1 78336 ----a-w- C:\Windows\SysWOW64\synceng.dll

2013-09-08 14:32:08 45FBAFFA68CBC29AC2563985CEE72B9C 24576 ----a-w- C:\Windows\SysWOW64\cryptdlg.dll

2013-09-08 14:32:00 72910F1DEB838E6E08A9017BFB7D4F0B 41984 ----a-w- C:\Windows\SysWOW64\browcli.dll

2013-09-08 14:32:00 2FCA0D2C59A855C54BAFA22AA329DF0F 57344 ----a-w- C:\Windows\SysWOW64\netapi32.dll

2013-09-08 14:31:58 A81331D7EB6C5D1F7B1E4E4FC15F3EC0 43008 ----a-w- C:\Windows\SysWOW64\srclient.dll

2013-09-08 14:31:52 CC917AC4D3F8756FF13174980B474791 43008 ----a-w- C:\Windows\SysWOW64\certenc.dll

2013-09-08 14:31:52 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe

2013-09-08 14:31:35 3B7C1A53047FF6ACEFD9BA6E281DEBB7 805376 ----a-w- C:\Windows\SysWOW64\cdosys.dll

2013-09-08 14:31:33 6DE66FE7C526637E74CD066461C7C871 1505280 ----a-w- C:\Windows\SysWOW64\d3d11.dll

====== C:\Windows\SysWOW64\drivers =====

2013-09-08 18:34:29 79D51E7F5926E8CE1B3EBECEBAE28CFF 255552 ----a-w- C:\Windows\SysWOW64\drivers\mcdbus.sys

====== C:\Windows\Sysnative =====

2013-09-11 20:08:57 B98DDA3209E252884F6F9431A43424B3 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-09-11 20:08:56 C016B4170A836CBA9DF98F02CD055C1B 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-09-11 20:08:54 7248896237039BBC477DBB9C62C37FCB 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2013-09-11 20:08:53 91573C042B3D9163F29CB1E1E51FF51A 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

2013-09-11 20:08:53 73BA149C61D2B164E25E1455D9D7F648 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2013-09-11 20:08:53 390231BA1644AFE0ADD5A7F186EF6FA4 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2013-09-11 20:08:53 3581F49B7B32B4514FFD9481ED8BAE61 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-09-11 20:08:52 8E9898BF21FF4232EE07BD5D1D1C6281 2647040 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-09-11 20:08:48 DCAE7117A97F5922B853981D6D491D71 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-09-11 20:08:47 CF57F63E6878BEA029B1098D03143AED 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-09-11 20:08:46 C6DBD79D39061F189A3F1055D44E1590 3959296 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-09-11 20:08:44 35552F806607A86E65B6047BF695D34B 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-09-11 20:08:42 537394CF1A70BFFB0B3C7510404CF91C 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-09-11 20:08:40 AAFA952E774DDDB0956D3BDFAE5B5B99 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-09-11 20:08:38 08F6335D55310C334B13B9616E61D13D 15404544 ----a-w- C:\Windows\Sysnative\ieframe.dll

2013-09-11 20:08:36 CC4AE7E2ECAEE7612B3C0D3AB302375C 19246592 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-09-11 19:52:23 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe

2013-09-11 19:52:23 5B79D52A0388D8DEC5BF68411EA05A02 1732032 ----a-w- C:\Windows\Sysnative\ntdll.dll

2013-09-11 19:52:22 B22C00ED0491FD7B8803D7DDE2849F4C 424448 ----a-w- C:\Windows\Sysnative\KernelBase.dll

2013-09-11 19:52:21 D8973E71F1B35CD3F3DEA7C12D49D0F0 1161216 ----a-w- C:\Windows\Sysnative\kernel32.dll

2013-09-11 19:52:21 AA913C4E63B6F3F52E20BC9932205BCC 243712 ----a-w- C:\Windows\Sysnative\wow64.dll

2013-09-11 19:52:20 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\Sysnative\smss.exe

2013-09-11 19:52:20 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\Sysnative\conhost.exe

2013-09-11 19:52:20 9209EA3F29DFC339A87EFD604E035FE4 362496 ----a-w- C:\Windows\Sysnative\wow64win.dll

2013-09-11 19:52:20 88EDD0B34EED542745931E581AD21A32 215040 ----a-w- C:\Windows\Sysnative\winsrv.dll

2013-09-11 19:52:20 659D71E315FB40FFE9AD46CB0588BEB1 13312 ----a-w- C:\Windows\Sysnative\wow64cpu.dll

2013-09-11 19:52:20 49CEA3942A2B99A906EAFC94B853EDBD 16384 ----a-w- C:\Windows\Sysnative\ntvdm64.dll

2013-09-11 19:52:20 216BABD555BC550952320EEA89C25DDF 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll

2013-09-11 19:52:16 70A1D465390C393AA118D9764E065B06 6656 ----a-w- C:\Windows\Sysnative\apisetschema.dll

2013-09-11 19:50:16 AD662B34B161198B9D66A564EDDA7D43 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll

2013-09-11 19:50:14 23B001185B7C3CB1F4BDEB143E6B45B7 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll

2013-09-11 19:50:01 42A88ECF903BFE11411D188DCE830E84 3155456 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-09-10 12:11:14 3D7BB6DD7A87B3E36E44CA94444247A8 1424384 ----a-w- C:\Windows\Sysnative\WindowsCodecs.dll

2013-09-10 04:46:29 DEAC9DB6C8FCDC8AC5D7ACBCF65F8177 859416 ----a-w- C:\Windows\Sysnative\rlls64.dll

2013-09-09 16:51:30 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll

2013-09-09 16:13:05 51DFBD18A435BAEC1F71A692373ECE4F 9728 ----a-w- C:\Windows\Sysnative\Wdfres.dll

2013-09-09 15:59:38 5051BB40FFB2BA4870C0A059CA03294F 1054720 ----a-w- C:\Windows\Sysnative\MsSpellCheckingFacility.exe

2013-09-09 15:59:38 3531FA12A76A32ECECD972196775DF7C 226304 ----a-w- C:\Windows\Sysnative\elshyph.dll

2013-09-09 15:59:30 EC08E38751854C5B8899139B7DD29FF9 197120 ----a-w- C:\Windows\Sysnative\msrating.dll

2013-09-09 15:59:29 FC6B4D5450871A4D5CB344AFF6C090EF 281600 ----a-w- C:\Windows\Sysnative\dxtrans.dll

2013-09-09 15:59:29 D8DD5CBB9668EEE98915EA49C72F78FA 441856 ----a-w- C:\Windows\Sysnative\html.iec

2013-09-09 15:59:29 7EC25F7ABF7CE6B0FE93787524EE537B 452096 ----a-w- C:\Windows\Sysnative\dxtmsft.dll

2013-09-09 15:59:29 112183DF91C9BAECB498E4A86ECDE598 216064 ----a-w- C:\Windows\Sysnative\msls31.dll

2013-09-09 15:59:28 E1055A7FAD39F1F7C44F6152044056EA 905728 ----a-w- C:\Windows\Sysnative\mshtmlmedia.dll

2013-09-09 15:59:28 D8076F8A3C34064582035AE6696DC34A 27648 ----a-w- C:\Windows\Sysnative\licmgr10.dll

2013-09-09 15:59:28 D0F66CFAED5B85543216EF526D380B8B 270848 ----a-w- C:\Windows\Sysnative\iedkcs32.dll

2013-09-09 15:59:28 BC0D4AFBE94D8E1F81C8926D805C3366 247296 ----a-w- C:\Windows\Sysnative\webcheck.dll

2013-09-09 15:59:28 ADE73A865A5F136E84F49BB6B1627C6E 1509376 ----a-w- C:\Windows\Sysnative\inetcpl.cpl

2013-09-09 15:59:28 8C3D32A4A46326031309A43C52539D7F 1400416 ----a-w- C:\Windows\Sysnative\ieapfltr.dat

2013-09-09 15:59:28 402D797A7905DC3C6FE11E75CD5252EB 235008 ----a-w- C:\Windows\Sysnative\url.dll

2013-09-09 15:59:28 23556D116D5FB93395B2A648EEB24251 81408 ----a-w- C:\Windows\Sysnative\icardie.dll

2013-09-09 15:59:28 1FF56AC32B38A94C3C88497BD6E00C96 25185 ----a-w- C:\Windows\Sysnative\ieuinit.inf

2013-09-09 15:59:28 1456EECCB5CF6B91513200F95D61706E 762368 ----a-w- C:\Windows\Sysnative\ieapfltr.dll

2013-09-09 15:59:27 D9C10A4A0B3411146E6FC8936B079934 167424 ----a-w- C:\Windows\Sysnative\iexpress.exe

2013-09-09 15:59:27 4E426A67C46379B75A5E671B46FC07F6 102912 ----a-w- C:\Windows\Sysnative\inseng.dll

2013-09-09 15:59:27 4CFBEC37E4FAD530E623E1541E1EA958 599552 ----a-w- C:\Windows\Sysnative\vbscript.dll

2013-09-09 15:59:27 40738329209CBE2C9B48F7E30F7C1414 144896 ----a-w- C:\Windows\Sysnative\wextract.exe

2013-09-09 15:59:27 2AAE2B8FED8390879C2369FC63F7001F 97280 ----a-w- C:\Windows\Sysnative\mshtmled.dll

2013-09-09 15:59:26 61FD8E6D361E223F86D27933CE55973B 173568 ----a-w- C:\Windows\Sysnative\ieUnatt.exe

2013-09-09 15:59:25 D0D4CE6C6CE87269A34A184356475D17 149504 ----a-w- C:\Windows\Sysnative\occache.dll

2013-09-09 15:59:25 C2F21E3059AFF5E616F3E361D9FA10CD 62976 ----a-w- C:\Windows\Sysnative\pngfilt.dll

2013-09-09 15:59:25 658E8FEC79A4AB5BFDE032627B5C9667 13824 ----a-w- C:\Windows\Sysnative\mshta.exe

2013-09-09 15:59:25 63CAE56FE4215F98FEB0188748A99378 52224 ----a-w- C:\Windows\Sysnative\msfeedsbs.dll

2013-09-09 15:59:25 5B15164486C66B76699E1CD2CD2F3A2A 51200 ----a-w- C:\Windows\Sysnative\imgutil.dll

2013-09-09 15:59:25 18A94D6E9D27D169D38DAB91F6A97518 136192 ----a-w- C:\Windows\Sysnative\iepeers.dll

2013-09-09 15:59:24 F651D95B5043EFC20A6108A853553984 92160 ----a-w- C:\Windows\Sysnative\SetIEInstalledDate.exe

2013-09-09 15:59:24 E965529C43D25F2BDA77D705098BF777 135680 ----a-w- C:\Windows\Sysnative\IEAdvpack.dll

2013-09-09 15:59:24 942E110384668EEFF44751A02EDDF5E4 48640 ----a-w- C:\Windows\Sysnative\mshtmler.dll

2013-09-09 15:59:24 82D602EBBBA6D08E4691F32269FD3494 12800 ----a-w- C:\Windows\Sysnative\msfeedssync.exe

2013-09-09 15:59:22 440104AEB9DAF8AC9842080AE59740FA 77312 ----a-w- C:\Windows\Sysnative\tdc.ocx

2013-09-09 15:54:47 FB4045578F5180BDB1963AB352B78548 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-09-09 15:54:47 FA428BDBCFAB9DC3D58F0BD2CCD50EA2 1682432 ----a-w- C:\Windows\Sysnative\XpsPrint.dll

2013-09-09 15:54:47 F5CEF064C7E6D95DA86B9D064A56A969 3584 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-09-09 15:54:47 F49E92B50CED5C9F1725D3C0329FD933 10752 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-09-09 15:54:47 AFC3DB5C6EB8CA8017DDB81D6C0AD02A 9728 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-09-09 15:54:47 9108540E866F75C7AF2B91DD921A8091 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-09-09 15:54:47 9094039A00485F71C4DE64BF51F64C46 3072 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll

2013-09-09 15:54:47 72723D3E4781BADC62C3180C137E7B23 4096 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll

2013-09-09 15:54:47 64A4AB126E24FD3F58EBE64852773DB5 2560 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-09-09 15:54:47 0E6FBF19D9DFBB77316C23DF91F8A101 5632 ---ha-w- C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-09-09 15:54:46 F1C19F0AA151B90A7416FA1D50DDB582 245248 ----a-w- C:\Windows\Sysnative\WindowsCodecsExt.dll

2013-09-09 15:54:46 E8EEA503870CB6A6DC4E09A2433DF33E 2776576 ----a-w- C:\Windows\Sysnative\msmpeg2vdec.dll

2013-09-09 15:54:46 C4C183E6551084039EC862DA1C945E3D 1175552 ----a-w- C:\Windows\Sysnative\FntCache.dll

2013-09-09 15:54:46 C498EF41B93986BCBD483597573EB96D 2565120 ----a-w- C:\Windows\Sysnative\d3d10warp.dll

2013-09-09 15:54:46 B2CA1AC17E78D986B22FD6C2261CD84F 1238528 ----a-w- C:\Windows\Sysnative\d3d10.dll

2013-09-09 15:54:46 AFB73882AE41E1629A63E6713FE30FB9 296960 ----a-w- C:\Windows\Sysnative\d3d10core.dll

2013-09-09 15:54:46 9AE80F6A66B30E3ED8CDF858CF28B11B 194560 ----a-w- C:\Windows\Sysnative\d3d10_1.dll

2013-09-09 15:54:46 8DFB5752FCE145A6B295093C0A8BE131 363008 ----a-w- C:\Windows\Sysnative\dxgi.dll

2013-09-09 15:54:46 893E8C1E4A1263EDDB1A6922D0E32201 465920 ----a-w- C:\Windows\Sysnative\WMPhoto.dll

2013-09-09 15:54:46 7E8A672B7B06A6EB11960C22E0360C59 3928064 ----a-w- C:\Windows\Sysnative\d2d1.dll

2013-09-09 15:54:46 6F623BD09CBB4C3F97374F12976E5EA5 522752 ----a-w- C:\Windows\Sysnative\XpsGdiConverter.dll

2013-09-09 15:54:46 63F72417CA38D8FC8F53709649B589E3 333312 ----a-w- C:\Windows\Sysnative\d3d10_1core.dll

2013-09-09 15:54:45 3834316FE8A653227282196525E07DFE 648192 ----a-w- C:\Windows\Sysnative\d3d10level9.dll

2013-09-09 15:54:45 04CB7C8FDC6D9640DD82A527208F72C4 221184 ----a-w- C:\Windows\Sysnative\UIAnimation.dll

2013-09-09 15:46:49 85D6E8F735865B502D65D1D91A79E3F3 294912 ----a-w- C:\Windows\Sysnative\browserchoice.exe

2013-09-09 15:44:07 C7ECEFD495A679284D0E9BC069F96246 79143768 ----a-w- C:\Windows\Sysnative\MRT.exe

2013-09-09 15:36:32 2ED72B3F76C9368ABC01464DA64DB7AE 46080 ----a-w- C:\Windows\Sysnative\atmlib.dll

2013-09-09 15:36:31 CB2ABB2DA1E9C977302A78D86D4AE3B0 367616 ----a-w- C:\Windows\Sysnative\atmfd.dll

2013-09-09 15:35:26 B20F051B03A966392364C83F009F7D17 84992 ----a-w- C:\Windows\Sysnative\WUDFSvc.dll

2013-09-09 15:35:26 B1DF2D87DC8BF6072699AC8301B37796 194048 ----a-w- C:\Windows\Sysnative\WUDFPlatform.dll

2013-09-09 15:35:24 F1617F1014D51987D517A4C37A7C733B 45056 ----a-w- C:\Windows\Sysnative\WUDFCoinstaller.dll

2013-09-09 15:35:24 8ABFE00F213F2571498F1B8FD7939A98 229888 ----a-w- C:\Windows\Sysnative\WUDFHost.exe

2013-09-09 15:35:24 25AE683DCB4AE7E6F1B193A0CB9DB35F 744448 ----a-w- C:\Windows\Sysnative\WUDFx.dll

2013-09-08 19:50:50 BAC5074667751F72A9CE48CDC31BAC48 10752 ----a-w- C:\Windows\Sysnative\E_GCINST.DLL

2013-09-08 19:50:44 059B16DB7FD14D38B7F4E312D793B972 118784 ----a-w- C:\Windows\Sysnative\E_ILMGCE.DLL

2013-09-08 19:50:41 225B67EE62F582B3BEFC5DAF72E8FAA2 88064 ----a-w- C:\Windows\Sysnative\E_IBCBGCE.DLL

2013-09-08 19:50:17 51F7E818BF3482F8E7E53F1CE531F164 128392 ----a-w- C:\Windows\Sysnative\esdevapp.exe

2013-09-08 19:50:17 31C4A0090F0A2F130A026B2CFB9DCA60 464384 ----a-w- C:\Windows\Sysnative\esxw2ud.dll

2013-09-08 19:50:17 053B93AEC39E5F83B13066A4924AB307 17408 ----a-w- C:\Windows\Sysnative\esxcdev.dll

2013-09-08 19:10:22 4F35C25B664FE4C10C83ADA9F827DCA6 696832 ----a-w- C:\Windows\Sysnative\xvidcore.dll

2013-09-08 19:10:22 12160D5E79E2D6DD251793134CD0E3F9 255488 ----a-w- C:\Windows\Sysnative\xvidvfw.dll

2013-09-08 19:10:21 9DAEC9D57ED0B24FDE04E93EFEDB627D 173568 ----a-w- C:\Windows\Sysnative\xvid.ax

2013-09-08 19:10:05 EE6407670B4CA47CCC9AF5ED41A19150 148992 ----a-w- C:\Windows\Sysnative\lagarith.dll

2013-09-08 15:45:49 55EF557858580D8C4E4A48580D1BFDDE 23364 ----a-w- C:\Windows\Sysnative\emptyregdb.dat

2013-09-08 14:35:50 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll

2013-09-08 14:35:31 F28D6538F76DC6ECFABF6176DBDD2664 142336 ----a-w- C:\Windows\Sysnative\poqexec.exe

2013-09-08 14:35:29 3CC16A849E6092E43909F48EF0E60306 226816 ----a-w- C:\Windows\Sysnative\dhcpcore6.dll

2013-09-08 14:35:29 3C06D5A929B798D0B13F6481242A0FD2 55296 ----a-w- C:\Windows\Sysnative\dhcpcsvc6.dll

2013-09-08 14:35:26 F4C640E85DB6450CB221E5224AA2AB51 3717632 ----a-w- C:\Windows\Sysnative\mstscax.dll

2013-09-08 14:35:25 CE4157E4B1E5041D252EF38EB61E9F0C 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll

2013-09-08 14:35:25 9F5C2F0CFEF95B4653E21443CDC0D587 158720 ----a-w- C:\Windows\Sysnative\aaclient.dll

2013-09-08 14:35:19 A6B726DCA228F7878E38368A1BDC68BE 139776 ----a-w- C:\Windows\Sysnative\cryptnet.dll

2013-09-08 14:35:19 959041D7014C97133D859B45BCA0FC58 224256 ----a-w- C:\Windows\Sysnative\wintrust.dll

2013-09-08 14:35:19 6B400F211BEE880A37A1ED0368776BF4 184320 ----a-w- C:\Windows\Sysnative\cryptsvc.dll

2013-09-08 14:35:19 287998A9BA0140ABB59792CDEB2F8483 1472512 ----a-w- C:\Windows\Sysnative\crypt32.dll

2013-09-08 14:35:13 037A719DAD50603202C978CD802623E4 509952 ----a-w- C:\Windows\Sysnative\ntshrui.dll

2013-09-08 14:34:56 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\Sysnative\consent.exe

2013-09-08 14:34:56 9D2A2369AB4B08A4905FE72DB104498F 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll

2013-09-08 14:34:56 3EF480BFED1B5947A32585E30A58D4ED 1930752 ----a-w- C:\Windows\Sysnative\authui.dll

2013-09-08 14:34:53 FE90B750AB808FB9DD8FBB428B5FF83B 230400 ----a-w- C:\Windows\Sysnative\wwansvc.dll

2013-09-08 14:34:53 30B1489F2DCD8DC1AB6BB60CA6093615 48640 ----a-w- C:\Windows\Sysnative\wwanprotdim.dll

2013-09-08 14:34:46 B3CA3253009D26666F5BCB16E77D2618 2048 ----a-w- C:\Windows\Sysnative\tzres.dll

2013-09-08 14:34:38 D29200AB0B37B7293C6942EAF755295E 1888768 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL

2013-09-08 14:34:33 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\Sysnative\rdrmemptylst.exe

2013-09-08 14:34:33 6D5DCC1579B3961D791ABDE286A1CB5E 77312 ----a-w- C:\Windows\Sysnative\rdpwsx.dll

2013-09-08 14:34:33 5B236296E233CAA6BF86BE0C6501A224 149504 ----a-w- C:\Windows\Sysnative\rdpcorekmts.dll

2013-09-08 14:34:32 1573C45E65DE32B1BC3572634F8F1E8E 340992 ----a-w- C:\Windows\Sysnative\schannel.dll

2013-09-08 14:34:31 26036E228D2467DE6975AD819C22C043 1217024 ----a-w- C:\Windows\Sysnative\rpcrt4.dll

2013-09-08 14:34:29 99B91C5D2FCEF218CAD3600ECB62A799 2002432 ----a-w- C:\Windows\Sysnative\msxml6.dll

2013-09-08 14:34:29 371948BC5911ABA06168FAC91ED25F06 1882624 ----a-w- C:\Windows\Sysnative\msxml3.dll

2013-09-08 14:34:28 D0EC440FA8D306E4CEFC8CC4DEFD2AC4 2048 ----a-w- C:\Windows\Sysnative\msxml3r.dll

2013-09-08 14:34:19 DC4382E93770B3BF0774DB7FE46C8239 18944 ----a-w- C:\Windows\Sysnative\netevent.dll

2013-09-08 14:34:19 D4FAC263861BAE06971C7F7D0A8EBF15 216576 ----a-w- C:\Windows\Sysnative\ncsi.dll

2013-09-08 14:34:19 8AD77806D336673F270DB31645267293 303104 ----a-w- C:\Windows\Sysnative\nlasvc.dll

2013-09-08 14:34:19 59B3BE37BAFBD40715F45D580783738B 246272 ----a-w- C:\Windows\Sysnative\netcorehc.dll

2013-09-08 14:34:19 46BB91A169B9B31FF44EB04C48EC1D41 70656 ----a-w- C:\Windows\Sysnative\nlaapi.dll

2013-09-08 14:34:19 08C2957BB30058E663720C5606885653 569344 ----a-w- C:\Windows\Sysnative\iphlpsvc.dll

2013-09-08 14:34:11 53E83F1F6CF9D62F32801CF66D8352A8 209920 ----a-w- C:\Windows\Sysnative\profsvc.dll

2013-09-08 14:34:01 374CE9DAB2F0CB173B8FCF3AB8DB5D1B 478208 ----a-w- C:\Windows\Sysnative\dpnet.dll

2013-09-08 14:34:00 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll

2013-09-08 14:34:00 5F3307352216618221A17CFEF273EEE2 307200 ----a-w- C:\Windows\Sysnative\ncrypt.dll

2013-09-08 14:33:56 A236B1646E96AB06BE0F8D592B6D9A0D 245760 ----a-w- C:\Windows\Sysnative\OxpsConverter.exe

2013-09-08 14:33:40 DBF99FD9CAF75CA66D042BD8D050FF71 800768 ----a-w- C:\Windows\Sysnative\usp10.dll

2013-09-08 14:33:33 EBB73E4E8CA01089CF74ECE506EB7607 43520 ----a-w- C:\Windows\Sysnative\csrr.rs

2013-09-08 14:33:33 D0C01412FBF59C1C25630C49F0C1B803 55296 ----a-w- C:\Windows\Sysnative\cero.rs

2013-09-08 14:33:33 C4B0793E4B97AA36A2A8C81A7AA1979A 44544 ----a-w- C:\Windows\Sysnative\pegibbfc.rs

2013-09-08 14:33:33 A2E0F1E01A0983E9C94565BBEC862BF7 40960 ----a-w- C:\Windows\Sysnative\cob-au.rs

2013-09-08 14:33:33 9BB05674E013C35F4DAED51F5015355D 20480 ----a-w- C:\Windows\Sysnative\pegi-fi.rs

2013-09-08 14:33:33 997938D423CE830161CB6059434E3C9F 45568 ----a-w- C:\Windows\Sysnative\oflc-nz.rs

2013-09-08 14:33:33 6D540AF9B183FC97DC4CC54369561548 20480 ----a-w- C:\Windows\Sysnative\pegi-pt.rs

2013-09-08 14:33:33 661AE5EAC62C4598DD01795CEB915BAE 20480 ----a-w- C:\Windows\Sysnative\pegi.rs

2013-09-08 14:33:33 65A8302C7551CFE45FAA2BC085C9E7E2 15360 ----a-w- C:\Windows\Sysnative\djctq.rs

2013-09-08 14:33:33 5C48A43FC30FC61ECB1335DC646686BC 30720 ----a-w- C:\Windows\Sysnative\usk.rs

2013-09-08 14:33:33 54B11BB2AFBC3D5EBA9C96F0C1820B9B 46592 ----a-w- C:\Windows\Sysnative\fpb.rs

2013-09-08 14:33:33 51D25C805A01A2C4F930F9720CF51FFE 51712 ----a-w- C:\Windows\Sysnative\esrb.rs

2013-09-08 14:33:33 4773EB5962548068547214A620E9ACC3 23552 ----a-w- C:\Windows\Sysnative\oflc.rs

2013-09-08 14:33:33 4489D5D2CB4BA0799F3FB4625DE181CF 21504 ----a-w- C:\Windows\Sysnative\grb.rs

2013-09-08 14:33:33 2BCBA6052374959A30BD7948444DBB79 2746368 ----a-w- C:\Windows\Sysnative\gameux.dll

2013-09-08 14:33:33 027675ED9B34EE1B91505C3B8752649F 441856 ----a-w- C:\Windows\Sysnative\Wpc.dll

2013-09-08 14:33:17 44E1A196DFCB53B01FE4B855C3B56A15 715776 ----a-w- C:\Windows\Sysnative\kerberos.dll

2013-09-08 14:32:50 5EB6E9C8BE1ACC5830780E0F9A846255 3216384 ----a-w- C:\Windows\Sysnative\msi.dll

2013-09-08 14:32:46 1153AC6E133AA849853DFD407B086B80 420064 ----a-w- C:\Windows\Sysnative\locale.nls

2013-09-08 14:32:20 8699D17DFCFCD327784034DB6BD3A422 95744 ----a-w- C:\Windows\Sysnative\synceng.dll

2013-09-08 14:32:20 67CF11E00D026A5C0C88EA5F84D501E5 751104 ----a-w- C:\Windows\Sysnative\win32spl.dll

2013-09-08 14:32:16 639774C9ACD063F028F6084ABF5593AD 68608 ----a-w- C:\Windows\Sysnative\taskhost.exe

2013-09-08 14:32:08 C06FAAF13E37CE482F612AFF2D2331F3 30720 ----a-w- C:\Windows\Sysnative\cryptdlg.dll

2013-09-08 14:32:00 EEEA40F0EDB0A6E5359E539E15D0BC77 73216 ----a-w- C:\Windows\Sysnative\netapi32.dll

2013-09-08 14:32:00 05F5A0D14A2EE1D8255C2AA0E9E8E694 136704 ----a-w- C:\Windows\Sysnative\browser.dll

2013-09-08 14:32:00 012787CEB35505EB78DF82E0A0072888 59392 ----a-w- C:\Windows\Sysnative\browcli.dll

2013-09-08 14:31:58 D5164131D596A070FF9C82BC4A488F1F 503808 ----a-w- C:\Windows\Sysnative\srcore.dll

2013-09-08 14:31:52 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\Sysnative\certutil.exe

2013-09-08 14:31:52 189B0BAE1B0EDD51CEF1CD3F4CDEE02E 52224 ----a-w- C:\Windows\Sysnative\certenc.dll

2013-09-08 14:31:47 45CFBFA8EDC3DF4E2B7FB0D0260FE051 956928 ----a-w- C:\Windows\Sysnative\localspl.dll

2013-09-08 14:31:35 1FEB1694B13247A451B274E114AFAC45 1133568 ----a-w- C:\Windows\Sysnative\cdosys.dll

2013-09-08 14:31:33 4C92EB7535CAA1681A77D928FBF9771F 1887232 ----a-w- C:\Windows\Sysnative\d3d11.dll

2013-09-08 14:31:30 85DAA09A98C9286D4EA2BA8D0E644377 559104 ----a-w- C:\Windows\Sysnative\spoolsv.exe

2013-09-08 13:57:45 C1C03EA437EDDA8A7D4D8786E5AE6751 57880 ----a-w- C:\Windows\Sysnative\wuauclt.exe

2013-09-08 13:57:45 7FE0D0C8F53735EA17C9AE93EFE7AD5A 44056 ----a-w- C:\Windows\Sysnative\wups2.dll

2013-09-08 13:57:45 50EBD31C3527366FAFA468BD609F7352 2622464 ----a-w- C:\Windows\Sysnative\wucltux.dll

2013-09-08 13:57:44 D9EF901DCA379CFE914E9FA13B73B4C4 2428952 ----a-w- C:\Windows\Sysnative\wuaueng.dll

2013-09-08 13:57:34 E746ED90132C6B6313CE9179F56BD31D 38424 ----a-w- C:\Windows\Sysnative\wups.dll

2013-09-08 13:57:34 C47F35CC6FA4F1BDBEF8F87AC1A46537 701976 ----a-w- C:\Windows\Sysnative\wuapi.dll

2013-09-08 13:57:34 4AA6AA52A16EED6481E83D73EED4C8D5 99840 ----a-w- C:\Windows\Sysnative\wudriver.dll

2013-09-08 13:57:17 FF0729002E081668620A681182D63FE6 36864 ----a-w- C:\Windows\Sysnative\wuapp.exe

2013-09-08 13:57:17 3E38C20AC83B01C45723B63B0F7A8FDC 186752 ----a-w- C:\Windows\Sysnative\wuwebv.dll

====== C:\Windows\Sysnative\drivers =====

2013-09-11 19:52:09 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\Sysnative\drivers\ataport.sys

2013-09-10 17:49:31 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys

2013-09-09 16:13:09 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf

2013-09-09 16:13:05 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\Sysnative\drivers\WdfLdr.sys

2013-09-09 16:13:05 442783E2CB0DA19873B7A63833FF4CB4 785512 ----a-w- C:\Windows\Sysnative\drivers\Wdf01000.sys

2013-09-09 15:35:27 DDA4CAF29D8C0A297F886BFE561E6659 198656 ----a-w- C:\Windows\Sysnative\drivers\WUDFRd.sys

2013-09-09 15:35:27 AB886378EEB55C6C75B4F2D14B6C869F 87040 ----a-w- C:\Windows\Sysnative\drivers\WUDFPf.sys

2013-09-09 15:35:24 933222B19FF3E7EA5F65517EA1F7D57E 3 ----a-w- C:\Windows\Sysnative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf

2013-09-08 18:34:29 79D51E7F5926E8CE1B3EBECEBAE28CFF 255552 ----a-w- C:\Windows\Sysnative\drivers\mcdbus.sys

2013-09-08 14:35:51 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

2013-09-08 14:35:50 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys

2013-09-08 14:34:52 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys

2013-09-08 14:34:39 760E38053BF56E501D562B70AD796B88 950128 ----a-w- C:\Windows\Sysnative\drivers\ndis.sys

2013-09-08 14:34:39 0E01641D96889BDEB22DE12D30575B08 41472 ----a-w- C:\Windows\Sysnative\drivers\RNDISMP.sys

2013-09-08 14:34:35 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys

2013-09-08 14:34:32 9AC4F97C2D3E93367E2148EA940CD2CD 458704 ----a-w- C:\Windows\Sysnative\drivers\cng.sys

2013-09-08 14:34:32 97A7070AEA4C058B6418519E869A63B4 95600 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys

2013-09-08 14:34:32 26C43A7C2862447EC59DEDA188D1DA07 151920 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys

2013-09-08 14:34:19 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 ----a-w- C:\Windows\Sysnative\drivers\tcpipreg.sys

2013-09-08 14:33:37 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\Sysnative\drivers\tssecsrv.sys

2013-09-08 14:33:23 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\Sysnative\drivers\rdpwd.sys

2013-09-08 14:32:01 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\Sysnative\drivers\tcpip.sys

2013-09-08 14:32:01 7942B7AC3FF598F8A1736D51ADAF04E8 376688 ----a-w- C:\Windows\Sysnative\drivers\netio.sys

2013-09-08 14:32:01 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\Sysnative\drivers\FWPKCLNT.SYS

2013-09-08 14:31:59 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\Sysnative\drivers\fvevol.sys

2013-09-08 13:24:40 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdFs_01_09_00.Wdf

====== C:\Windows\Tasks ======

2013-09-08 18:49:30 -------- d-----w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform

2013-09-08 15:51:04 A09619FB02EBE2F5E38AB52026DA958B 4046 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineUA

2013-09-08 15:51:04 343A6C36D4E18BDE2FAE86A31152867A 1050 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-09-08 15:51:03 89710A13A4B548439EC8FBC2398A6A3B 1046 ----a-w- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-09-08 15:51:03 236DA5CAC85F9E55BF694445B8BEB2CE 3794 ----a-w- C:\Windows\Sysnative\Tasks\GoogleUpdateTaskMachineCore

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-09-08 19:58:26 -------- d-----w- C:\Program Files\Common Files\EPSON

2013-09-08 19:53:43 -------- d-----w- C:\Program Files\EpsonNet

2013-09-08 19:11:33 -------- d-----w- C:\Program Files\DivX

2013-09-08 18:47:35 -------- d-----w- C:\Program Files\Common Files\DESIGNER

2013-09-08 18:46:27 -------- d-----w- C:\Program Files\Microsoft Synchronization Services

2013-09-08 18:45:48 -------- d-----w- C:\Program Files\Microsoft SQL Server Compact Edition

2013-09-08 18:43:01 -------- d-----w- C:\Program Files\Microsoft Analysis Services

2013-09-08 18:41:57 -------- d-----w- C:\Program Files\Microsoft Office

2013-09-08 16:12:58 -------- d-----w- C:\Program Files\WinRAR

======= C:\Program Files (x86) =====

2013-09-10 17:15:39 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-09-09 17:11:57 -------- d-----w- C:\Program Files (x86)\GorillaPrice

2013-09-09 17:11:13 -------- d-----w- C:\Program Files (x86)\OpenDownloaderManager

2013-09-09 17:01:11 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe

2013-09-09 17:01:11 -------- d-----w- C:\Program Files (x86)\Adobe

2013-09-08 20:05:43 -------- d-----w- C:\Program Files (x86)\MyFree Codec

2013-09-08 20:01:29 -------- d-----w- C:\Program Files (x86)\Samsung

2013-09-08 19:55:09 -------- d-----w- C:\Program Files (x86)\Epson Software

2013-09-08 19:52:47 -------- d-----w- C:\Program Files (x86)\Common Files\EPSON

2013-09-08 19:51:38 -------- d-----w- C:\Program Files (x86)\EpsonNet

2013-09-08 19:51:36 -------- d--h--w- C:\Program Files (x86)\InstallShield Installation Information

2013-09-08 19:50:16 -------- d-----w- C:\Program Files (x86)\epson

2013-09-08 19:11:19 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2013-09-08 19:10:13 -------- d-----w- C:\Program Files (x86)\Xvid

2013-09-08 19:10:06 -------- d-----w- C:\Program Files (x86)\Lame For Audacity

2013-09-08 19:10:06 -------- d-----w- C:\Program Files (x86)\Haali

2013-09-08 19:10:05 -------- d-----w- C:\Program Files (x86)\DSP-worx

2013-09-08 19:10:04 -------- d-----w- C:\Program Files (x86)\OpenSource Flash Video Splitter

2013-09-08 18:45:48 -------- d-----w- C:\Program Files (x86)\Microsoft.NET

2013-09-08 18:44:02 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-09-08 18:43:01 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-09-08 18:42:04 -------- d-----w- C:\Program Files (x86)\Microsoft Office

2013-09-08 18:34:28 -------- d-----w- C:\Program Files (x86)\MagicDisc

2013-09-08 18:23:45 -------- d-----w- C:\Program Files (x86)\Nero

2013-09-08 18:23:26 -------- d-----w- C:\Program Files (x86)\Common Files\Nero

2013-09-08 18:16:45 -------- d-----w- C:\Program Files (x86)\QuickPar

2013-09-08 17:02:43 -------- d-----w- C:\Program Files (x86)\GrabIt

2013-09-08 15:51:00 -------- d-----w- C:\Program Files (x86)\Google

======= C: =====

2013-09-08 17:31:36 BE30F41A4482D76AE88F2DC932C218CD 310579 --sh--r- C:\OGLXB

====== C:\Users\WBH\AppData\Roaming ======

2013-09-12 05:09:19 !HASH: COULD NOT OPEN FILE !!!!! 2048 --sha-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\lastalive1.dat

2013-09-12 05:09:19 !HASH: COULD NOT OPEN FILE !!!!! 2048 --sha-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\lastalive0.dat

2013-09-11 18:06:22 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm

2013-09-11 17:40:11 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking

2013-09-10 17:22:20 -------- d-----w- C:\Users\WBH\AppData\Local\Samsung

2013-09-10 17:22:18 -------- d-----w- C:\Users\WBH\AppData\Roaming\Samsung

2013-09-10 16:46:41 -------- d-s---w- C:\Windows\serviceprofiles\Localservice\AppData\Locallow\Microsoft

2013-09-10 05:27:17 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help

2013-09-10 05:27:17 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help

2013-09-09 21:06:20 468DA71E3E6E7E4B086EA03C6774EA4C 454608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\FontCache3.0.0.0.dat

2013-09-09 21:05:42 -------- d-----w- C:\Users\WBH\AppData\Locallow\Adobe

2013-09-09 17:00:25 -------- d-----w- C:\Users\WBH\AppData\Local\Adobe

2013-09-09 16:52:03 EE98A89647C637EBE73ABE3B3683BC45 8388608 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-S-1-5-21-1054695275-82366836-2359058252-1000.dat

2013-09-09 16:51:42 -------- d-----w- C:\Users\WBH\AppData\Local\Programs

2013-09-09 16:42:00 98D511DD3DD975200DB0F9BD8629F3CC 16777216 ----a-w- C:\Windows\serviceprofiles\Localservice\AppData\Local\~FontCache-FontFace.dat

2013-09-08 20:27:30 -------- d-----w- C:\Users\WBH\AppData\Local\Diagnostics

2013-09-08 20:23:49 -------- d-----w- C:\Users\WBH\AppData\Roaming\Epson

2013-09-08 20:10:03 309BA0925B8947A8D4A4D36981C527A0 116 ----a-w- C:\Users\WBH\AppData\Roaming\WB.CFG

2013-09-08 20:10:03 1582166AA8006058E0D0EED662E580C5 5 ----a-w- C:\Users\WBH\AppData\Roaming\WBPU-TTL.DAT

2013-09-08 20:00:44 -------- d-----w- C:\Users\WBH\AppData\Local\Downloaded Installations

2013-09-08 19:10:06 -------- d-----w- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter

2013-09-08 19:10:05 -------- d-----w- C:\Users\WBH\AppData\Roaming\LavFilters

2013-09-08 19:10:05 -------- d-----w- C:\Users\WBH\AppData\Roaming\CDXReader

2013-09-08 19:04:29 -------- d-----w- C:\Users\WBH\AppData\Roaming\Outertech

2013-09-08 18:37:28 -------- d-----w- C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Nero

2013-09-08 18:36:27 -------- d-----w- C:\Users\WBH\AppData\Roaming\Nero

2013-09-08 18:36:21 -------- d-----w- C:\Users\NeroMediaHomeUser.4\AppData\Local\Nero

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\AppData\Local\Temporary Internet Files

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\AppData\Local\Geschiedenis

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\AppData\Local\Application Data

2013-09-08 18:36:18 -------- d-s---w- C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft

2013-09-08 18:36:18 -------- d-----w- C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Media Center Programs

2013-09-08 18:36:18 -------- d-----w- C:\Users\NeroMediaHomeUser.4\AppData\Local\Temp

2013-09-08 18:36:18 -------- d-----w- C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-09-08 18:36:17 -------- d-----w- C:\Users\WBH\AppData\Local\Nero

2013-09-08 18:34:57 -------- d-----w- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc

2013-09-08 18:27:52 -------- d-----w- C:\Users\WBH\AppData\Local\QuickPar

2013-09-08 18:16:46 -------- d-----w- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\QuickPar

2013-09-08 18:10:57 -------- d-----w- C:\Users\WBH\AppData\Local\Microsoft Help

2013-09-08 17:04:02 -------- d-----w- C:\Users\WBH\AppData\Roaming\GrabIt

2013-09-08 16:13:11 -------- d-----w- C:\Users\WBH\AppData\Roaming\WinRAR

2013-09-08 16:13:11 -------- d-----w- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-09-08 15:50:53 -------- d-----w- C:\Users\WBH\AppData\Local\Google

2013-09-08 15:50:34 -------- d-----w- C:\Users\WBH\AppData\Local\Apps

2013-09-08 15:50:32 -------- d-----w- C:\Users\WBH\AppData\Local\Deployment

2013-09-08 15:49:30 -------- d-sh--w- C:\Users\WBH\AppData\Locallow\Microsoft

2013-09-08 15:26:24 -------- d-----w- C:\Users\WBH\AppData\Roaming\Adobe

2013-09-08 15:24:34 -------- dc----w- C:\Users\WBH\AppData\Local\MigWiz

2013-09-08 15:22:12 -------- d-----r- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-09-08 15:22:12 -------- d-----r- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-09-08 15:22:02 -------- d-----w- C:\Users\WBH\AppData\Roaming\Identities

2013-09-08 15:21:54 -------- d-----w- C:\Users\WBH\AppData\Local\VirtualStore

2013-09-08 14:19:30 -------- d-s---w- C:\Windows\serviceprofiles\networkservice\AppData\Locallow\Microsoft

2013-09-08 13:56:57 716392FA5E276DDC4915B61431D71984 109280 ----a-w- C:\Users\WBH\AppData\Local\GDIPFONTCACHEV1.DAT

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\AppData\Local\Temporary Internet Files

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\AppData\Local\Geschiedenis

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\AppData\Local\Application Data

2013-09-08 13:56:37 -------- d-s---w- C:\Users\WBH\AppData\Roaming\Microsoft

2013-09-08 13:56:37 -------- d-----w- C:\Users\WBH\AppData\Roaming\Media Center Programs

2013-09-08 13:56:37 -------- d-----w- C:\Users\WBH\AppData\Local\Temp

2013-09-08 13:56:37 -------- d-----w- C:\Users\WBH\AppData\Local\Microsoft

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-09-08 13:56:23 -------- d-sh--we C:\Users\Default\AppData\Local\Geschiedenis

2013-09-08 13:56:23 -------- d-sh--we C:\Users\Default User\AppData\Local\Geschiedenis

====== C:\Users\WBH ======

2013-09-11 18:07:44 -------- d-----w- C:\ProgramData\boost_interprocess

2013-09-10 19:13:53 720CBF9C4E60540122BED3EA8CC0EAAC 1037278 ----a-w- C:\Users\WBH\Downloads\adwcleaner (1).exe

2013-09-10 19:13:03 720CBF9C4E60540122BED3EA8CC0EAAC 1037278 ----a-w- C:\Users\WBH\Downloads\adwcleaner.exe

2013-09-10 17:48:25 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\WBH\Desktop\mbam-setup-1.75.0.1300.exe

2013-09-10 17:48:03 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\WBH\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-09 17:12:03 -------- d-----w- C:\ProgramData\GorillaPrice

2013-09-09 17:11:37 -------- d-----w- C:\ProgramData\DSearchLink

2013-09-09 17:10:59 07C604697E24B19BBF09C23A75303573 465024 ----a-w- C:\Users\WBH\Downloads\Setup_ODM.exe

2013-09-09 17:00:53 -------- d-----w- C:\ProgramData\Adobe

2013-09-08 20:05:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec

2013-09-08 20:03:12 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2013-09-08 20:01:29 -------- d-----w- C:\ProgramData\Samsung

2013-09-08 20:00:19 47956AB9E4AEA9EEECFB8937DF6023A4 69599992 ----a-w- C:\Users\WBH\Downloads\KiesSetup.exe

2013-09-08 19:55:31 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software

2013-09-08 19:50:29 -------- d-----w- C:\ProgramData\EPSON

2013-09-08 19:50:17 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON

2013-09-08 19:10:22 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid

2013-09-08 19:10:10 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter

2013-09-08 19:10:05 -------- d-----w- C:\ProgramData\DivX

2013-09-08 19:03:38 001D36AAD1AA9CE2E39E68BFA3069ECF 1194536 ----a-w- C:\Users\WBH\Downloads\getdiz48.exe

2013-09-08 18:48:14 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint

2013-09-08 18:48:13 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2013-09-08 18:36:19 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\NeroMediaHomeUser.4\ntuser.ini

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Sjablonen

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\SendTo

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Recent

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Netwerkprinteromgeving

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\NetHood

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Mijn documenten

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Menu Start

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Local Settings

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Cookies

2013-09-08 18:36:19 -------- d-sh--we C:\Users\NeroMediaHomeUser.4\Application Data

2013-09-08 18:36:18 -------- d--h--w- C:\Users\NeroMediaHomeUser.4\AppData

2013-09-08 18:36:18 -------- d-----w- C:\Users\NeroMediaHomeUser.4\Saved Games

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Videos

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Pictures

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Music

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Links

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Favorites

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Downloads

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Documents

2013-09-08 18:36:18 -------- d-----r- C:\Users\NeroMediaHomeUser.4\Desktop

2013-09-08 18:34:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc

2013-09-08 18:34:13 22EAB34E639CF9596F62CA063486CAEF 1352435 ----a-w- C:\Users\WBH\Downloads\setup_magicdisc106.exe

2013-09-08 18:24:05 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero

2013-09-08 18:23:30 -------- d-----w- C:\ProgramData\Nero

2013-09-08 18:16:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickPar

2013-09-08 18:16:22 6FB201020B62B57586CA762DEC51A982 501363 ----a-w- C:\Users\WBH\Downloads\QuickPar-0.9.1.0.exe

2013-09-08 18:10:44 -------- d-----w- C:\ProgramData\Microsoft Help

2013-09-08 17:02:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GrabIt

2013-09-08 16:13:11 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2013-09-08 16:12:38 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\WBH\Downloads\winrar-x64-420nl.exe

2013-09-08 15:55:09 49E73BA0664838DBA942995B66C9421C 13834944 ----a-w- C:\Users\WBH\Downloads\MSEInstall.exe

2013-09-08 15:51:37 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome

2013-09-08 15:22:11 -------- d-----r- C:\Users\WBH\Searches

2013-09-08 15:21:57 -------- d-----r- C:\Users\WBH\Contacts

2013-09-08 13:56:37 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\WBH\ntuser.ini

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Sjablonen

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\SendTo

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Recent

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Netwerkprinteromgeving

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\NetHood

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Mijn documenten

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Menu Start

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Local Settings

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Cookies

2013-09-08 13:56:37 -------- d-sh--we C:\Users\WBH\Application Data

2013-09-08 13:56:37 -------- d--h--w- C:\Users\WBH\AppData

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Videos

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Saved Games

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Pictures

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Music

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Links

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Favorites

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Downloads

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Documents

2013-09-08 13:56:37 -------- d-----r- C:\Users\WBH\Desktop

2013-09-08 13:56:23 -------- d-sh--we C:\Users\Default\Sjablonen

2013-09-08 13:56:23 -------- d-sh--we C:\Users\Default\Netwerkprinteromgeving

2013-09-08 13:56:23 -------- d-sh--we C:\Users\Default\Mijn documenten

2013-09-08 13:56:23 -------- d-sh--we C:\Users\Default\Menu Start

2013-09-08 13:56:23 -------- d-sh--we C:\ProgramData\Sjablonen

2013-09-08 13:56:23 -------- d-sh--we C:\ProgramData\Menu Start

2013-09-08 13:56:23 -------- d-sh--we C:\ProgramData\Favorieten

2013-09-08 13:56:23 -------- d-sh--we C:\ProgramData\Documenten

2013-09-08 13:56:23 -------- d-sh--we C:\ProgramData\Bureaublad

2013-09-07 17:23:20 -------- d-----w- C:\Users\WBH\{0f80cec1-a19c-4776-9dc0-ad2644b08ad6}

====== C: exe-files ==

2013-09-11 20:08:53 73BA149C61D2B164E25E1455D9D7F648 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-09-11 20:08:53 43852485D0B78C021A47E9548A4CFFE0 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-09-11 20:08:53 3581F49B7B32B4514FFD9481ED8BAE61 51712 ----a-w- C:\Windows\System32\ie4uinit.exe

2013-09-11 20:08:49 37287D98A1BF5D56AA729CEB9B27C6B1 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe

2013-09-11 20:08:49 351657C79B62B91E16A95AD23EA3710D 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe

2013-09-11 19:52:24 1A9E4EE88B31750E5CA207424143F99C 3968960 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe

2013-09-11 19:52:23 63B563F1FC047AB3E21530DBBE773260 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-09-11 19:52:23 5D0325AEF9DE48330908EC2E2DB0359F 3913664 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe

2013-09-11 19:52:20 F0970A4BC8395659C22BF53D0FADF16F 112640 ----a-w- C:\Windows\System32\smss.exe

2013-09-11 19:52:20 BF95EA5809E3BBF55370F7CB309FEBD0 338432 ----a-w- C:\Windows\System32\conhost.exe

2013-09-11 19:52:16 B83592F532FB320F0001F8099ECC192B 7680 ----a-w- C:\Windows\SysWOW64\instnm.exe

2013-09-11 19:52:16 8489D083E46BFD2096A6CECFF6C7C227 2048 ----a-w- C:\Windows\SysWOW64\user.exe

2013-09-11 19:52:16 3808FD7522646BEB1CCEA94C45D4228C 25600 ----a-w- C:\Windows\SysWOW64\setup16.exe

2013-09-10 19:13:53 720CBF9C4E60540122BED3EA8CC0EAAC 1037278 ----a-w- C:\Users\WBH\Downloads\adwcleaner (1).exe

2013-09-10 19:13:03 720CBF9C4E60540122BED3EA8CC0EAAC 1037278 ----a-w- C:\Users\WBH\Downloads\adwcleaner.exe

2013-09-10 17:48:25 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\WBH\Desktop\mbam-setup-1.75.0.1300.exe

2013-09-10 17:48:03 683FDD3D773C58B262DC07CD0C6CE938 10285040 ----a-w- C:\Users\WBH\Downloads\mbam-setup-1.75.0.1300.exe

2013-09-10 05:13:32 B2D0C12B7BBDA33E0FD403DD3CB4C26A 1169224 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2E93BFD3-834C-9B61-86C1-A5D44F28156C}-vbc.exe

2013-09-09 17:10:59 07C604697E24B19BBF09C23A75303573 465024 ----a-w- C:\Users\WBH\Downloads\Setup_ODM.exe

2013-09-09 16:38:43 3CEC96DE223E49EAAE3651FCF8FAEA6C 1255736 ----a-w- C:\Windows\System32\Wat\WatAdminSvc.exe

2013-09-09 16:38:43 05E9265E2228799B68DC0F58A94E1AB8 249656 ----a-w- C:\Windows\System32\Wat\WatUX.exe

2013-09-09 15:59:38 5051BB40FFB2BA4870C0A059CA03294F 1054720 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2013-09-09 15:59:36 52A7D73D5570F757D865DDECD087FB41 138752 ----a-w- C:\Windows\SysWOW64\wextract.exe

2013-09-09 15:59:36 038F76279EC64878A072D988DE13C7B2 150528 ----a-w- C:\Windows\SysWOW64\iexpress.exe

2013-09-09 15:59:34 F8B9B71F32BC739402881D66DFE102E0 137216 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe

2013-09-09 15:59:34 3AB2A38F7EA9E62D176A78FB58761E24 12800 ----a-w- C:\Windows\SysWOW64\mshta.exe

2013-09-09 15:59:33 6DF2C6438CFF6EFCBBB88AEE01795501 73728 ----a-w- C:\Windows\SysWOW64\SetIEInstalledDate.exe

2013-09-09 15:59:33 56E51C26745FF7413514EA4DDF33BC6C 11776 ----a-w- C:\Windows\SysWOW64\msfeedssync.exe

2013-09-09 15:59:33 15CCEAC53648FF7C17AE98923BCD3D75 24576 ----a-w- C:\Program Files (x86)\Internet Explorer\ExtExport.exe

2013-09-09 15:59:32 5397E32E882C0148CEC13D9EACFB7157 222208 ----a-w- C:\Program Files (x86)\Internet Explorer\ielowutil.exe

2013-09-09 15:59:32 3090B888E263E56744F8BFEF3A36D67D 467456 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe

2013-09-09 15:59:29 05277EDA27E5A55CA22AC37DAC47DD23 223744 ----a-w- C:\Program Files\Internet Explorer\ielowutil.exe

2013-09-09 15:59:27 D9C10A4A0B3411146E6FC8936B079934 167424 ----a-w- C:\Windows\System32\iexpress.exe

2013-09-09 15:59:27 40738329209CBE2C9B48F7E30F7C1414 144896 ----a-w- C:\Windows\System32\wextract.exe

2013-09-09 15:59:26 61FD8E6D361E223F86D27933CE55973B 173568 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-09-09 15:59:25 658E8FEC79A4AB5BFDE032627B5C9667 13824 ----a-w- C:\Windows\System32\mshta.exe

2013-09-09 15:59:24 F651D95B5043EFC20A6108A853553984 92160 ----a-w- C:\Windows\System32\SetIEInstalledDate.exe

2013-09-09 15:59:24 82D602EBBBA6D08E4691F32269FD3494 12800 ----a-w- C:\Windows\System32\msfeedssync.exe

2013-09-09 15:59:22 D57BCCD989555B0D6E47AE0F364DD4D3 327680 ----a-w- C:\Program Files\Internet Explorer\iediagcmd.exe

2013-09-09 15:59:22 4BA4770D890B320DAB575B07C7DAF59D 481280 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe

2013-09-09 15:46:49 85D6E8F735865B502D65D1D91A79E3F3 294912 ----a-w- C:\Windows\System32\browserchoice.exe

2013-09-09 15:44:07 C7ECEFD495A679284D0E9BC069F96246 79143768 ----a-w- C:\Windows\System32\MRT.exe

2013-09-09 15:35:24 8ABFE00F213F2571498F1B8FD7939A98 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-09-08 20:06:15 A69F00D9B61DC325BAD3737A757DFD22 1515288 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\Uninstall.exe

2013-09-08 20:05:46 951FD01F89EE6270089483A3DC02D97D 60494 ----a-w- C:\Program Files (x86)\MyFree Codec\1.0b beta\uninstall.exe

2013-09-08 20:05:23 E12A2057CF7726640354B00D672893EE 3768712 ----a-w- C:\Program Files (x86)\Samsung\Kies\External\MediaModules\MyFreeCodecPack.exe

2013-09-08 20:02:54 071FFD4A92903DB5A7F025CCC1BF10CE 987744 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe

2013-09-08 20:00:19 47956AB9E4AEA9EEECFB8937DF6023A4 69599992 ----a-w- C:\Users\WBH\Downloads\KiesSetup.exe

2013-09-08 19:58:26 7DB097F4F6786307168C0DDDEC43A565 166400 ----a-w- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

2013-09-08 19:58:26 258AA65A0862E19B7DE6981FDA3758AD 128512 ----a-w- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

2013-09-08 19:52:47 1B3703417E44E905B3DA8E2D0596A275 112640 ----a-r- C:\Program Files (x86)\Common Files\EPSON\ADDNET\E_ADDNET.EXE

2013-09-08 19:51:42 28F8DD5B15E658ACE05BE921C6B6C265 19456 ----a-w- C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\x64\EpDevMgr.exe

2013-09-08 19:51:41 C542A0D493503BE2A6B02F691C64B908 87440 ----a-w- C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENWLS.exe

2013-09-08 19:51:41 6A2252B1B881355C8C77C073FEC5F3E4 75152 ----a-w- C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENMM.exe

2013-09-08 19:51:39 F4891DB284DD86E90E84A200F2DC00C6 587744 ----a-w- C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\DSUPDATE.EXE

2013-09-08 19:51:39 40F46CC5055C528E490114287FBBE0CA 2553248 ----a-w- C:\Program Files (x86)\EpsonNet\EpsonNet Setup\tool10\ENEasyApp.exe

2013-09-08 19:51:37 A0FEBEC27284444E4D46B30492089950 398768 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{C9D8A041-2963-4B31-8FFC-1500F3DB9293}\setup.exe

2013-09-08 19:50:51 4729BDAC97A2A1433FF84746AFA1E0BB 1297848 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_IINSGCE.EXE

2013-09-08 19:50:50 407F5F94A4795480DDD632CACE26A0B8 150016 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_IHUTGCE.EXE

2013-09-08 19:50:49 FAA8E7CD995A8A74C474CC38875C8886 208896 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_FBCSGCE.EXE

2013-09-08 19:50:45 7DB097F4F6786307168C0DDDEC43A565 166400 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_S50STB.EXE

2013-09-08 19:50:44 E370C53736DA6D38F073155DD8D9F094 247808 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_IARNGCE.EXE

2013-09-08 19:50:44 258AA65A0862E19B7DE6981FDA3758AD 128512 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_S50RPB.EXE

2013-09-08 19:50:43 082FDDEA336F0A5C627F984635C8D6FC 353760 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_GATO46.EXE

2013-09-08 19:50:42 59FE07B8E6E5D1A5FB65534B49B4779F 289280 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_IPREGCE.EXE

2013-09-08 19:50:42 11BA3D2A83726F254C74D6D7AB595B2F 487392 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_GUPA30.EXE

2013-09-08 19:50:41 42E974C4428C22980B17547D0AE32A83 224768 ----a-w- C:\Windows\System32\spool\drivers\x64\3\E_IATIGCE.EXE

2013-09-08 19:50:39 10614FB7771F8A17E316806926192EED 542680 ----a-w- C:\Windows\System32\spool\drivers\x64\3\OSASOI.EXE

2013-09-08 19:50:17 B73F17DF5CA5A1C748C36CC63297C6E3 155648 ----a-w- C:\Program Files (x86)\epson\escndv\escndv.exe

2013-09-08 19:50:17 9D1DD26950ACAFDB1B4912931B630AFC 316768 ----a-w- C:\Program Files (x86)\epson\escndv\setup\setup.exe

2013-09-08 19:50:17 51F7E818BF3482F8E7E53F1CE531F164 128392 ----a-w- C:\Windows\System32\esdevapp.exe

2013-09-08 19:50:17 3FBA6CE1C727AF0145E0AC7178A352F0 90112 ----a-w- C:\Windows\twain_32\escndv\estcfg.exe

2013-09-08 19:50:17 02F6BFECDFA45458E4661F27D863652E 176128 ----a-w- C:\Windows\twain_32\escndv\escfg.exe

2013-09-08 19:50:16 F766492129DF9993150C76B34722E1C5 49152 ----a-w- C:\Windows\twain_32\escndv\estwm.exe

2013-09-08 19:50:16 F766492129DF9993150C76B34722E1C5 49152 ----a-w- C:\Windows\twain_32\escndv\es00a5\estwm.exe

2013-09-08 19:50:16 B73F17DF5CA5A1C748C36CC63297C6E3 155648 ----a-w- C:\Windows\twain_32\escndv\escndv.exe

2013-09-08 19:12:49 145945C46A622D57DD59B12EA4957F69 932704 ----a-w- C:\ProgramData\DivX\Setup\DivXSetup.exe

2013-09-08 19:11:17 125992839E92CB5C11BEA371CAD33236 436568 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPRKH7OB\Installer[6].exe

2013-09-08 19:11:16 7009766D9BB414B721F671D3C29461A1 455288 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1D65AGE\Installer[6].exe

2013-09-08 19:11:11 0523528BF2D90F4D8D70C84EFF3F2B50 11849288 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MO7NBU\Installer[6].exe

2013-09-08 19:11:04 950F378C706B95225A5061E2B888B7AA 688616 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XG2VERD\Installer[5].exe

2013-09-08 19:11:00 E52E1E3900503008E9943B668D028DBB 15145600 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPRKH7OB\Installer[5].exe

2013-09-08 19:10:59 CB31C9F8FF745C80062B03BC02DC7B2C 3573656 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1D65AGE\Installer[5].exe

2013-09-08 19:10:58 F33760E6692D421C651D84626191E4A3 1473904 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MO7NBU\Installer[5].exe

2013-09-08 19:10:56 60B91E06A084A4F621523C27BCC77FE6 2595096 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XG2VERD\Installer[4].exe

2013-09-08 19:10:50 CE1BACB38075D6D60EBE776E67341D70 293272 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPRKH7OB\Installer[4].exe

2013-09-08 19:10:49 2C459EE7461E287E3CFDD35794E2686F 699504 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1D65AGE\Installer[4].exe

2013-09-08 19:10:49 0CC8B85146C7B6C0167D7D759AC69AE2 510080 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MO7NBU\Installer[4].exe

2013-09-08 19:10:48 C9B74856CB5A407F85624E7A1750F0E1 340216 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XG2VERD\Installer[3].exe

2013-09-08 19:10:47 AC63E95B4D14F74343DE164677C84799 443832 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPRKH7OB\Installer[3].exe

2013-09-08 19:10:47 61CFF6C69825AD397E0E8999D1657A35 293520 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1D65AGE\Installer[3].exe

2013-09-08 19:10:46 319B7F56FF34CF65EB4B9578F39D3DD3 435408 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MO7NBU\Installer[3].exe

2013-09-08 19:10:45 308C77FE9EED5B2631BC8B1AFC4CBE10 2576048 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XG2VERD\Installer[2].exe

2013-09-08 19:10:41 7C9912383F37E4DD988A9C7E173D8590 201456 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1D65AGE\Installer[2].exe

2013-09-08 19:10:41 68C603B1B03E99CC76018443371FCD38 13221128 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPRKH7OB\Installer[2].exe

2013-09-08 19:10:40 E33ED30AA18FAE662949C1D158DB46E5 866584 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MO7NBU\Installer[2].exe

2013-09-08 19:10:23 EDB8927A9C860E154354E9F478C51D31 10655680 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A1D65AGE\Installer[1].exe

2013-09-08 19:10:22 0D1CA5C98239E6ADEDB2626FFFED0514 3509493 ----a-w- C:\Program Files (x86)\Xvid\uninstall.exe

2013-09-08 19:10:21 3A43406E0BD522158E74D19F664DCFD3 973536 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\98MO7NBU\Installer[1].exe

2013-09-08 19:10:20 C48A935B48D420751FD54F2F86E24B91 1352000 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7XG2VERD\Installer[1].exe

2013-09-08 19:10:15 B9B5C142C75E7E2A95E7E958CF6EAB3A 6150331 ----a-w- C:\Program Files (x86)\Xvid\autoupdate-windows.exe

2013-09-08 19:10:15 6D9E1356A9C1B5F36698FAFF9205E34A 8192 ----a-w- C:\Program Files (x86)\Xvid\CheckUpdate.exe

2013-09-08 19:10:15 487AF46145B81C5BC54873E764F93636 13824 ----a-w- C:\Program Files (x86)\Xvid\StatsReader.exe

2013-09-08 19:10:14 C39AD6299E0E1F7AA3F5B51AC9B5CD0E 6144 ----a-w- C:\Program Files (x86)\Xvid\AviC.exe

2013-09-08 19:10:14 95CAEF9DA6E9AEE1ECD627527CFA0F38 9216 ----a-w- C:\Program Files (x86)\Xvid\OGMCalc.exe

2013-09-08 19:10:14 7CE40A557359849EA374E0E4DDE52E26 23040 ----a-w- C:\Program Files (x86)\Xvid\MiniCalc.exe

2013-09-08 19:10:14 4EA4DB3630F7E033B2F94A2FD7B424CE 42297 ----a-w- C:\Program Files (x86)\Haali\MatroskaSplitter\uninstall.exe

2013-09-08 19:10:13 FA31E5F1D353649141D3C78278DD7579 166912 ----a-w- C:\Program Files (x86)\Xvid\MiniConvert.exe

2013-09-08 19:10:13 B3AC5B514760865241C2CB889B919104 952184 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HPRKH7OB\Installer[1].exe

2013-09-08 19:10:13 6AD766E0133C15132877FE64A50D3EBC 144384 ----a-w- C:\Program Files (x86)\Xvid\xvid_encraw.exe

2013-09-08 19:10:06 3D77B4125F1F50AC17B2F26D69945274 475648 ----a-w- C:\Program Files (x86)\Lame For Audacity\lame.exe

2013-09-08 19:10:06 10D2E750A8C68B5154CB8400D9BC3EBE 715038 ----a-w- C:\Program Files (x86)\Lame For Audacity\unins000.exe

2013-09-08 19:10:05 DDC0B6672AB7862A3C2D7AA2ADB6B645 715038 ----a-w- C:\Windows\unins000.exe

2013-09-08 19:10:04 AFF5265F0BBF32E460F8CDE4DF367A7F 34626 ----a-w- C:\Program Files (x86)\OpenSource Flash Video Splitter\uninst.exe

2013-09-08 19:03:38 001D36AAD1AA9CE2E39E68BFA3069ECF 1194536 ----a-w- C:\Users\WBH\Downloads\getdiz48.exe

2013-09-08 18:34:29 A03AE84660953220E522068DC5B486C2 9216 ----a-w- C:\Program Files (x86)\MagicDisc\mcdInst64.exe

2013-09-08 18:34:29 3DCAD928C3BB2163F989110B4C9962A2 36864 ----a-w- C:\Program Files (x86)\MagicDisc\muninst.exe

2013-09-08 18:34:28 A16852B04C0A5654B0B8DFD5E1A25718 576000 ----a-w- C:\Program Files (x86)\MagicDisc\MagicDisc.exe

2013-09-08 18:34:28 973567B98CDFC147DF4E60471D9DF072 153088 ----a-w- C:\Program Files (x86)\MagicDisc\UNWISE.EXE

2013-09-08 18:34:13 22EAB34E639CF9596F62CA063486CAEF 1352435 ----a-w- C:\Users\WBH\Downloads\setup_magicdisc106.exe

2013-09-08 18:16:46 ED8047EC2E557F7380B7BAE78528282E 56869 ----a-w- C:\Program Files (x86)\QuickPar\uninst.exe

2013-09-08 18:16:22 6FB201020B62B57586CA762DEC51A982 501363 ----a-w- C:\Users\WBH\Downloads\QuickPar-0.9.1.0.exe

2013-09-08 18:13:58 B2D0C12B7BBDA33E0FD403DD3CB4C26A 1169224 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{23C3A561-9635-4E34-EDF2-DF3202128F2F}-vbc.exe

2013-09-08 17:13:12 B2D0C12B7BBDA33E0FD403DD3CB4C26A 1169224 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{9E7909F9-B9AE-6975-A03F-0ACF1614AD6E}-vbc.exe

2013-09-08 17:02:46 E6FDBB66A816B3D1D96A811069442AC8 229376 ----a-w- C:\Program Files (x86)\GrabIt\external\par2\par2.exe

2013-09-08 17:02:46 578DA05D920D3C450E3F8BA5ECC2AFB5 198144 ----a-w- C:\Program Files (x86)\GrabIt\external\unrar\unrar.exe

2013-09-08 17:02:43 5F7AE768CDD6E925A57E68D527101980 715038 ----a-w- C:\Program Files (x86)\GrabIt\unins000.exe

2013-09-08 17:02:43 197F98BFCD011BDF2E8846CEB5E007B0 4600320 ----a-w- C:\Program Files (x86)\GrabIt\GrabIt.exe

2013-09-08 16:12:59 E1B5CD5FA83D68A113F5E6DC7A025C1B 135168 ----a-w- C:\Program Files\WinRAR\Uninstall.exe

2013-09-08 16:12:59 B7780A54CA2EF7048D2291B1C9856FDB 287744 ----a-w- C:\Program Files\WinRAR\UnRAR.exe

2013-09-08 16:12:59 27798085262CD1C91824CE283EDE088B 1230848 ----a-w- C:\Program Files\WinRAR\WinRAR.exe

2013-09-08 16:12:58 4C2A76CEEE9BECFEFFE78265166182BA 426496 ----a-w- C:\Program Files\WinRAR\Rar.exe

2013-09-08 16:12:58 10FB3DF2521C7F351121A07AD1263FBE 55296 ----a-w- C:\Program Files\WinRAR\Formats\ace32loader.exe

2013-09-08 16:12:38 8B265CCA436DF81B113B9A43A215E4D9 2023116 ----a-w- C:\Users\WBH\Downloads\winrar-x64-420nl.exe

2013-09-08 15:55:09 49E73BA0664838DBA942995B66C9421C 13834944 ----a-w- C:\Users\WBH\Downloads\MSEInstall.exe

2013-09-08 15:51:26 CB139AE37B93E21CD858D748B3DF0EEA 34509664 ----a-w- C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\29.0.1547.66\29.0.1547.66_chrome_installer.exe

2013-09-08 15:51:00 D9A08472D8D0218A0AE2C9D9F63EA531 290696 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe

2013-09-08 15:51:00 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdateSetup.exe

2013-09-08 15:51:00 8726802EA4FBFFA3FD54FD2449BF51D4 217992 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

2013-09-08 15:51:00 6466C051022547489D3409205128881B 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdateBroker.exe

2013-09-08 15:51:00 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

2013-09-08 15:51:00 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdate.exe

2013-09-08 15:51:00 1CA3976D1B1FE826ADF339F90AC25C60 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe

2013-09-08 15:50:48 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\WBH\AppData\Local\Apps\2.0\5C9GQ29J.L4Y\M5WCLAVC.4JZ\inst...app_4fe91ede9f9bdca3_0001.0003_fc100576141c6894\GoogleUpdateSetup.exe

2013-09-08 15:50:48 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\WBH\AppData\Local\Apps\2.0\5C9GQ29J.L4Y\M5WCLAVC.4JZ\clic...exe_4fe91ede9f9bdca3_0001.0003_none_81523f7b64d98436\GoogleUpdateSetup.exe

2013-09-08 15:50:48 2D479A35439E0DFBDBF2FDB6DEE8D49B 10120 ------w- C:\Users\WBH\AppData\Local\Apps\2.0\5C9GQ29J.L4Y\M5WCLAVC.4JZ\inst...app_4fe91ede9f9bdca3_0001.0003_fc100576141c6894\clickonce_bootstrap.exe

2013-09-08 14:35:31 F28D6538F76DC6ECFABF6176DBDD2664 142336 ----a-w- C:\Windows\System32\poqexec.exe

2013-09-08 14:35:31 20104EA66332D24D7C65BBB087C56737 123904 ----a-w- C:\Windows\SysWOW64\poqexec.exe

2013-09-08 14:34:56 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\System32\consent.exe

2013-09-08 14:34:33 9E5D9177660A76FC8DECDC37A91A5B0D 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2013-09-08 14:33:56 A236B1646E96AB06BE0F8D592B6D9A0D 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe

2013-09-08 14:32:16 639774C9ACD063F028F6084ABF5593AD 68608 ----a-w- C:\Windows\System32\taskhost.exe

2013-09-08 14:31:52 4586B77B18FA9A8518AF76CA8FD247D9 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-09-08 14:31:52 0D52559AEF4AA5EAC82F530617032283 903168 ----a-w- C:\Windows\SysWOW64\certutil.exe

2013-09-08 14:31:30 85DAA09A98C9286D4EA2BA8D0E644377 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2013-09-08 14:31:30 127AA81343A7C6F665C22CB1293B0A90 67072 ----a-w- C:\Windows\splwow64.exe

2013-09-08 13:57:45 C1C03EA437EDDA8A7D4D8786E5AE6751 57880 ----a-w- C:\Windows\System32\wuauclt.exe

2013-09-08 13:57:17 FF0729002E081668620A681182D63FE6 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-09-08 11:18:50 F23B45CF2A12CEB0F836290713BAC350 244000 ----a-w- C:\Users\WBH\AppData\Local\Temp\E89A806B-BAB0-7891-B3C7-182A2A7483B1\Latest\ccp.exe

=== C: other files ==

2013-09-11 19:52:09 059F00DEF82BF41E433B7ED465847726 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys

2013-09-11 19:50:01 42A88ECF903BFE11411D188DCE830E84 3155456 ----a-w- C:\Windows\System32\win32k.sys

2013-09-11 17:52:14 D2CF7A188603BF7AAFBC6D64A88176C6 118149 ----a-w- C:\Users\WBH\Downloads\wmpChrome (1).crx

2013-09-11 17:42:58 D2CF7A188603BF7AAFBC6D64A88176C6 118149 ----a-w- C:\Users\WBH\Downloads\wmpChrome.crx

2013-09-10 17:49:31 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-09-10 13:29:55 9CD0D6D484504F85F950D63AA8DB4AB9 22025 ----a-w- C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6VO2XRAW\skin[1].zip

2013-09-09 16:13:05 AEA0A67275CFBA0E463E00C6E9A1DDAE 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-09-09 16:13:05 442783E2CB0DA19873B7A63833FF4CB4 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-09-09 15:35:27 DDA4CAF29D8C0A297F886BFE561E6659 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-09-09 15:35:27 AB886378EEB55C6C75B4F2D14B6C869F 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-09-08 20:06:10 EA8F41484CCC5BA6A1455C2AD3D1BE3C 203672 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudmdm.sys

2013-09-08 20:06:10 D2C02234E3E87EA5FE420F045068099B 181912 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudmdm.sys

2013-09-08 20:06:10 54D0B8343CE8C22412A5F29D32EFD211 84248 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\i386\ssudbus.sys

2013-09-08 20:06:10 0B3F6C8F93C5C25977EA5A8B2E656357 103448 ----a-w- C:\Program Files (x86)\Samsung\USB Drivers\25_escape\amd64\ssudbus.sys

2013-09-08 19:10:15 F0176ACEBF968B6F6DF8743C26258D0F 2967 ----a-w- C:\Program Files (x86)\Xvid\Xvid_Quant_Matrices.zip

2013-09-08 19:10:06 A68D2841F69D19C8B5E73DF72B090482 42 ----a-w- C:\Users\WBH\AppData\Roaming\LavFilters\install_audio.bat

2013-09-08 19:10:06 837B6A02B10F2AEA2F9995CBC8BA9D69 42 ----a-w- C:\Users\WBH\AppData\Roaming\LavFilters\install_video.bat

2013-09-08 19:10:06 812239ED42BE242DFA021C54AAA2FBE3 42 ----a-w- C:\Users\WBH\AppData\Roaming\LavFilters\uninstall_video.bat

2013-09-08 19:10:06 3B8D9245C90B82535C218EFD563E1851 42 ----a-w- C:\Users\WBH\AppData\Roaming\LavFilters\uninstall_audio.bat

2013-09-08 19:10:06 188026412D1AC9AD4C9B132791D87E48 45 ----a-w- C:\Users\WBH\AppData\Roaming\LavFilters\uninstall_splitter.bat

2013-09-08 19:10:06 179F7AA6CFEED6A865ABD9926552A82E 45 ----a-w- C:\Users\WBH\AppData\Roaming\LavFilters\install_splitter.bat

2013-09-08 18:34:29 79D51E7F5926E8CE1B3EBECEBAE28CFF 255552 ----a-w- C:\Windows\SysWOW64\drivers\mcdbus.sys

2013-09-08 18:34:29 79D51E7F5926E8CE1B3EBECEBAE28CFF 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys

2013-09-08 18:34:29 79D51E7F5926E8CE1B3EBECEBAE28CFF 255552 ----a-w- C:\Program Files (x86)\MagicDisc\mcdbus.sys

2013-09-08 14:35:51 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-09-08 14:35:50 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-09-08 14:34:52 B98F8C6E31CD07B2E6F71F7F648E38C0 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-09-08 14:34:39 760E38053BF56E501D562B70AD796B88 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2013-09-08 14:34:39 0E01641D96889BDEB22DE12D30575B08 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2013-09-08 14:34:35 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-09-08 14:34:32 9AC4F97C2D3E93367E2148EA940CD2CD 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2013-09-08 14:34:32 97A7070AEA4C058B6418519E869A63B4 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2013-09-08 14:34:32 26C43A7C2862447EC59DEDA188D1DA07 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2013-09-08 14:34:19 1B16D0BD9841794A6E0CDE0CEF744ABC 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys

2013-09-08 14:33:37 4CE278FC9671BA81A138D70823FCAA09 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-09-08 14:33:23 E61608AA35E98999AF9AAEEEA6114B0A 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2013-09-08 14:32:01 DB74544B75566C974815E79A62433F29 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-09-08 14:32:01 7942B7AC3FF598F8A1736D51ADAF04E8 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2013-09-08 14:32:01 41C67E4205C606A103DEC8651D0B6FE6 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2013-09-08 14:31:59 8F6322049018354F45F05A2FD2D4E5E0 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys

2013-09-07 17:14:24 8214016F9241C220477916D21E63F7D0 50968 ----a-w- C:\Users\WBH\{0f80cec1-a19c-4776-9dc0-ad2644b08ad6}\amd64\ssudnd5.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1054695275-82366836-2359058252-1000\Software\Microsoft\Windows\CurrentVersion\Run]

"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SB3E6.tmp /EF HKCU"

"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"

"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"

"watchcat"="C:\Program Files (x86)\GorillaPrice\GPI64Tool.exe"

[HKEY_USERS\S-1-5-21-1054695275-82366836-2359058252-1001\Software\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-1054695275-82366836-2359058252-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nero MediaHome 4"="C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe /AUTORUN"

"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"

"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"EPSON SX420W Series"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU C:\Windows\TEMP\E_SB3E6.tmp /EF HKCU"

"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"

"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"

"watchcat"="C:\Program Files (x86)\GorillaPrice\GPI64Tool.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

"BCSSync"="C:\Program Files\Microsoft Office\Office14\BCSSync.exe /DelayServices"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-09-2013 17:50]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [08-09-2013 17:50]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

ifohbjbgfchkkfhphahclmkpgejiplfo - C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx[]

Google Docs - WBH - Default\Extensions\aohghmighlieiainnegkcijnfilokake

Google Drive - WBH - Default\Extensions\apdfllckaahabafndbhieahigkjlhalf

YouTube - WBH - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo

Last updated at time on date - WBH - Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb

Google Search - WBH - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf

GorillaPrice offer - WBH - Default\Extensions\egpbcfbaejlamdindjpaodjojjhnbipl

Select City - WBH - Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

Card number - WBH - Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

Weeronline actueel Nederland - WBH - Default\Extensions\npgafdngocgnaincgfbpeblbeaadkpfa

Gmail - WBH - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chrome Fix ======================

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage deleted successfully

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www2.delta-search.com_0.localstorage-journal deleted successfully

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage deleted successfully

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{4C083B9E-CA69-4EAB-8153-9C4E2984DE63} Kelkoo Url="http://nl.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913935"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

{7807C494-95BC-4672-9CB8-BFC883AB6A91} AOL Zoeken Url="http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1172&query={searchTerms}&invocationType=tb50hpcndtie7-nl-nl"

==== Reset Google Chrome ======================

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo deleted successfully

==== HijackThis Entries ======================

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

O4 - HKLM\..\Run: [Nero MediaHome 4] "C:\Program Files (x86)\Nero\Nero MediaHome 4\NeroMediaHome.exe" /AUTORUN

O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe

O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [EPSON SX420W Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGCE.EXE /FU "C:\Windows\TEMP\E_SB3E6.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

O4 - HKCU\..\Run: [watchcat] "C:\Program Files (x86)\GorillaPrice\GPI64Tool.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-1054695275-82366836-2359058252-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NeroMediaHomeUser.4')

O4 - HKUS\S-1-5-21-1054695275-82366836-2359058252-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NeroMediaHomeUser.4')

O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: *.clonewarsadventures.com

O15 - Trusted Zone: *.freerealms.com

O15 - Trusted Zone: *.soe.com

O15 - Trusted Zone: *.sony.com

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: GorillaPrice - Unknown owner - C:\Program Files (x86)\GorillaPrice\GorillaPrice.exe

O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero MediaHome 4 Service (NeroMediaHomeService.4) - Nero AG - C:\Program Files (x86)\Nero\Nero MediaHome 4\NMMediaServerService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: WatGorp - Unknown owner - C:\ProgramData\GorillaPrice\WatGorp.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\NeroMediaHomeUser.4\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\WBH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\WBH\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\WBH\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\ProgramData\boost_interprocess" not deleted

"C:\ProgramData\GorillaPrice" not found

==== EOF on do 12-09-2013 at 18:17:36,38 ======================

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.