Ga naar inhoud

Rootkit; Windows cannot access the specified device, path, or file. You may not...


Aanbevolen berichten

IE reset handmatig uitgevoerd zonder succes, downloaden van progs blijven "harmfull" en bij "running download" worden deze nog steeds gedeleted.

Vervolgens dezelfde reset uitgevoerd via de Fix It tool van Microsoft die je hebt aangegeven met hetzelfde resultaat: downloads worden tegen gehouden als gevaar en vernietigd in IE browser.

Dan heb ik eens zitten nadenken over wat je zei dat het niet aan het antivirus prog. kan liggen omdat dan alle browsers dezelfde effecten zouden hebben, en dat bracht mij op het idee dat er mogelijks een meegeleverde antivirus zou kunnen geïnstalleerd zijn met andere software die is gedownload in het verleden.

Daardoor heb ik even Revo uninstaller geopend en heb volgende progs verwijderd uit mijn machine:

- Simplitec Simplicheck meegeleverd bij Magix product

- Security Task Manager van Neuber software meegeleverd zonder te weten bij welke prog.

- Pando Media Booster een download versneller ergens voor een of andere download die ik niet meer weet

- Akamai NetSession Interface

- Akamai NetSession Interface Service ook weer een of andere download organizer of zoiets.

Dan heb ik het volgende progje gedownload via Firefox browser: SecurityCheck om te bepalen of er meerdere antivirus programma's draaien maar snap er niets van

dit is het logje van SecurityCheck:

Results of screen317's Security Check version 0.99.64

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 10

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Windows Firewall Disabled!

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

MVPS Hosts File

Secunia PSI (3.0.0.3001)

Java 7 Update 21

Adobe Flash Player 11.7.700.202

Adobe Reader 10.1.7 Adobe Reader out of Date!

Mozilla Firefox 20.0.1 Firefox out of Date!

````````Process Check: objlist.exe by Laurent````````

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 1%

````````````````````End of Log``````````````````````

Wat die MVPS Hosts File is is mij een raadsel.

Nu ga ik eerst even Combofix laten draaien, resultaten in volgend bericht.

Link naar reactie
Delen op andere sites

  • Reacties 43
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Combofix gedownload via Firefox browser uit Bleepingcomputer.

Log Combofix:

ComboFix 13-05-27.02 - Hendrik 28/05/2013 1:41.1.2 - x64

Microsoft Windows 7 Enterprise N 6.1.7601.1.1252.32.1033.18.4094.2376 [GMT 2:00]

Gestart vanuit: d:\my desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Hendrik\AppData\Local\bonus.exe

c:\windows\SysWow64\frapsvid.dll

c:\windows\SysWow64\pt

c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll

c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll

c:\windows\SysWow64\w3url.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-04-27 to 2013-05-27 ))))))))))))))))))))))))))))))

.

.

2013-05-27 13:32 . 2013-05-27 13:32 -------- d-----w- c:\program files (x86)\MPC-HC

2013-05-26 20:29 . 2013-05-26 20:29 -------- d-----w- c:\program files (x86)\Common Files\Java

2013-05-26 20:28 . 2013-05-26 20:27 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-05-26 20:27 . 2013-05-26 20:27 -------- d-----w- c:\program files (x86)\Java

2013-05-26 19:30 . 2013-05-26 19:30 311200 ----a-w- c:\windows\system32\javaws.exe

2013-05-26 19:30 . 2013-05-26 19:30 188832 ----a-w- c:\windows\system32\javaw.exe

2013-05-26 19:30 . 2013-05-26 19:30 188320 ----a-w- c:\windows\system32\java.exe

2013-05-26 19:30 . 2013-05-26 19:30 108448 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll

2013-05-26 17:54 . 2013-05-26 18:06 -------- d-----w- C:\TDSSKiller_Quarantine

2013-05-25 10:14 . 2013-05-25 10:14 -------- d-----w- c:\program files (x86)\FileASSASSIN

2013-05-24 11:42 . 2013-05-24 11:43 -------- d-----w- c:\program files\Microsoft Games

2013-05-24 01:57 . 2013-05-24 01:57 -------- d-----w- c:\program files (x86)\x264 Video Codec

2013-05-19 15:58 . 2013-05-19 16:06 -------- d-----w- c:\users\Hendrik\AppData\Roaming\BSplayer

2013-05-19 15:58 . 2013-05-19 15:58 -------- d-----w- c:\users\Hendrik\AppData\Roaming\BSplayer Pro

2013-05-19 15:58 . 2013-05-19 15:58 -------- d-----w- c:\program files (x86)\Webteh

2013-05-19 15:34 . 2013-05-19 15:34 -------- d-----w- c:\users\Hendrik\AppData\Local\DDMSettings

2013-05-19 15:25 . 2010-07-15 21:28 621056 ------w- c:\windows\SysWow64\MJ14.exe

2013-05-19 15:25 . 2010-07-15 21:28 621056 ------w- c:\windows\system32\MJ14.exe

2013-05-19 15:25 . 2013-05-19 15:25 -------- d-----w- c:\program files (x86)\J River

2013-05-19 15:25 . 2013-05-19 15:25 -------- d-----w- c:\users\Hendrik\AppData\Roaming\J River

2013-05-16 17:50 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-16 17:50 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-16 17:50 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-16 17:50 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-16 17:50 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-16 17:50 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-16 17:50 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-16 17:50 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-16 17:50 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-16 17:50 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-16 17:49 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-16 17:48 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-16 17:11 . 2013-04-05 06:50 2647552 ----a-w- c:\windows\system32\iertutil.dll

2013-05-14 22:11 . 2013-05-14 22:11 9195912 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-26 20:27 . 2012-11-11 21:47 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-05-26 20:27 . 2011-04-17 18:53 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-05-26 19:30 . 2012-09-04 20:46 1092512 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-05-26 19:30 . 2011-05-07 14:06 971680 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-24 02:02 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2013-05-24 01:58 . 2013-05-24 01:58 76232 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E782BA2-D9FE-4D25-A0B4-B445F7208D1E}\offreg.dll ERROR(0x00000005)

2013-05-24 01:57 . 2013-05-24 01:57 225280 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll ERROR(0x00000005)

2013-05-21 21:15 . 2013-05-21 21:17 964552 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{41C20D7D-C06E-45AF-BC87-322811CAB5DC}\gapaengine.dll ERROR(0x00000005)

2013-05-18 10:32 . 2011-12-26 12:00 48648 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll ERROR(0x00000005)

2013-05-16 17:35 . 2011-04-12 18:43 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 22:11 . 2012-04-01 20:46 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 22:11 . 2011-05-18 17:08 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-13 06:37 . 2013-05-23 09:12 9460464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{6E782BA2-D9FE-4D25-A0B4-B445F7208D1E}\mpengine.dll ERROR(0x00000005)

2013-05-13 06:37 . 2013-05-21 21:15 9460464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)

2013-05-09 18:00 . 2010-06-24 09:33 22240 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\ppcrlconfig600.dll ERROR(0x00000005)

2013-05-02 15:29 . 2011-04-12 08:08 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-24 18:16 . 2011-05-21 10:37 905296 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005)

2013-04-13 05:49 . 2013-05-16 17:50 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-16 17:50 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-16 17:50 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-16 17:50 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-16 17:50 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-16 17:50 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 23:44 . 2013-01-10 00:21 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2013-04-12 23:44 . 2013-01-10 00:21 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2013-04-12 14:45 . 2013-04-23 19:52 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-03-23 01:09 . 2013-03-23 01:09 354656 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl

2013-03-19 06:04 . 2013-04-10 10:57 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 10:57 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 10:57 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 10:57 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 10:57 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 10:57 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-18 12:05 . 2013-03-18 12:05 815320 ----a-w- c:\windows\system32\ncs2dmix.dll

2013-03-18 12:05 . 2013-03-18 12:05 796888 ----a-w- c:\windows\system32\accesor.dll

2013-03-18 11:59 . 2013-03-18 11:59 220888 ----a-w- c:\windows\system32\ncs2instutility.dll

2013-03-18 11:57 . 2013-03-18 11:57 3345112 ----a-w- c:\windows\system32\ncscolib.dll

2013-03-16 13:15 . 2013-03-16 13:15 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-03-16 13:15 . 2013-03-16 13:15 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-03-16 13:15 . 2013-03-16 13:15 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-03-16 13:15 . 2013-03-16 13:15 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-03-16 13:15 . 2013-03-16 13:15 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-03-16 13:15 . 2013-03-16 13:15 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-03-16 13:15 . 2013-03-16 13:15 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-03-16 13:15 . 2013-03-16 13:15 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-03-16 13:15 . 2013-03-16 13:15 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-03-16 13:15 . 2013-03-16 13:15 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-03-16 13:15 . 2013-03-16 13:15 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-03-16 13:15 . 2013-03-16 13:15 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-03-16 13:15 . 2013-03-16 13:15 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-03-16 13:15 . 2013-03-16 13:15 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-03-16 13:15 . 2013-03-16 13:15 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-03-16 13:15 . 2013-03-16 13:15 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-03-16 13:15 . 2013-03-16 13:15 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-03-16 13:15 . 2013-03-16 13:15 197120 ----a-w- c:\windows\system32\msrating.dll

2013-03-16 13:15 . 2013-03-16 13:15 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-03-16 13:15 . 2013-03-16 13:15 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-03-16 13:15 . 2013-03-16 13:15 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-03-16 13:15 . 2013-03-16 13:15 81408 ----a-w- c:\windows\system32\icardie.dll

2013-03-16 13:15 . 2013-03-16 13:15 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-03-16 13:15 . 2013-03-16 13:15 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-03-16 13:15 . 2013-03-16 13:15 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-03-16 13:15 . 2013-03-16 13:15 441856 ----a-w- c:\windows\system32\html.iec

2013-03-16 13:15 . 2013-03-16 13:15 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-03-16 13:15 . 2013-03-16 13:15 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-03-16 13:15 . 2013-03-16 13:15 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-03-16 13:15 . 2013-03-16 13:15 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-03-16 13:15 . 2013-03-16 13:15 235008 ----a-w- c:\windows\system32\url.dll

2013-03-16 13:15 . 2013-03-16 13:15 216064 ----a-w- c:\windows\system32\msls31.dll

2013-03-16 13:15 . 2013-03-16 13:15 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-03-16 13:15 . 2013-03-16 13:15 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-03-16 13:15 . 2013-03-16 13:15 144896 ----a-w- c:\windows\system32\wextract.exe

2013-03-16 13:15 . 2013-03-16 13:15 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-03-16 13:15 . 2013-03-16 13:15 102912 ----a-w- c:\windows\system32\inseng.dll

2013-03-16 13:15 . 2013-03-16 13:15 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-03-16 13:15 . 2013-03-16 13:15 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-03-16 13:15 . 2013-03-16 13:15 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-03-16 13:15 . 2013-03-16 13:15 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-03-16 13:15 . 2013-03-16 13:15 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-03-16 13:15 . 2013-03-16 13:15 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-03-16 13:15 . 2013-03-16 13:15 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-03-16 13:15 . 2013-03-16 13:15 149504 ----a-w- c:\windows\system32\occache.dll

2013-03-16 13:15 . 2013-03-16 13:15 13824 ----a-w- c:\windows\system32\mshta.exe

2013-03-16 13:15 . 2013-03-16 13:15 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-03-16 13:15 . 2013-03-16 13:15 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-03-16 13:15 . 2013-03-16 13:15 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-03 21:51 . 2013-03-03 22:20 258352 ----a-w- c:\windows\SysWow64\unicows.dll

2013-03-01 15:13 . 2013-03-01 15:13 225792 ----a-w- c:\windows\system32\Ncs2Setp.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"Ulead AutoDetector v2"="c:\program files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2006-11-29 90112]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2013-05-10 37960]

"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-04-12 295512]

"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2013-04-15 450560]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2013-02-13 1263952]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[32W_LCD_TV]"(1920x1080@60Hz)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

2;2 CareMon;CareMon [x]

R1 vfzafaaw;vfzafaaw;c:\windows\system32\drivers\vfzafaaw.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 cbVSCService11;Cobian Backup 11 Volume Shadow Copy Requester;c:\program files (x86)\Cobian Backup 11\cbVSCService11.exe [2012-06-29 67584]

R3 cpuz134;cpuz134;c:\program files (x86)\CPUID\PC Wizard 2010\pcwiz_x64.sys [x]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]

R3 Media Jukebox 14 Service;Media Jukebox 14 Service;c:\program files (x86)\J River\Media Jukebox 14\JRService.exe [2010-07-15 379400]

R3 NisSrv;NisSrv;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]

R3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [2011-07-01 40600]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [x]

R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-09-29 695400]

R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-05-16 156912]

R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Hendrik\AppData\Local\Temp\tmp8F63.tmp [x]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-22 311144]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-22 431464]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2013-02-23 183048]

S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]

S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2011-06-21 341296]

S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-03-06 39056]

S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-07-01 301720]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S2 supersafer64;supersafer64;c:\windows\SysWOW64\drivers\supersafer64.sys [2011-11-15 238072]

S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 81008]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]

S3 RTL8192cu;Belkin Wireless Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [2012-02-01 1041000]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - NAL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]

2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll

.

Inhoud van de 'Gedeelde Taken' map

.

2013-05-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 22:11]

.

2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 21:09]

.

2013-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-19 21:09]

.

2013-01-18 c:\windows\Tasks\PC SpeedUp Service Deactivator.job

- c:\program files (x86)\PC Speed Up\PCSUSD.exe [2012-12-31 13:13]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = <local>

LSP: d:\vmware workstation\vsocklib.dll

Trusted Zone: dexia.be

Trusted Zone: secunia.com

TCP: DhcpNameServer = 195.130.130.133 195.130.131.133

FF - ProfilePath - c:\users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\opp9rn57.default\

FF - ExtSQL: !HIDDEN! 2011-04-17 14:46; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Hendrik\AppData\Local\Akamai\netsession_win.exe

SafeBoot-28923202.sys

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

ShellIconOverlayIdentifiers-{1EC23CFF-4C58-458f-924C-8519AEF61B32} - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files (x86)\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\WinRing0_1_2_0]

"ImagePath"="\??\c:\users\Hendrik\AppData\Local\Temp\tmp8F63.tmp"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="FotoManager.9.alb"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.eps"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.gif"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.iff"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.pcd"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.png"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.tga"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.tif"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="MAGIXviewer.tiff"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]

"Licence0"="04F0D21-79D8-7A25-D702-433F"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe

c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

c:\windows\SysWOW64\vmnat.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Voltooingstijd: 2013-05-28 02:08:58 - machine werd herstart

ComboFix-quarantined-files.txt 2013-05-28 00:08

.

Pre-Run: 98.046.431.232 bytes free

Post-Run: 97.470.746.624 bytes free

.

- - End Of File - - 21B48F86C46B2EAA50E2A5CDFDB5F9D1

Link naar reactie
Delen op andere sites

IE browser geopend en geprobeerd een bestand te downloaden van Bleepingcomputer site, zonder succes.

Bestand wordt vernietigd als zijnde virus bevattend bestand.

zie screenshot:

[ATTACH=CONFIG]26130[/ATTACH]

Nogmaals geprobeerd om Microsoft Security Essentials te starten zonder succes, geen permissie.

zie screenshot:

[ATTACH=CONFIG]26131[/ATTACH]

Link naar reactie
Delen op andere sites

Download zoek.exe naar het bureaublad.

  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
  • Dubbelklik op Zoek.exe om de tool te starten.
  • Windows Vista, 7 en 8 gebruikers dienen de tool als "administrator" uit te voeren door middel van de rechtermuisknop en kiezen voor Als Administrator uitvoeren.
  • Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

c:\windows\sysnative\services.exe;i
services.exe;z
vfzafaaw;s
c:\windows\system32\drivers\vfzafaaw.sys;f

  • Klik op de knop "Options" en vink nu de onderstaande opties aan.
    • Running processes
    • Recently Created
    • Startup Information
    • Installed Programs
    • Reset IE proxy
    • System Restore Point
    • Shortcut Fix
    • Reset Hosts
    • Auto Clean

    [*] Klik daarna op de knop "Run script".

    [*] Wacht nu geduldig af tot er een logje opent (dit kan na een herstart zijn als deze benodigd is).

    [*] Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.

    [*] Post nu de inhoud van het geopende logje in het volgende bericht.

aangepast door Mako
Toevoeging van instructies
Link naar reactie
Delen op andere sites

Dag kweezie wabbit,

Dit is het resuultaat van zoek.exe:

Zoek.exe Version 4.0.0.2 Updated 28-May-2013

Tool run by Hendrik on do 30/05/2013 at 2:13:33,64.

Microsoft Windows 7 Enterprise N 6.1.7601 Service Pack 1 x64

Running in: Normal Mode Internet Access Detected

==== System Restore Info ======================

30/05/2013 2:16:29 Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\system32\csrss.exe

C:\Windows\system32\csrss.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\winlogon.exe

C:\Windows\system32\services.exe

C:\Windows\system32\lsass.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Spotmau\PowerSuite Golden Edition\PowerSuite 2012\PcCheck\CareMon.exe

C:\Windows\system32\CISVC.EXE

C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\system32\IProsetMonitor.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files\Macrium\Reflect\ReflectService.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler64.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\Monitor.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\ArcSoft\PhotoImpression 6\Monitor.exe

C:\Windows\system32\taskhost.exe

D:\My Desktop\zoek.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\SearchFilterHost.exe

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.

127.0.0.1 localhost

::1 localhost

==== Suspicious Entrys Found ======================

SYMLINKS found in C:\Program Files\Windows Defender

SYMLINKS found in C:\Program Files\Microsoft Security Client

==== Possible Rootkit Infection ======================

C:\Windows\installer\{983db01c-a9ea-34b5-c553-35d95962080b}\L

C:\Windows\installer\{983db01c-a9ea-34b5-c553-35d95962080b}\U

==== Symlinks Removed ======================

Reparse point C:\Program Files\Windows Defender\MpAsDesc.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpClient.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpCmdRun.exe succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpCommu.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpEvMsg.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpOAV.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpRTP.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MpSvc.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MSASCui.exe succesfully deleted

Reparse point C:\Program Files\Windows Defender\MsMpCom.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MsMpLics.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\MsMpRes.dll succesfully deleted

Reparse point C:\Program Files\Windows Defender\ar-SA succesfully deleted

Reparse point C:\Program Files\Windows Defender\bg-BG succesfully deleted

Reparse point C:\Program Files\Windows Defender\cs-CZ succesfully deleted

Reparse point C:\Program Files\Windows Defender\da-DK succesfully deleted

Reparse point C:\Program Files\Windows Defender\de-DE succesfully deleted

Reparse point C:\Program Files\Windows Defender\el-GR succesfully deleted

Reparse point C:\Program Files\Windows Defender\en-US succesfully deleted

Reparse point C:\Program Files\Windows Defender\es-ES succesfully deleted

Reparse point C:\Program Files\Windows Defender\et-EE succesfully deleted

Reparse point C:\Program Files\Windows Defender\fi-FI succesfully deleted

Reparse point C:\Program Files\Windows Defender\fr-FR succesfully deleted

Reparse point C:\Program Files\Windows Defender\he-IL succesfully deleted

Reparse point C:\Program Files\Windows Defender\hr-HR succesfully deleted

Reparse point C:\Program Files\Windows Defender\hu-HU succesfully deleted

Reparse point C:\Program Files\Windows Defender\it-IT succesfully deleted

Reparse point C:\Program Files\Windows Defender\ja-JP succesfully deleted

Reparse point C:\Program Files\Windows Defender\ko-KR succesfully deleted

Reparse point C:\Program Files\Windows Defender\lt-LT succesfully deleted

Reparse point C:\Program Files\Windows Defender\lv-LV succesfully deleted

Reparse point C:\Program Files\Windows Defender\nb-NO succesfully deleted

Reparse point C:\Program Files\Windows Defender\nl-NL succesfully deleted

Reparse point C:\Program Files\Windows Defender\pl-PL succesfully deleted

Reparse point C:\Program Files\Windows Defender\pt-BR succesfully deleted

Reparse point C:\Program Files\Windows Defender\pt-PT succesfully deleted

Reparse point C:\Program Files\Windows Defender\ro-RO succesfully deleted

Reparse point C:\Program Files\Windows Defender\ru-RU succesfully deleted

Reparse point C:\Program Files\Windows Defender\sk-SK succesfully deleted

Reparse point C:\Program Files\Windows Defender\sl-SI succesfully deleted

Reparse point C:\Program Files\Windows Defender\sr-Latn-CS succesfully deleted

Reparse point C:\Program Files\Windows Defender\sv-SE succesfully deleted

Reparse point C:\Program Files\Windows Defender\th-TH succesfully deleted

Reparse point C:\Program Files\Windows Defender\tr-TR succesfully deleted

Reparse point C:\Program Files\Windows Defender\uk-UA succesfully deleted

Reparse point C:\Program Files\Windows Defender\zh-CN succesfully deleted

Reparse point C:\Program Files\Windows Defender\zh-TW succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\DbgHelp.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\EppManifest.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MpAsDesc.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MpClient.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MpCmdRun.exe succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MpCommu.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\mpevmsg.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MpOAv.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MpRTP.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MpSvc.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MSESysprep.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MsMpCom.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MsMpEng.exe succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MsMpLics.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MsMpRes.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\msseces.exe succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\msseoobe.exe succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\msseooberes.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\MsseWat.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\NisLog.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\NisSrv.exe succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\NisWFP.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\Setup.exe succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\SetupRes.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\shellext.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\sqmapi.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\SymSrv.dll succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\SymSrv.yes succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\Antimalware succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\Backup succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\Drivers succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\en-us succesfully deleted

Reparse point C:\Program Files\Microsoft Security Client\nl-nl succesfully deleted

==== Checking Systemdrive for Symlinks ======================

Volume in drive C is System

Volume Serial Number is 7A2B-D9D9

Directory of C:\

14/07/2009 07:08 <JUNCTION> Documents and Settings [C:\Users]

0 File(s) 0 bytes

Directory of C:\ProgramData

14/07/2009 07:08 <JUNCTION> Application Data [C:\ProgramData]

14/07/2009 07:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]

14/07/2009 07:08 <JUNCTION> Documents [C:\Users\Public\Documents]

14/07/2009 07:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]

14/07/2009 07:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009 07:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users

14/07/2009 07:08 <SYMLINKD> All Users [C:\ProgramData]

14/07/2009 07:08 <JUNCTION> Default User [C:\Users\Default]

0 File(s) 0 bytes

Directory of C:\Users\All Users

14/07/2009 07:08 <JUNCTION> Application Data [C:\ProgramData]

14/07/2009 07:08 <JUNCTION> Desktop [C:\Users\Public\Desktop]

14/07/2009 07:08 <JUNCTION> Documents [C:\Users\Public\Documents]

14/07/2009 07:08 <JUNCTION> Favorites [C:\Users\Public\Favorites]

14/07/2009 07:08 <JUNCTION> Start Menu [C:\ProgramData\Microsoft\Windows\Start Menu]

14/07/2009 07:08 <JUNCTION> Templates [C:\ProgramData\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Default

14/07/2009 07:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Roaming]

14/07/2009 07:08 <JUNCTION> Local Settings [C:\Users\Default\AppData\Local]

14/07/2009 07:08 <JUNCTION> My Documents [C:\Users\Default\Documents]

14/07/2009 07:08 <JUNCTION> NetHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

14/07/2009 07:08 <JUNCTION> PrintHood [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

14/07/2009 07:08 <JUNCTION> Recent [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Recent]

14/07/2009 07:08 <JUNCTION> SendTo [C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo]

14/07/2009 07:08 <JUNCTION> Start Menu [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu]

14/07/2009 07:08 <JUNCTION> Templates [C:\Users\Default\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Default\AppData\Local

14/07/2009 07:08 <JUNCTION> Application Data [C:\Users\Default\AppData\Local]

14/07/2009 07:08 <JUNCTION> History [C:\Users\Default\AppData\Local\Microsoft\Windows\History]

14/07/2009 07:08 <JUNCTION> Temporary Internet Files [C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Default\Documents

14/07/2009 07:08 <JUNCTION> My Music [C:\Users\Default\Music]

14/07/2009 07:08 <JUNCTION> My Pictures [C:\Users\Default\Pictures]

14/07/2009 07:08 <JUNCTION> My Videos [C:\Users\Default\Videos]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Roaming]

12/04/2011 10:00 <JUNCTION> Cookies [C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Cookies]

12/04/2011 10:00 <JUNCTION> Local Settings [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> My Documents [C:\Users\Hendrik\Documents]

12/04/2011 10:00 <JUNCTION> NetHood [C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

12/04/2011 10:00 <JUNCTION> PrintHood [C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

12/04/2011 10:00 <JUNCTION> Recent [C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Recent]

12/04/2011 10:00 <JUNCTION> SendTo [C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\SendTo]

12/04/2011 10:00 <JUNCTION> Start Menu [C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu]

12/04/2011 10:00 <JUNCTION> Templates [C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [C:\Users\Hendrik\AppData\Local]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data

12/04/2011 10:00 <JUNCTION> Application Data [.]

12/04/2011 10:00 <JUNCTION> History [C:\Users\Hendrik\AppData\Local\Microsoft\Windows\History]

12/04/2011 10:00 <JUNCTION> Temporary Internet Files [.]

0 File(s) 0 bytes

Directory of C:\Users\Hendrik\AppData\LocalLow

06/03/2013 21:47 <JUNCTION> PlayReady [C:\ProgramData\Microsoft\PlayReady]

0 File(s) 0 bytes

Directory of C:\Users\Public\Documents

14/07/2009 07:08 <JUNCTION> My Music [C:\Users\Public\Music]

14/07/2009 07:08 <JUNCTION> My Pictures [C:\Users\Public\Pictures]

14/07/2009 07:08 <JUNCTION> My Videos [C:\Users\Public\Videos]

0 File(s) 0 bytes

Directory of C:\Users\UpdatusUser

11/07/2011 22:02 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Roaming]

11/07/2011 22:02 <JUNCTION> Cookies [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Cookies]

11/07/2011 22:02 <JUNCTION> Local Settings [C:\Users\UpdatusUser\AppData\Local]

11/07/2011 22:02 <JUNCTION> My Documents [C:\Users\UpdatusUser\Documents]

11/07/2011 22:02 <JUNCTION> NetHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

11/07/2011 22:02 <JUNCTION> PrintHood [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

11/07/2011 22:02 <JUNCTION> Recent [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Recent]

11/07/2011 22:02 <JUNCTION> SendTo [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\SendTo]

11/07/2011 22:02 <JUNCTION> Start Menu [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu]

11/07/2011 22:02 <JUNCTION> Templates [C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Users\UpdatusUser\AppData\Local

11/07/2011 22:02 <JUNCTION> Application Data [C:\Users\UpdatusUser\AppData\Local]

11/07/2011 22:02 <JUNCTION> History [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\History]

11/07/2011 22:02 <JUNCTION> Temporary Internet Files [C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Users\UpdatusUser\Documents

11/07/2011 22:02 <JUNCTION> My Music [C:\Users\UpdatusUser\Music]

11/07/2011 22:02 <JUNCTION> My Pictures [C:\Users\UpdatusUser\Pictures]

11/07/2011 22:02 <JUNCTION> My Videos [C:\Users\UpdatusUser\Videos]

0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile

11/07/2011 22:07 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]

30/05/2013 01:02 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]

11/07/2011 22:07 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]

11/07/2011 22:07 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]

11/07/2011 22:07 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

11/07/2011 22:07 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

11/07/2011 22:07 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]

11/07/2011 22:07 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]

11/07/2011 22:07 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]

11/07/2011 22:07 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\AppData\Local

11/07/2011 22:07 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]

11/07/2011 22:07 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]

11/07/2011 22:07 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Windows\System32\config\systemprofile\Documents

11/07/2011 22:07 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]

11/07/2011 22:07 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]

11/07/2011 22:07 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]

0 File(s) 0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile

11/07/2011 22:07 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Roaming]

30/05/2013 01:02 <JUNCTION> Cookies [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies]

11/07/2011 22:07 <JUNCTION> Local Settings [C:\Windows\system32\config\systemprofile\AppData\Local]

11/07/2011 22:07 <JUNCTION> My Documents [C:\Windows\system32\config\systemprofile\Documents]

11/07/2011 22:07 <JUNCTION> NetHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Network Shortcuts]

11/07/2011 22:07 <JUNCTION> PrintHood [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Printer Shortcuts]

11/07/2011 22:07 <JUNCTION> Recent [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Recent]

11/07/2011 22:07 <JUNCTION> SendTo [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\SendTo]

11/07/2011 22:07 <JUNCTION> Start Menu [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu]

11/07/2011 22:07 <JUNCTION> Templates [C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Templates]

0 File(s) 0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile\AppData\Local

11/07/2011 22:07 <JUNCTION> Application Data [C:\Windows\system32\config\systemprofile\AppData\Local]

11/07/2011 22:07 <JUNCTION> History [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History]

11/07/2011 22:07 <JUNCTION> Temporary Internet Files [C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files]

0 File(s) 0 bytes

Directory of C:\Windows\SysWOW64\config\systemprofile\Documents

11/07/2011 22:07 <JUNCTION> My Music [C:\Windows\system32\config\systemprofile\Music]

11/07/2011 22:07 <JUNCTION> My Pictures [C:\Windows\system32\config\systemprofile\Pictures]

11/07/2011 22:07 <JUNCTION> My Videos [C:\Windows\system32\config\systemprofile\Videos]

0 File(s) 0 bytes

Total Files Listed:

0 File(s) 0 bytes

134 Dir(s) 97.992.187.904 bytes free

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== File Information Results ======================

--- c:\windows\sysnative\services.exe ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 328704

Created time: 2009-07-13 23:19:46

Modified time: 2013-05-24 02:02:42

MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB

SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166

==== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)

æTorrent

4500_Help

64 Bit HP CIO Components Installer

Acoustica Mixcraft 6

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) - Nederlands

Adobe SendNow Desktop

Adobe Shockwave Player 12.0

Apple Mobile Device Support

ArcSoft PhotoImpression 6

Audacity 1.3.13 (Unicode)

Autodesk Design Review 2013

Autodesk Design Review Browser Add-on v1.2

AVS Screen Capture version 2.0.2

AVS Update Manager 1.0

AVS Video Editor 6

AVS Video Recorder 2.5

AVS4YOU Software Navigator 1.4

Belarc Advisor 8.3

Belkin N600 DB USB Wireless Adapter

Bing Bar

Bonjour

bpd_scan

BPDSoftware

BPDSoftware_Ini

BS.Player FREE

BufferChm

Canon iP2600 series

Canon My Printer

Canon Utilities Easy-PhotoPrint EX

Canon Utilities Solution Menu

CCleaner

CDBurnerXP

Cobian Backup 11 Gravity

CorelDRAW Essential Edition 3

CPUID HWMonitor 1.18

Creative Media Lite

Creative Software Update

Creative Vado Central muvee Plugin

Creative Vado HD Codec

Creative ZEN Stone Plus-Gebruikershandleiding

Curse Client

D3DX10

Defraggler

Destinations

DeviceDiscovery

DivX Setup

DocMgr

DocProc

Driver Genius Professional Edition

DWG TrueView 2013

EasyBCD 2.2

Edraw Max 5.1

Epub reader

eReg

Euro Truck Simulator 2

Fax

FBReader for Windows

FileASSASSIN

Firebird SQL Server - MAGIX Edition

Fraps (remove only)

Free DWG Viewer 7.1

Free PDF to Word Doc Converter v1.1

Free Screen Video Recorder version 2.5.18.920

Free Studio version 5.2.1

Freemake Video Converter versie 3.0.2

Gebruikersregistratie voor Canon iP2600 series

Google Drive

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

GSmartControl

HP Customer Participation Program 13.0

HP Document Manager 2.0

HP Imaging Device Functions 13.0

HP Photosmart Essential 3.5

HP Product Detection

HP Smart Print 2.0

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

iCloud

ieSpell

Image Optimizer 3.0

ImgBurn

inSSIDer

inSSIDer 3

Intel® Network Connections 18.2.63.0

Intel® Processor ID Utility

iTunes

J4500

Java 7 Update 21

Java 7 Update 21 (64-bit)

Java Auto Updater

Junk Mail filter update

Logitech SetPoint 6.30

Logitech Unifying-software 2.10

Macrium Reflect - Free Edition

Magical Jelly Bean KeyFinder

MAGIX Content and Soundpools

MAGIX Foto Manager MX Deluxe

MAGIX Goya burnR (MSI)

MAGIX Music Maker 2013 Soundtrack Edition Update

MAGIX Music Maker Soundtrack Edition

MAGIX Music Maker Soundtrack Edition (demosongs)

MAGIX Music Maker Soundtrack Edition (synthesizer en effecten)

MAGIX Music Maker Soundtrack Edition Soundpools

MAGIX Slideshow Maker 2

MAGIX Speed burnR (MSI)

MAGIX Video deluxe 2013 Premium

MAGIX Video deluxe 2013 Premium (Demoproject)

MAGIX Video deluxe 2013 Premium (Designelementen)

MAGIX Video deluxe 2013 Premium (Digieffects Phenomena)

MAGIX Video deluxe 2013 Premium (filmsjablonen)

MAGIX Video deluxe 2013 Premium (Fotoshow Maker-stijlen 1)

MAGIX Video deluxe 2013 Premium (Fotoshow Maker-stijlen 2)

MAGIX Video deluxe 2013 Premium (Individuele menusjablonen)

MAGIX Video deluxe 2013 Premium (inleidende video)

MAGIX Video deluxe 2013 Premium (Menusjablonen 1)

MAGIX Video deluxe 2013 Premium (Menusjablonen 2)

MAGIX Video deluxe 2013 Premium (NewBlueFX Video Essentials IV)

MAGIX Video deluxe 2013 Premium (Overgangseffecten)

MAGIX Video deluxe 2013 Premium (proDAD Adorage 13)

MAGIX Video deluxe 2013 Premium (Soundtrack Maker-Stijlen)

MAGIX Video deluxe 2013 Premium (titeleffecten)

MarketResearch

Media Jukebox 14

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Antimalware Service NL-NL Language Pack

Microsoft Application Error Reporting

Microsoft FrontPage Express

Microsoft Help Viewer 1.0

Microsoft Image Composite Editor

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (Dutch) 2007

Microsoft Office Excel MUI (Dutch) 2007

Microsoft Office File Validation Add-In

Microsoft Office InfoPath MUI (Dutch) 2007

Microsoft Office Office 64-bit Components 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Dutch) 2007

Microsoft Office PowerPoint MUI (Dutch) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (Dutch) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proofing (Dutch) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (Dutch) 2007

Microsoft Office Shared 64-bit MUI (Dutch) 2007

Microsoft Office Shared MUI (Dutch) 2007

Microsoft Office Word MUI (Dutch) 2007

Microsoft Security Client

Microsoft Security Client NL-NL Language Pack

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2008 (64-bit)

Microsoft SQL Server 2008 Common Files

Microsoft SQL Server 2008 Database Engine Services

Microsoft SQL Server 2008 Database Engine Shared

Microsoft SQL Server 2008 Native Client

Microsoft SQL Server 2008 RsFx Driver

Microsoft SQL Server 2008 Setup Support Files

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU

Microsoft XML Parser

MobileMe Control Panel

Mozilla Firefox 20.0.1 (x86 nl)

Mozilla Firefox 21.0 (x86 nl)

Mozilla Maintenance Service

MPC-HC 1.6.7.7114 (9eb64ec)

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

Nero 12

Nero Audio Pack 1

Nero BackItUp

Nero BackItUp Help (CHM)

Nero Blu-ray Player

Nero Blu-ray Player Help (CHM)

Nero Burning ROM

Nero Burning ROM Help (CHM)

Nero ControlCenter

Nero ControlCenter Help (CHM)

Nero Core Components

Nero Disc Menus Basic

Nero Effects Basic

Nero Express

Nero Express Help (CHM)

Nero Kwik Media

Nero Kwik Media Help (CHM)

Nero Kwik Themes Basic

Nero PiP Effects Basic

Nero Recode

Nero Recode Help (CHM)

Nero RescueAgent

Nero RescueAgent Help (CHM)

Nero SharedVideoCodecs

Nero Update

Nero Video

Nero Video Help (CHM)

NirSoft BlueScreenView

Nitro PDF Reader 2

NL

nLite 1.4.9.1

NVIDIA 3D Vision Controller Driver

NVIDIA 3D Vision Controller Driver 275.33

NVIDIA 3D Vision Driver 311.06

NVIDIA Control Panel 311.06

NVIDIA Graphics Driver 311.06

NVIDIA Install Application

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Stereoscopic 3D Driver

NVIDIA Update 1.11.3

NVIDIA Update Components

OCR Software by I.R.I.S. 13.0

Officejet J4500 Series

OpenOffice.org 3.4.1

Opera 12.15

OVTScanner_Vista64

PC Speed Up - Volledige uninstall

PC Speed Up Extension

PC Wizard 2012.2.0

PIXMA Extended Survey Program

Prerequisite installer

ProductContext

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek High Definition Audio Driver

RealUpgrade 1.1

Revo Uninstaller 1.94

Scan

Secunia PSI (3.0.0.3001)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)

Service Pack 3 for SQL Server 2008 (KB2546951) (64-bit)

Shop for HP Supplies

SkypeT 6.3

SmartWebPrinting

SolutionCenter

Speccy

Spotmau PowerSuite Golden 2012 (build 7.0.1)

Sql Server Customer Experience Improvement Program

Status

swMSM

TeamViewer 7

Text-To-Speech-Runtime

Toolbox

tools-freebsd

tools-linux

tools-netware

tools-solaris

tools-windows

tools-winPre2k

TrayApp

TUGZip 3.5

Ulead PhotoImpact 12

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817359) 32-Bit Edition

Update Manager

Update voor Microsoft Office Excel 2007 Help (KB963678)

Update voor Microsoft Office Powerpoint 2007 Help (KB963669)

Update voor Microsoft Office Word 2007 Help (KB963665)

VC_CRT_x64

VC80CRTRedist - 8.0.50727.6195

Ventrilo Client for Windows x64

VirtualCloneDrive

Vita String Ensemble

VLC media player 2.0.6

VMware Player

VMware Workstation

WebReg

Welcome App (Start-up experience)

Winamp

Winamp Applicatie Detect

Windows 7 Codec Pack 3.1.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.01 (64-bit)

World of Warcraft

Xvid Video Codec

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vfzafaaw deleted successfully

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vfzafaaw deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\opp9rn57.default

user.js not found

---- Lines crossrider removed from prefs.js ----

user_pref("extensions.crossrider.bic", "13bf326192e78725655344ac3baff2db");

user_pref("extensions.crossriderapp14987.14987.cookie.EnabledPhishingAddress16.value", "%5B%22http%3A//lotuslogistics.com.vn/sincronizando/iToken-v1.4/bk/atualiza_auto.php%3Fcliente%22%2C%22http%3A//eu.diablo.net.ur-login.in/login.html%3Fapp%3Dwam%26amp%3D3Bref%3Dhttps%3A//www.worldofwarcraft.com/account/%26amp%3D3Beor%3D0%26amp%3D3Bapp%3Dbam/%22%2C%22http%3A//www.cbcmacon.com/info/sais.php%3Fid%3D134706444%26amp%3BlienAct1on%3Daj0ut%26amp%3BadrUtilIdC0mpte%3D77722507%23gerer-mes-lignes%22%2C%22http%3A//www.retebologna.it/acc/%22%2C%22http%3A//x.co/meIk%3F/www.promocoesvisa.com.br/p/vaidevisa/asp/conta/autentica/autentica.html%3Fmail%3DJ3NSQ311K0H%22%2C%22http%3A//www.startrecruitmentservices.com.au/oy/py/8decb53ae62e19a827d4f266f4029cc3/webscr.htm%3Fcmd%3D_login-run%26amp%3Bdispatch%3D5885d80a13c0db1f998ca054efbdf2c29878a435fe324eec2511727fbf3e9efcd8%22%2C%22http%3A//apricotindustries.com/internal/www.irs.com/Tax%2520refund%2520updates/internal_revenue_service.htm%22%2C%22http%3A//paypal.com-us-cgi-bin.robertpaynter.com/2770099434-7v%3D0__u%3D6191756714__c%3D9412746434LIMITED_ACCOUNT-oid%3Dc2664e0b-6b81-497a-8b42-76e3bfa98bd8/%22%2C%22http%3A//aluminiumdiouani.com/Paypal_Virefication/15f54cab9eb264e40fe08300901d5536/webscr.php%3Fcmd%3D_login-run%26dispatch%3D5885d80a13c0db1f1ff80d546411d7f8a8350c132bc41e0934cfc023d4e8f9e5%22%2C%22http%3A//boundrytrade.com/viewproducts.html%22%2C%22http%3A//bazurashop.com/images/_vti_cnf/onlin.html%22%2C%22http%3A//basementltd.org/samples/%22%2C%22http%3A//basementltd.org/samples%22%2C%22http%3A//a.aicomgroup.in/%22%2C%22http%3A//allentechnologieslimited.org/viewproducts.html%22%2C%22http%3A//allproductsamples.com%22%2C%22http%3A//alvinltd.yolasite.com%22%2C%22http%3A//askfrankcurtin.com/wp-content/plugins/wishlist-member/extensions/service.paypal.cgi.bin.webscr.cmd.login.submit.dispatch.c0db1f8e263663d3faee8d4026841ac68a446ffeca3.servicio/paypal/045c1412d9075077ed78466cb9f2c45a/webscr.php%3Fcmd%3D_login-run%26amp%3Bdispatch%3D5885d80a13c0db1f998ca054efbdf2c29878a435fe324eec2511727fbf3e9efcfd72987ca8b6fc0c708382e17007cf0afd72987ca8b6fc0c708382e17007cf0a%22%2C%22http%3A//paypal.com.your.account.had.ben.susspend.sanpetersburgo.com/www.paypal.com/Paypal/%22%2C%22http%3A//www.seodash.com/vere/login.php%3Fcmd%3D_login-run%26dispatch%3D5885d80a13c0db1f1ff80d546411d7f8a8350c132bc41e0934cfc023d4e8f9e5%22%2C%22http%3A//www.startrecruitmentservices.com.au/oy/py/27be2403237316c6624516b44ba83cdc/webscr.htm%3Fcmd%3D_login-run%26amp%3Bdispatch%3D5885d80a13c0db1f998ca054efbdf2c29878a435fe324eec2511727fbf3e9efcd8%22%2C%22http%3A//pastehtml.com/view/c5nr50e1r.html%22%2C%22http%3A//www.bloomsbury.co.ke/wp-content/uploads/filebase/admin/globalsources.htm%22%2C%22http%3A//askfrankcurtin.com/wp-content/plugins/wishlist-member/extensions/service.paypal.cgi.bin.webscr.cmd.login.submit.dispatch.c0db1f8e263663d3faee8d4026841ac68a446ffeca3.servicio/paypal/45aa36d0fc07f8c1e3ed944fbbba2a60/webscr.php%3Fcmd%3D_login-run%26amp%3Bdispatch%3D5885d80a13c0db1f998ca054efbdf2c29878a435fe324eec2511727fbf3e9efc875c7d5ad0cb3a74917fefdbaca933d1875c7d5ad0cb3a74917fefdbaca933d1%22%2C%22http%3A//askfrankcurtin.com/wp-content/plugins/wishlist-member/extensions/service.paypal.cgi.bin.webscr.cmd.login.submit.dispatch.c0db1f8e263663d3faee8d4026841ac68a446ffeca3.servicio/paypal/ccc3e6d83cf07055021783dd8b264f02/webscr.php%3Fcmd%3D_login-run%26amp%3Bdispatch%3D5885d80a13c0db1f998ca054efbdf2c29878a435fe324eec2511727fbf3e9efcfc082b323be0b7e3643dea6a1abc78c9fc082b323be0b7e3643dea6a1abc78c9%22%2C%22http%3A//www.kevej.com/index.php%3Fdo%3D/%22%2C%22http%3A//masterpayments.7host08.com/securepaypal003/securelogin.html%22%2C%22http%3A//masterpayments.7host08.com/securepaypal002/secureloginforRon_Steuartk%26amp%3Bronssteu@gmail.com_for_transactionid_4UN65923VN089111H_amount_of_3400.html%22%2C%22http%3A//masterpayments.7host08.com/securepaypal002/securelogin.html%22%2C%22http%3A//masterpayments.7host08.com/securepayment1/secureloginforMark%2520El-Zaher%26amp%3Bkerryhawkins1@gmail.com_for_transactionid_4UN65923VN089111H_amountof_8%22%2C%22http%3A//masterpayments.7host08.com/securepayment1/securelogin.html%22%2C%22http%3A//masterpayments.7host08.com/paypalpayments002/securelogin_for_tomcatz80@yahoo.com_for_transactionid_4UN65923VN089111H_amount_of_2900.html%22%2C%22http%3A//www.saujannaya.co.in/css/scap/client-login/dbc1df03b8290159b84fa596676f2b64/webscr.php%3Fcmd%3D_login-run%26amp%3Bdispatch%3D5885d80a13c0db1f998ca054efbdf2c29878a435fe324eec2511727fbf3e9efca77a7a0bc6aa03550bffdad3978c2e64a77a7a0bc6aa03550bffdad3978c2e64%22%2C%22http%3A//masterpayments.7host08.com/paypalpayments002/securelogin.html%22%2C%22http%3A//masterpayments.7host08.com/paypalpayments001/securelogin_for_Wanda_Micek%26amp%3Bholli@centurytel.net_for_transactionid_4UN65923VN089111H_amount_of_2%22%2C%22http%3A//masterpayments.7host08.com/paypalpayments001/securelogin.html%22%2C%22http%3A//masterpayments.7host08.com/paypalinfopayments6/secureloginforDr.SaleScott%26amp%3Bscottsale28@gmail.com_for_transactionid_4UN65923VN089111H_amountof_6560.html%22%2C%22http%3A//masterpayments.7host08.com/paypalinfopayments6/securelogin_for_Alice_Hollipeter%26amp%3Bholli@centurytel.net_for_transactionid_4UN65923VN089111H_amountof_5850.html%22%2C%22http%3A//masterpayments.7host08.com/paypalinfopayments6/securelogin.html%22%2C%22http%3A//masterpayments.7host08.com/paypalinfopayments5/securelogin_for_mdennin@live.com_for_transactionid_4UN65923VN089111H_amountof_3460.html%22%2C%22http%3A//masterpayments.7host08.com/paypalinfopayments/secureloginforClaudeAProulx%26amp%3Bclaudeastral@aol.com_for_transactionid_4UN65923VN089111H_amountof_15%22%2C%22http%3A//www.advancedg12.com.br/reboot.php%22%2C%22http%3A//nguyenhatech.com/shop//images/microsoft/Tam-Cadastro.php%22%2C%22http%3A//contatoliniws.net46.net/%22%2C%22http%3A//rockandice.com/media/fidelidadecielo%22%2C%22http%3A//www.paypal.com.uk.cgi.bin.webscr.cmd.login.run.dispatch.5885d80a13c0db1f8e263663d3faee8d7283e7f0184a5674430f290db9e9c84.unculo.com/webscrcmd%3D_validate-account/%22%2C%22http%3A//209.217.249.189/%7Eestado/83617C429A994E009BA0B6DFB9916156/C8AA27305BBB4AD7B769656766711E4B/C8AA27305BBB4AD7B769656766711E4B.html%22%2C%22http%3A//itransfr.com/css/www.paypal.com/ch/cgi-bin/webscr.cmd%3D_profile-credit-card-new-clickthru.php%22%2C%22http%3A//paypal.com.cgi.bin.webscr.cmd.flow.session.lohzumu98pjkwkwudgtj3ie6btlub.online775885d80a13c0db1f8e263663d3faee8d43b1bb6ca3ufquez.login.eez.fintii.com/ae36a1d0af21103b8a63732e23013362/%22%2C%22http%3A//paypal.com.cgi.bin.webscr.cmd.flow.session.lohzumu98pjkwkwudgtj3ie6btlub.online775885d80a13c0db1f8e263663d3faee8d43b1bb6ca3ufquez.login.eez.fintii.com/8bb758cdf26fa223f87c37d05441dc07/%22%5D");

user_pref("extensions.crossriderapp14987.14987.cookie.EnabledPhishingAddress52.value", "%5B%22http%3A//validateemail.ucoz.net/Outlook.html%22%2C%22http%3A//paypal.com-ca-cgi-bin.webscr-cmd.login-run.dispatch.5885d80a13c0db1f8e263663d3faee8d35d0e3.63192f28ea2a5d18e263663d3faee8d35d0e3.63192f28ea2a5d3.doneitnow.com/WoEA8i1Y2r/Pay_EN.php%3Fcmd%3D_home%26dispatch%3D5885d80a13c0d7e633b393e284a5f8a8f8b1f8e263663d3faee8dc18bca4c6f4%22%2C%22http%3A//www.ppis.grudziadz.com/components/hongleong/index.htm%22%2C%22http%3A//celtcapllc.com/wp-content/upgrade/credit/card/activation/secure/center/vbv-us/US-verifiervisa/%22%2C%22http%3A//www.digilution.ph/js/www.open24.ie/permanentsb.html%22%2C%22http%3A//photo-book.ca/wp-includes/Redirect.php%22%2C%22http%3A//www.formchamp.com/goform.php%3Fid%3D38199%22%2C%22http%3A//paypal.com-ca-cgi-bin.webscr-cmd.login-run.dispatch.5885d80a13c0db1f8e263663d3faee8d35d0e3.63192f28ea2a5d18e263663d3faee8d35d0e3.63192f28ea2a5d2.doneitnow.com/16szYhY3eL/Pay_EN.php%3Fcmd%3D_home%26amp%3Bdispatch%3D5885d80a13c0d7e633b393e284a5f8a8f8b1f8e263663d3faee8dc18bca4c6f4%22%2C%22http%3A//paypal.com-ca-cgi-bin.webscr-cmd.login-run.dispatch.5885d80a13c0db1f8e263663d3faee8d35d0e3.63192f28ea2a5d18e263663d3faee8d35d0e3.63192f28ea2a5d4.doneitnow.com/%22%2C%22http%3A//frazz.nazuka.net/e19394a7189f0c95730db43622f71566/%22%2C%22http%3A//paypal.com-ca-cgi-bin.webscr-cmd.login-run.dispatch.5885d80a13c0db1f8e263663d3faee8d35d0e3.63192f28ea2a5d18e263663d3faee8d35d0e3.63192f28ea2a5d2.doneitnow.com/%22%2C%22http%3A//astro5.net/www3.paypal.com.au/%22%2C%22http%3A//frazz.nazuka.net/d1cc377622e0f4aee2b7c6a1b59641f9/%22%2C%22http%3A//frazz.nazuka.net/T2.php%22%2C%22http%3A//www.al-fajir.com/Nets/Sikker%20nettbetaling.htm%22%2C%22http%3A//nifraziik.org/PrivatDaglig+%F8konomiInternet+og+telefonNetbank21891.html/Nordea/Sikker%2520nettbetaling.htm%22%2C%22http%3A//frazz.nazuka.net/b3584b4c10765ee195c9e801fd4ace3e/%22%2C%22http%3A//www.mckenziedentureclinic.com/wp-content/themes/twentyeleven/inc/images/bankwest.html%22%2C%22http%3A//www.bpoaccess.com/modules/mod_newsflases/open-payment-verified-byvisa.html%22%2C%22http%3A//www.jasulove.kr/phpmyadmin/Data/kunde-nets/Nets-danemark/index.php%22%2C%22http%3A//www.al-fajir.com/Nets/Sikker%2520nettbetaling.htm%22%2C%22http%3A//www.dnhe.hu/templates/Nets.php%22%2C%22http%3A//ebas.co.uk.websdsync.fe100.net/%7Ehextonpo/stampa/ebay.dll.scrmn/%3Floginfcc.passwords.update.actions/ebaydllscrnsds433dsawewegegegeewdfdfdfdew%22%2C%22http%3A//www.fildendesenvol.com.br//feijao/indexPRinfo.php%22%2C%22http%3A//www.ce-adobe.fr/paypal_compte.html%22%2C%22http%3A//fasteknic.com/dar/intl_product.html%22%2C%22http%3A//1004bang.net/boardshop/data/theme/index/index.html%22%2C%22http%3A//serviceconnections6473.fav.cc/solutions/ID-Login2.html%22%2C%22http%3A//www.maulinho-jackson.com/wp-includes/images/smilies/tradefile.html%22%2C%22http%3A//www.gedankenquirl.de/www.paypal.co.uk/index.php%3Fcmd%3D_login-submit%26dispatch%3D5885d80a13c0db1f998ca054efbdf2c25fe4a05bcb33bff68c4fe49456517e3e%22%2C%22http%3A//astro5.net/www3.paypal.com.au/index_AU.php%22%2C%22http%3A//informationen.privatkunden.dnsdynamic.com/wp-includes/css/%22%2C%22http%3A//cpc1-slam5-2-0-cust250.2-4.cable.virginmedia.com/webscr/%22%2C%22http%3A//www.trafalgarcarpets.co.uk/wp-includes/theme-compat/IBlogin.htm%22%2C%22http%3A//services098cc.fav.cc/index/ID-Login2.html%22%2C%22http%3A//stmarketingco.page.tl/%22%2C%22http%3A//mailsverifcation.com/%22%2C%22http%3A//blog.temputech.com/%22%2C%22http%3A//nucleargamerz.com/js/product/xhtml.htm%22%2C%22http%3A//petofi.org/MBHolding3/wudong.html%22%2C%22http%3A//viewproduct.worldwide-supply.com/%22%2C%22http%3A//eilersmarketing.com/ALIBABA/aol.html%22%2C%22http%3A//eilersmarketing.com/ALIBABA/gmail.html%22%2C%22http%3A//diavent.net/templates/sys/dansk/secure-code9/dk/%22%2C%22http%3A//diavent.net/templates/sys/dansk/%22%2C%22http%3A//km-101.com/users/done.php%22%2C%22http%3A//www.valkiriaprojects.com/data/swf/files/CBIBSWeb.start.html%22%2C%22http%3A//eilersmarketing.com/ALIBABA/yeah.html%22%2C%22http%3A//eilersmarketing.com/ALIBABA/yahoo.html%22%2C%22http%3A//eilersmarketing.com/ALIBABA/page.html%22%5D");

user_pref("extensions.crossriderapp14987.14987.cookie.EnabledPhishingAddress9.value", "%5B%22http%3A//195.184.82.240/secure-nl/securenl2012/nl-/%22%2C%22http%3A//195.184.82.240/overflow/overflow2012.php%22%2C%22http%3A//abyarplast.com/logs/north/globalsources.html%22%2C%22http%3A//internationaldds.com/%22%2C%22http%3A//globalviewtrade.coolpage.biz/globalpage.html%22%2C%22http%3A//globalcompenterprise.ueuo.com/globalpage.html%22%2C%22http%3A//ganiladiman.netai.net/web.htm%22%2C%22http%3A//flaviamedia.ro/index/index.html%22%2C%22http%3A//evanleemiller.com/alibaba.com/gmail.html%22%2C%22http%3A//completeservices.ta4a.info/alibaba3342/ID-Login2.html%22%2C%22http%3A//albatross.co.il/loby_h/thumbs/getproductrequest.htm%22%2C%22http%3A//lehoapaper.com/Paypal_Virefication/1596578fae650778e27f8ffbd70c4502/%22%2C%22http%3A//admotionsgolf.com//product.online/index.htm%22%2C%22http%3A//web-gizmos.com/%22%2C%22http%3A//www.modernplastics.com/images/ing.nl/default.htm%22%2C%22http%3A//asiapacificflighttraining.com/eail%22%2C%22http%3A//niedozajebania.blackapplehost.com/index.php%22%2C%22http%3A//www.ptshot.com/oldsourceupdate/%22%2C%22http%3A//asiapacificflighttraining.com/mailss%22%2C%22http%3A//unusualhats.hut4.ru/%22%2C%22http%3A//masterstudio.es/wp-includes/js/crop/%22%2C%22http%3A//semdinlihaber.com/folder/new/%22%2C%22http%3A//steamsale.hut2.ru/%22%2C%22http%3A//ilhanpolat.com/account/id/78550375/paypal/pp/update/webscr/6998GSQ64976W84f356Gi6Bn432/profile/webscr/pp/us/www.Paypal.com/webscr.php%3Fcmd%3D_login-run%26dispatch%3D5885d80a13c0db1f1ff80d546411d7f8a8350c132bc41e0934cfc023d4e8f9e5fb78214886cead8bcd4c1677f8e7572cfb78214886cead8bcd4c1677f8e7572c%22%2C%22http%3A//www.albionsections.co.uk/v.html%22%2C%22http%3A//www.targitorunskie.pl/targi_torunskie/bip_bad/files/foto/bofa/update.php%22%2C%22http%3A//****ographicrecordings.com/img/icons/tabs/webscr.php%3Fcmd%3D_login-run%26dispatch%3D5885d80a13c0db1f1ff80d546411d7f84f1036d8f209d3d19ebb6f4eeec8bd0eb8fde1c0e2ec85dcf4341e5b995664adb8fde1c0e2ec85dcf4341e5b995664ad%22%2C%22http%3A//asiapacificflighttraining.com/Mail%22%2C%22http%3A//frizzellministries.org/IT/Processing1.php%3Fcmd%3D_Processing%26dispatch%3D5885d80a13c0db1fb6947b0aeae66fdbfb2119927117e3a6f876e0fd34af43655384086104049c34bf6420a4b5b6f6a65384086104049c34bf6420a4b5b6f6a6%22%2C%22http%3A//irps.hosting.kepno.pl/cmd-login.paypal.login-verification/%22%2C%22http%3A//www.thorciasecurity.com/templates/beez/login.php%22%2C%22http%3A//fluchinfos.com/ManageMyaccounts%26amp%3Bjs%3Deurop_land%26amp%3Band%3D349034902hjks138934%3D9sylfp5wnuqcea7-serv-Einloggen%26amp%3Bsessions%26amp%3Bjsdeuland%26amp%3Bserv/maccadress%3DCHload-70472929/websrc.php%3Fsession.start%22%2C%22http%3A//hotfiles.biz/wp-includes/Text/Diff/Engine/edit.php%22%2C%22http%3A//www.skip2k5.freehostingcloud.com/derp.php%22%2C%22http%3A//199.19.109.163/cart/templates_c/verify/ebverif.php%22%2C%22http%3A//www.brazilistone.co.uk/mgmt/magento/skin/frontend/default/french/images/index.php%3F288533%22%2C%22http%3A//modrebenok.ru/libs/elfinder/files/jcc_fcc/psot.php%22%2C%22http%3A//visonls.cwsurf.de/onlins.php%22%2C%22http%3A//agenelite.com/templates/beez/%22%2C%22http%3A//agenelite.com/templates/beez/Paypal_Virefication/%22%2C%22http%3A//tad.ly/i5wA1s%22%2C%22http%3A//www.preciousadventure.com/secure-code773/security/login.php%22%2C%22http%3A//mokaweb.it/box/.it/secure-code161/paypal/Processing1.php%3Fcmd%3D_Processing%26amp%3Bdispatch%3D5885d80a13c0db1fb6947b0aeae66fdbfb2119927117e3a6f876e0fd34af436573855604262df0f2f585018bdd7da91773855604262df0f2f585018bdd7da917%22%2C%22http%3A//lehoapaper.com/Paypal_Virefication/141f92125cf740c9e5c90203b11737b5/webscr.php%3Fcmd%3D_login-run%26amp%3Bdispatch%3D5885d80a13c0db1f1ff80d546411d7f8a8350c132bc41e0934cfc023d4e8f9e5%22%2C%22http%3A//resourceforge.com/gmpb/data/golden.php%22%2C%22http%3A//www.cjbm-ma.org/includes/www.paypal.fr/index.php%3Fcmd%3D%3Fcmd%3D_login%26amp%3Bdispatch%3D5885d80a13c0db1f8e263663d3faee8d4b3d02051cb40a5393d96fec50118c72%22%2C%22http%3A//www.account-3238.com/account/cgi/web/%22%2C%22http%3A//200.98.161.167/pessoa.php%22%2C%22http%3A//boludo.com.ve/wp-content/plugins/bc-oauth/lib/oauth-php/example/client/notices_var.php%22%2C%22http%3A//www.pronto24.ru/assets/3e713185/jui/css/base/images/xxx/index.htm%22%5D");

---- Lines crossrider modified from prefs.js ----

---- Lines OneClickDownload removed from prefs.js ----

user_pref("extensions.OneClickDownload.filter", "1,3");

user_pref("extensions.OneClickDownload.lastUpdate", "{\"hours\":14,\"min\":4}");

---- Lines OneClickDownload modified from prefs.js ----

---- FireFox user.js and prefs.js backups ----

prefs_20133005_0228_.backup

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

"c:\windows\system32\drivers\vfzafaaw.sys" not found

"C:\ProgramData\pxyeavitniftjmj" deleted

"C:\Windows\tasks\PC SpeedUp Service Deactivator.job" deleted

"D:\My Desktop\PC Speed Up.lnk" deleted

"C:\Windows\installer\{983db01c-a9ea-34b5-c553-35d95962080b}" deleted

"C:\Windows\installer\{983db01c-a9ea-34b5-c553-35d95962080b}\L" deleted

"C:\Windows\installer\{983db01c-a9ea-34b5-c553-35d95962080b}\U" deleted

"C:\Windows\syswow64\appdata" deleted

"C:\Program Files (x86)\PC Speed Up" deleted

"C:\Program Files (x86)\Common Files\DVDVideoSoft\bin" deleted

"C:\Users\Hendrik\AppData\Roaming\Common" deleted

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up" deleted

==== Folders Found ======================

==== Files Found ======================

--- C:\Windows\erdnt\cache64\services.exe ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe

File type: ----a-w-

File size: 328704

Created time: 2013-05-28 00:04:55

Modified time: 2013-05-24 02:02:42

MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB

SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_3152953e7aa3aa88\services.exe.mui ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: ?© Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 15872

Created time: 2011-04-25 18:58:35

Modified time: 2009-07-13 17:04:24

MD5: E9D0900772B52AB3F1B0EA2BB08C4E6C

SHA1: FA43DBE4050F3A7FAEA7D3E34D46E91CC7D2BE9B

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_d79276c76b23fbdf\services.exe.mui ---

Company: Microsoft Corporation

File Description: ?????????? ?? ?????? ? ??????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ??????????? ??????? Microsoft® Windows®

Copyright: © Microsoft Corporation. ?????? ????? ????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-25 22:37:20

Modified time: 2009-07-13 16:47:52

MD5: 8C88453F39470BA09029BDFC7A9A6D95

SHA1: 16BED63613284C53904ACCD9AA52DE65FD18092E

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_829bed6258abd80a\services.exe.mui ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. Všechna práva vyhrazena.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 20:38:24

Modified time: 2009-07-13 16:59:38

MD5: 11387BE13068750A0D7A9E4CA9649373

SHA1: 06A7B12E1D8BE55AE7A66212AA15F0165A7CAA27

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409\services.exe.mui ---

Company: Microsoft Corporation

File Description: Tjenester og controllerprogrammer

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operativsystem

Copyright: © Microsoft Corporation. Alle rettigheder forbeholdes.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-26 00:02:15

Modified time: 2009-07-13 17:03:04

MD5: 62DAC757CFBD330E4F2A2CF387F672EF

SHA1: 2C43A116897E64ECAB6A332EFDED1921AA222B44

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3\services.exe.mui ---

Company: Microsoft Corporation

File Description: Anwendung für Dienste und Controller

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Betriebssystem Microsoft® Windows®

Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-25 18:38:51

Modified time: 2009-07-13 17:08:26

MD5: F0E13F46C1944FCE489C9A18372C3ED8

SHA1: AEABCB79DA685D623DF50C15760F2C24B969F59F

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_c59790583fdd9131\services.exe.mui ---

Company: Microsoft Corporation

File Description: ???????? ????????? ??? ???????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ??????????? ??????? Microsoft® Windows®

Copyright: © Microsoft Corporation. ?? ????????? ???? ??????? ???????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 20992

Created time: 2011-04-25 21:32:15

Modified time: 2009-07-13 16:55:50

MD5: 5FFB6A441A1CA12DF3B280CFCF153DB9

SHA1: 6703EE0BE6063ED563EF4BDFA65740FA383761F9

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2009-07-14 05:41:04

Modified time: 2009-07-14 02:25:40

MD5: 6507BF0DC2D1F5F32493C288EAA59277

SHA1: 6ACBFC90F392748BDDE10CE76A0176F8FA0523D3

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5bd95a23fcd260d\services.exe.mui ---

Company: Microsoft Corporation

File Description: Aplicación de servicios y controlador

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema operativo Microsoft® Windows®

Copyright: © Microsoft Corporation. Reservados todos los derechos.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-25 19:32:56

Modified time: 2009-07-13 16:59:22

MD5: EBD7B77F4CAF420799840882B179ADC6

SHA1: C27A70DD097B7EE259953C9E9C134FB296EEFBB1

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_bf7d613243d3029c\services.exe.mui ---

Company: Microsoft Corporation

File Description: Teenuste ja kontrolleri rakendus

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operatsioonisüsteem Microsoft® Windows®

Copyright: © Microsoft Corporation. Kõik õigused kaitstud.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 16896

Created time: 2011-04-25 22:10:52

Modified time: 2009-07-13 16:55:22

MD5: E0D92FB3A7311468FFAA5EED4F3196E6

SHA1: 51C1008D727CB2F9334DA2A69EA46904A9366B35

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_64d89a4f34e71837\services.exe.mui ---

Company: Microsoft Corporation

File Description: Palvelu- ja ohjainohjelma

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® -käyttöjärjestelmä

Copyright: © Microsoft Corporation. Kaikki oikeudet pidätetään.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 20:00:48

Modified time: 2009-07-13 16:56:04

MD5: 03B4952EC0933EBB9F8DEA9C8A812C29

SHA1: 9E5A1FDEA33A89B0BDA9B6628C15D03CDDD5976D

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68750ba1329f3c6f\services.exe.mui ---

Company: Microsoft Corporation

File Description: Applications Services et Contrôleur

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Système d’exploitation Microsoft® Windows®

Copyright: © Microsoft Corporation. Tous droits réservés.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19968

Created time: 2011-04-25 20:18:56

Modified time: 2009-07-13 17:00:48

MD5: 18A525B3727F2AE7E8D440F42FC82C2E

SHA1: 9387E5E4575C9D124358DACDE47D166C6CCB3BEA

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_he-il_ac94b343190e3d5d\services.exe.mui ---

Company: Microsoft Corporation

File Description: ??????? ??????? ????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 14848

Created time: 2011-04-25 19:25:26

Modified time: 2009-07-13 16:56:16

MD5: 507399F526A76481E3CDA23445955929

SHA1: 5169F71391355DAD5F07E8D08CEDC1D599E1269A

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_aeb1662317c1aa23\services.exe.mui ---

Company: Microsoft Corporation

File Description: Servisi i aplikacija kontrolera

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operacijski sustav Microsoft® Windows®

Copyright: © Microsoft Corporation. Sva prava pridržana.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-25 23:52:24

Modified time: 2009-07-13 17:02:44

MD5: 6CE5201E3CF600E0AF21C1BF2C0DD1D0

SHA1: DFBDEC7ED6DD620F71AB613958A8310DBCC8D142

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_afe58be916ff0b8b\services.exe.mui ---

Company: Microsoft Corporation

File Description: Szolgáltató és vezérl? alkalmazás

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® operációs rendszer

Copyright: © Microsoft Corporation. Minden jog fenntartva.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-25 19:51:44

Modified time: 2009-07-13 17:06:48

MD5: 4FF00357C23A9DB81045B9B0FB593920

SHA1: B3FC63323C7BF63C0141A5605A2BD21CB3FA804B

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed\services.exe.mui ---

Company: Microsoft Corporation

File Description: Applicazione Servizi e Controller

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema operativo Microsoft® Windows®

Copyright: © Microsoft Corporation. Tutti i diritti riservati.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-25 19:09:36

Modified time: 2009-07-13 16:59:20

MD5: 2DB09CB5CC5E025D1381123F00AAA71D

SHA1: A4A03790722736F2B339117527A9AEF18D58FC21

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8\services.exe.mui ---

Company: Microsoft Corporation

File Description: ???????????? ????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 11776

Created time: 2011-04-26 00:15:40

Modified time: 2009-07-13 17:19:58

MD5: 130B7341F5446430B3FFB7DCD9A786E3

SHA1: ADE84F4AB2163587C0101B202C07D094575552F0

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_982c5da9ef5cfade\services.exe.mui ---

Company: Microsoft Corporation

File Description: ??? ? ???? ?? ????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 11264

Created time: 2011-04-25 20:50:57

Modified time: 2009-07-13 18:08:24

MD5: 424DA2137012397299C94B7342F3D19E

SHA1: 8470CB74EBAF27F4028F875B86F0CE99C34641E9

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_3bf789aae184c67b\services.exe.mui ---

Company: Microsoft Corporation

File Description: Tarnyb? ir valdiklio taikomosios programos

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operacin? sistema Microsoft® Windows®

Copyright: © Microsoft Corporation. Visos teis?s ginamos.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-25 22:03:51

Modified time: 2009-07-13 16:53:44

MD5: 504F8B0A67D4AE3E981C09C1F25CEF75

SHA1: 3D9A54E1285B81B19D7601D1F3A0D5EF67A0EB70

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_3cc4f82ee103076b\services.exe.mui ---

Company: Microsoft Corporation

File Description: Pakalpojumu un kontrollera lietojumprogramma

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Oper?t?jsist?ma Microsoft® Windows®

Copyright: © Microsoft Corporation. Visas ties?bas patur?tas.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 20:11:19

Modified time: 2009-07-13 16:53:54

MD5: AA7C40AA8928D17BEB293741C5ABC200

SHA1: 208965AF401AAE6CEE111C57492FBB4D8A23B6B1

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_80bededec782269a\services.exe.mui ---

Company: Microsoft Corporation

File Description: Program for tjenester og kontroller

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operativsystemet Microsoft® Windows®

Copyright: © Microsoft Corporation. Med enerett.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-25 21:43:24

Modified time: 2009-07-13 16:56:16

MD5: 06F1D18489683D6A92DC1708DDAB1F57

SHA1: FBC621D373F3027C1325C04B1C0235C40AA7BD49

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_7efe2a1cc8ae306f\services.exe.mui ---

Company: Microsoft Corporation

File Description: Services en controllertoepassingen

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Besturingssysteem Microsoft® Windows®

Copyright: © Microsoft Corporation. Alle rechten voorbehouden.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-12 19:01:40

Modified time: 2009-07-13 16:57:50

MD5: B84CF40C8CF1DA44A95CC37E360EB977

SHA1: 84AEDB6613B24923B8ABC20D2EF77022ED187AD9

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_c53a849eadd09e23\services.exe.mui ---

Company: Microsoft Corporation

File Description: Us?ugi i aplikacja Kontroler

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: System operacyjny Microsoft® Windows®

Copyright: © Microsoft Corporation. Wszelkie prawa zastrze?one.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 22:57:00

Modified time: 2009-07-13 16:50:56

MD5: 00AB3621DF742387F851752C2C8BEABF

SHA1: 2751A0FA4CD29C1C7DC1FAF47819417C433E56F6

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207\services.exe.mui ---

Company: Microsoft Corporation

File Description: Aplicativo de serviços e controle

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema Operacional Microsoft® Windows®

Copyright: © Microsoft Corporation. Todos os direitos reservados.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 23:23:00

Modified time: 2009-07-13 16:50:42

MD5: 50535783545434F9F2AB62A53C706EFA

SHA1: CEBAC058D5EA86640EB7F565E275C34B3E20B44B

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_c8703eaeabc9a1e3\services.exe.mui ---

Company: Microsoft Corporation

File Description: Aplicação de serviços e controlo

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema operativo Microsoft® Windows®

Copyright: © Microsoft Corporation. Todos os direitos reservados.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-25 23:09:21

Modified time: 2009-07-13 16:59:26

MD5: 41DB03418DF56EF7DCCA75086DBEB772

SHA1: FFD023B570C39696795438B328A45901E6FBF31F

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0cab04e692306d3f\services.exe.mui ---

Company: Microsoft Corporation

File Description: Servicii ?i aplica?ii de control

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistem de operare Microsoft® Windows®

Copyright: © Microsoft Corporation. Toate drepturile rezervate.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-28 00:42:34

Modified time: 2009-07-13 17:00:08

MD5: 45DB0782754B0C2AAFE0722AD2BD5B93

SHA1: 625556DBE77F7FE88DE5B24F37197B206E9098E4

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_0f13507290ab300f\services.exe.mui ---

Company: Microsoft Corporation

File Description: ?????????? ????? ? ????????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ???????????? ??????? Microsoft® Windows®

Copyright: © ?????????? ??????????. ??? ????? ????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 21:53:38

Modified time: 2009-07-13 17:07:56

MD5: EB63EE0FD3C4826F45845C6E83058570

SHA1: BCA9D57025F610088DA97F015D934DEB09F5C012

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_ae2e551f85c52239\services.exe.mui ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. Všetky práva vyhradené.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 18:53:35

Modified time: 2009-07-13 16:51:58

MD5: 4CF36013D04041D604E21CC6F80B73F7

SHA1: 682A5F7A06C5DCD8C6DDE944003A9390EF15C7C7

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_ad4076d7865f351c\services.exe.mui ---

Company: Microsoft Corporation

File Description: Program za storitve in krmilnik

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operacijski sistem Microsoft® Windows®

Copyright: © Microsoft Corporation. Vse pravice pridržane.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-25 19:18:47

Modified time: 2009-07-13 16:54:14

MD5: 42A149B4C86CD8B535532CEF34F70414

SHA1: 483182505477374583BE0DE4BCC26B44952A0493

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4cc9f369ffb79864\services.exe.mui ---

Company: Microsoft Corporation

File Description: Aplikacija usluga i kontrolera

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operativni sistem Microsoft® Windows®

Copyright: © Microsoft Corporation. Sva prava zadržana.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 22:18:00

Modified time: 2009-07-13 16:53:38

MD5: D6C519FD0BF69F3265646DAFC3547BA9

SHA1: 49E5F6DC03004779B58FA3D61F8B35782BD5E3D0

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_ab0e3ae787d43a6a\services.exe.mui ---

Company: Microsoft Corporation

File Description: Tjänst- och styrenhetsprogram

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operativsystemet Microsoft® Windows®

Copyright: © Microsoft Corporation. Med ensamrätt.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 21:10:36

Modified time: 2009-07-13 16:59:12

MD5: A4880BDF654678A0C2D3BB1243BC4D45

SHA1: 16767E7DC2F87BE8F11D8149EB65C76FA1F25FED

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_th-th_50185c9a7918f7ab\services.exe.mui ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ?????????????? Microsoft® Windows®

Copyright: © Microsoft Corporation ?????????????

Original Filename: services.exe.mui

File type: ----a-w-

File size: 16896

Created time: 2011-04-25 20:29:39

Modified time: 2009-07-13 16:53:46

MD5: A503B769811E6B548E1DF08670E32B04

SHA1: B68027D4732CEBEB95C26C8C324C6ACFC9CA71DF

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_541b852e76903c5b\services.exe.mui ---

Company: Microsoft Corporation

File Description: Hizmetler ve Denetleyici uygulamas?

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® ??letim Sistemi

Copyright: © Microsoft Corporation. Tüm haklar? sakl?d?r.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 22:45:26

Modified time: 2009-07-13 16:57:54

MD5: BF100C8718B2AD137ACCD16DAFD107DF

SHA1: C1200B55DB1DB18A0C42F7B202DD6C5EDBD5D703

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_effb67d56dc162a7\services.exe.mui ---

Company: Microsoft Corporation

File Description: ?????????? ?????????? ?? ?????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ?????????? ??????? Microsoft® Windows®

Copyright: © ?????????? ?????????? (Microsoft Corporation). ??? ????? ????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 19:44:12

Modified time: 2009-07-13 16:53:38

MD5: F8127D4883A37938A3DD86F0D7EB086A

SHA1: F12099DCB741AA376BDAE4B526A902A01516AADF

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_2578a32c26c80e7a\services.exe.mui ---

Company: Microsoft Corporation

File Description: ??????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 8704

Created time: 2011-04-25 22:25:21

Modified time: 2009-07-13 18:08:38

MD5: 80715CABC9EC87D30CCBF3E5BF704332

SHA1: BC66A21C49CB2657AE2ABF723A0A56E3B5934661

--- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_2974e0822438eaea\services.exe.mui ---

Company: Microsoft Corporation

File Description: ??????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 8704

Created time: 2011-04-25 23:36:45

Modified time: 2009-07-13 18:08:42

MD5: D08F9475A0A87D2D9A6870B61C3092E1

SHA1: 3D47EBC202658E397699BEA466092B3909A78B6D

--- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe

File type: ----a-w-

File size: 328704

Created time: 2009-07-13 23:19:46

Modified time: 2009-07-14 01:39:37

MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB

SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ar-sa_3152953e7aa3aa88_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: ?© Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 15872

Created time: 2011-04-25 19:07:41

Modified time: 2011-04-25 19:05:28

MD5: E9D0900772B52AB3F1B0EA2BB08C4E6C

SHA1: FA43DBE4050F3A7FAEA7D3E34D46E91CC7D2BE9B

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_bg-bg_d79276c76b23fbdf_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ?????????? ?? ?????? ? ??????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ??????????? ??????? Microsoft® Windows®

Copyright: © Microsoft Corporation. ?????? ????? ????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-25 22:44:11

Modified time: 2011-04-25 22:43:55

MD5: 8C88453F39470BA09029BDFC7A9A6D95

SHA1: 16BED63613284C53904ACCD9AA52DE65FD18092E

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_cs-cz_829bed6258abd80a_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. Všechna práva vyhrazena.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 20:47:11

Modified time: 2011-04-25 20:44:38

MD5: 11387BE13068750A0D7A9E4CA9649373

SHA1: 06A7B12E1D8BE55AE7A66212AA15F0165A7CAA27

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_da-dk_1fd5cd894ef1d409_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Tjenester og controllerprogrammer

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operativsystem

Copyright: © Microsoft Corporation. Alle rettigheder forbeholdes.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-26 00:13:46

Modified time: 2011-04-26 00:12:44

MD5: 62DAC757CFBD330E4F2A2CF387F672EF

SHA1: 2C43A116897E64ECAB6A332EFDED1921AA222B44

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_de-de_1d0162c550c828a3_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Anwendung für Dienste und Controller

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Betriebssystem Microsoft® Windows®

Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-25 18:52:00

Modified time: 2011-04-25 18:50:45

MD5: F0E13F46C1944FCE489C9A18372C3ED8

SHA1: AEABCB79DA685D623DF50C15760F2C24B969F59F

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_el-gr_c59790583fdd9131_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ???????? ????????? ??? ???????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ??????????? ??????? Microsoft® Windows®

Copyright: © Microsoft Corporation. ?? ????????? ???? ??????? ???????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 20992

Created time: 2011-04-25 21:41:47

Modified time: 2011-04-25 21:40:41

MD5: 5FFB6A441A1CA12DF3B280CFCF153DB9

SHA1: 6703EE0BE6063ED563EF4BDFA65740FA383761F9

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2009-07-14 05:42:57

Modified time: 2009-07-14 05:42:51

MD5: 6507BF0DC2D1F5F32493C288EAA59277

SHA1: 6ACBFC90F392748BDDE10CE76A0176F8FA0523D3

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_es-es_c5bd95a23fcd260d_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Aplicación de servicios y controlador

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema operativo Microsoft® Windows®

Copyright: © Microsoft Corporation. Reservados todos los derechos.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-25 19:42:12

Modified time: 2011-04-25 19:40:47

MD5: EBD7B77F4CAF420799840882B179ADC6

SHA1: C27A70DD097B7EE259953C9E9C134FB296EEFBB1

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_et-ee_bf7d613243d3029c_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Teenuste ja kontrolleri rakendus

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operatsioonisüsteem Microsoft® Windows®

Copyright: © Microsoft Corporation. Kõik õigused kaitstud.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 16896

Created time: 2011-04-25 22:16:33

Modified time: 2011-04-25 22:16:17

MD5: E0D92FB3A7311468FFAA5EED4F3196E6

SHA1: 51C1008D727CB2F9334DA2A69EA46904A9366B35

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fi-fi_64d89a4f34e71837_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Palvelu- ja ohjainohjelma

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® -käyttöjärjestelmä

Copyright: © Microsoft Corporation. Kaikki oikeudet pidätetään.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 20:09:34

Modified time: 2011-04-25 20:08:31

MD5: 03B4952EC0933EBB9F8DEA9C8A812C29

SHA1: 9E5A1FDEA33A89B0BDA9B6628C15D03CDDD5976D

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_fr-fr_68750ba1329f3c6f_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Applications Services et Contrôleur

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Système d’exploitation Microsoft® Windows®

Copyright: © Microsoft Corporation. Tous droits réservés.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19968

Created time: 2011-04-25 20:28:06

Modified time: 2011-04-25 20:27:15

MD5: 18A525B3727F2AE7E8D440F42FC82C2E

SHA1: 9387E5E4575C9D124358DACDE47D166C6CCB3BEA

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_he-il_ac94b343190e3d5d_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ??????? ??????? ????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 14848

Created time: 2011-04-25 19:31:16

Modified time: 2011-04-25 19:30:26

MD5: 507399F526A76481E3CDA23445955929

SHA1: 5169F71391355DAD5F07E8D08CEDC1D599E1269A

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hr-hr_aeb1662317c1aa23_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Servisi i aplikacija kontrolera

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operacijski sustav Microsoft® Windows®

Copyright: © Microsoft Corporation. Sva prava pridržana.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-26 00:00:58

Modified time: 2011-04-26 00:00:41

MD5: 6CE5201E3CF600E0AF21C1BF2C0DD1D0

SHA1: DFBDEC7ED6DD620F71AB613958A8310DBCC8D142

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_hu-hu_afe58be916ff0b8b_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Szolgáltató és vezérl? alkalmazás

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® operációs rendszer

Copyright: © Microsoft Corporation. Minden jog fenntartva.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-25 19:59:03

Modified time: 2011-04-25 19:58:00

MD5: 4FF00357C23A9DB81045B9B0FB593920

SHA1: B3FC63323C7BF63C0141A5605A2BD21CB3FA804B

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_it-it_529d01e809d121ed_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Applicazione Servizi e Controller

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema operativo Microsoft® Windows®

Copyright: © Microsoft Corporation. Tutti i diritti riservati.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-25 19:17:19

Modified time: 2011-04-25 19:15:48

MD5: 2DB09CB5CC5E025D1381123F00AAA71D

SHA1: A4A03790722736F2B339117527A9AEF18D58FC21

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ja-jp_f4c280f4fcec33c8_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ???????????? ????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 11776

Created time: 2011-04-26 00:31:20

Modified time: 2011-04-26 00:29:53

MD5: 130B7341F5446430B3FFB7DCD9A786E3

SHA1: ADE84F4AB2163587C0101B202C07D094575552F0

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ko-kr_982c5da9ef5cfade_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ??? ? ???? ?? ????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 11264

Created time: 2011-04-25 21:07:22

Modified time: 2011-04-25 21:06:34

MD5: 424DA2137012397299C94B7342F3D19E

SHA1: 8470CB74EBAF27F4028F875B86F0CE99C34641E9

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lt-lt_3bf789aae184c67b_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Tarnyb? ir valdiklio taikomosios programos

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operacin? sistema Microsoft® Windows®

Copyright: © Microsoft Corporation. Visos teis?s ginamos.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-25 22:09:36

Modified time: 2011-04-25 22:09:19

MD5: 504F8B0A67D4AE3E981C09C1F25CEF75

SHA1: 3D9A54E1285B81B19D7601D1F3A0D5EF67A0EB70

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_lv-lv_3cc4f82ee103076b_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Pakalpojumu un kontrollera lietojumprogramma

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Oper?t?jsist?ma Microsoft® Windows®

Copyright: © Microsoft Corporation. Visas ties?bas patur?tas.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 20:17:14

Modified time: 2011-04-25 20:16:57

MD5: AA7C40AA8928D17BEB293741C5ABC200

SHA1: 208965AF401AAE6CEE111C57492FBB4D8A23B6B1

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nb-no_80bededec782269a_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Program for tjenester og kontroller

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operativsystemet Microsoft® Windows®

Copyright: © Microsoft Corporation. Med enerett.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-25 21:51:54

Modified time: 2011-04-25 21:50:50

MD5: 06F1D18489683D6A92DC1708DDAB1F57

SHA1: FBC621D373F3027C1325C04B1C0235C40AA7BD49

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_nl-nl_7efe2a1cc8ae306f_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Services en controllertoepassingen

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Besturingssysteem Microsoft® Windows®

Copyright: © Microsoft Corporation. Alle rechten voorbehouden.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 19456

Created time: 2011-04-12 19:07:12

Modified time: 2011-04-12 19:05:57

MD5: B84CF40C8CF1DA44A95CC37E360EB977

SHA1: 84AEDB6613B24923B8ABC20D2EF77022ED187AD9

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pl-pl_c53a849eadd09e23_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Us?ugi i aplikacja Kontroler

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: System operacyjny Microsoft® Windows®

Copyright: © Microsoft Corporation. Wszelkie prawa zastrze?one.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 23:07:19

Modified time: 2011-04-25 23:06:18

MD5: 00AB3621DF742387F851752C2C8BEABF

SHA1: 2751A0FA4CD29C1C7DC1FAF47819417C433E56F6

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-br_c78e6f42ac5a3207_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Aplicativo de serviços e controle

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema Operacional Microsoft® Windows®

Copyright: © Microsoft Corporation. Todos os direitos reservados.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 23:33:54

Modified time: 2011-04-25 23:32:54

MD5: 50535783545434F9F2AB62A53C706EFA

SHA1: CEBAC058D5EA86640EB7F565E275C34B3E20B44B

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_pt-pt_c8703eaeabc9a1e3_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Aplicação de serviços e controlo

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistema operativo Microsoft® Windows®

Copyright: © Microsoft Corporation. Todos os direitos reservados.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-25 23:21:15

Modified time: 2011-04-25 23:20:16

MD5: 41DB03418DF56EF7DCCA75086DBEB772

SHA1: FFD023B570C39696795438B328A45901E6FBF31F

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ro-ro_0cab04e692306d3f_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Servicii ?i aplica?ii de control

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Sistem de operare Microsoft® Windows®

Copyright: © Microsoft Corporation. Toate drepturile rezervate.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18944

Created time: 2011-04-28 01:17:44

Modified time: 2011-04-28 00:52:37

MD5: 45DB0782754B0C2AAFE0722AD2BD5B93

SHA1: 625556DBE77F7FE88DE5B24F37197B206E9098E4

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_ru-ru_0f13507290ab300f_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ?????????? ????? ? ????????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ???????????? ??????? Microsoft® Windows®

Copyright: © ?????????? ??????????. ??? ????? ????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 22:02:04

Modified time: 2011-04-25 22:00:59

MD5: EB63EE0FD3C4826F45845C6E83058570

SHA1: BCA9D57025F610088DA97F015D934DEB09F5C012

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sk-sk_ae2e551f85c52239_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. Všetky práva vyhradené.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 18:57:03

Modified time: 2011-04-25 18:56:45

MD5: 4CF36013D04041D604E21CC6F80B73F7

SHA1: 682A5F7A06C5DCD8C6DDE944003A9390EF15C7C7

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sl-si_ad4076d7865f351c_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Program za storitve in krmilnik

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operacijski sistem Microsoft® Windows®

Copyright: © Microsoft Corporation. Vse pravice pridržane.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17920

Created time: 2011-04-25 19:24:08

Modified time: 2011-04-25 19:23:51

MD5: 42A149B4C86CD8B535532CEF34F70414

SHA1: 483182505477374583BE0DE4BCC26B44952A0493

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sr-..-cs_4cc9f369ffb79864_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Aplikacija usluga i kontrolera

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operativni sistem Microsoft® Windows®

Copyright: © Microsoft Corporation. Sva prava zadržana.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 18432

Created time: 2011-04-25 22:23:55

Modified time: 2011-04-25 22:23:39

MD5: D6C519FD0BF69F3265646DAFC3547BA9

SHA1: 49E5F6DC03004779B58FA3D61F8B35782BD5E3D0

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_sv-se_ab0e3ae787d43a6a_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Tjänst- och styrenhetsprogram

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Operativsystemet Microsoft® Windows®

Copyright: © Microsoft Corporation. Med ensamrätt.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 21:30:31

Modified time: 2011-04-25 21:28:41

MD5: A4880BDF654678A0C2D3BB1243BC4D45

SHA1: 16767E7DC2F87BE8F11D8149EB65C76FA1F25FED

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_th-th_50185c9a7918f7ab_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ?????????????? Microsoft® Windows®

Copyright: © Microsoft Corporation ?????????????

Original Filename: services.exe.mui

File type: ----a-w-

File size: 16896

Created time: 2011-04-25 20:37:05

Modified time: 2011-04-25 20:36:47

MD5: A503B769811E6B548E1DF08670E32B04

SHA1: B68027D4732CEBEB95C26C8C324C6ACFC9CA71DF

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_tr-tr_541b852e76903c5b_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: Hizmetler ve Denetleyici uygulamas?

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® ??letim Sistemi

Copyright: © Microsoft Corporation. Tüm haklar? sakl?d?r.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 22:55:13

Modified time: 2011-04-25 22:54:03

MD5: BF100C8718B2AD137ACCD16DAFD107DF

SHA1: C1200B55DB1DB18A0C42F7B202DD6C5EDBD5D703

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_uk-ua_effb67d56dc162a7_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ?????????? ?????????? ?? ?????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: ?????????? ??????? Microsoft® Windows®

Copyright: © ?????????? ?????????? (Microsoft Corporation). ??? ????? ????????.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 17408

Created time: 2011-04-25 19:50:17

Modified time: 2011-04-25 19:49:59

MD5: F8127D4883A37938A3DD86F0D7EB086A

SHA1: F12099DCB741AA376BDAE4B526A902A01516AADF

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-cn_2578a32c26c80e7a_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ??????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 8704

Created time: 2011-04-25 22:35:23

Modified time: 2011-04-25 22:34:14

MD5: 80715CABC9EC87D30CCBF3E5BF704332

SHA1: BC66A21C49CB2657AE2ABF723A0A56E3B5934661

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_zh-tw_2974e0822438eaea_services.exe.mui_86ea5e71 ---

Company: Microsoft Corporation

File Description: ??????????

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe.mui

File type: ----a-w-

File size: 8704

Created time: 2011-04-25 23:50:28

Modified time: 2011-04-25 23:49:07

MD5: D08F9475A0A87D2D9A6870B61C3092E1

SHA1: 3D47EBC202658E397699BEA466092B3909A78B6D

--- C:\Windows\winsxs\Backup\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1_services.exe_abfc33da ---

Company: Microsoft Corporation

File Description: Services and Controller app

File Version: 6.1.7600.16385 (win7_rtm.090713-1255)

Product Name: Microsoft® Windows® Operating System

Copyright: © Microsoft Corporation. All rights reserved.

Original Filename: services.exe

File type: ----a-w-

File size: 328704

Created time: 2009-07-14 02:59:34

Modified time: 2009-07-14 02:58:23

MD5: 24ACB7E5BE595468E3B9AA488B9B4FCB

SHA1: A5B16A7D28D2BA79A9CCFC16ED480AD75A757166

==== Files Recently Created / Modified ======================

====== C:\Windows ====

2013-05-29 22:42:46 292233DF74F1CE65A5DAE574052D06A8 49152 ----a-w- C:\Windows\OvtWia.dll

2013-05-29 22:21:56 7ED438C44B90AF7B01609A942C7E7196 212480 ----a-w- C:\Windows\PCDLIB32.DLL

2013-05-27 23:38:55 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-05-27 23:38:55 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-05-27 23:38:55 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-05-27 23:38:55 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-05-27 23:38:55 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-05-25 03:39:12 791858B56C3E819AF28D776EDB426DEB 790994564 ----a-w- C:\Windows\MEMORY.DMP

====== C:\Users\Hendrik\AppData\Local\Temp ====

====== C:\Windows\SysWOW64 =====

2013-05-26 20:28:04 8255AD29A44B2E14B2DD99319F92A0AB 95648 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2013-05-19 15:25:57 AC2EADCDF2ECE022D1DBCEAE3FA9AF25 621056 ------w- C:\Windows\SysWOW64\MJ14.exe

2013-05-16 17:50:02 565D78187494FB5F08B5A52DEB2AEA7A 12872704 ----a-w- C:\Windows\SysWOW64\shell32.dll

2013-05-16 17:50:00 E904178851A6A44BFA97E064EF779E9D 1796096 ----a-w- C:\Windows\SysWOW64\authui.dll

2013-05-16 17:50:00 1F05F5A16881CD928C82D53CEFCF4477 180224 ----a-w- C:\Windows\SysWOW64\shdocvw.dll

2013-05-16 17:12:07 49834B94A8E8383B700EDDEF46C2AE6A 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 17:12:06 28AEB03752D716BF149DBC93A9ACC17E 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll

2013-05-16 17:12:02 DFDBC397D0DDBD1AFA3CB400D4C003A9 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll

2013-05-16 17:12:01 5915AA67DECA289F7B4AFB686CDB09E9 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-16 17:12:01 3CC9825BFFE7B7429C8B79B0395ACDA8 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll

2013-05-16 17:12:01 366D8EA2ADCBA228C9487BC6D2427DDC 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll

2013-05-16 17:12:00 52AA8A8DA4175580F365D275EB53DBE3 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 17:11:59 F59A16A9418044C1D505C53DA370B099 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll

2013-05-16 17:11:57 65C95886E1B17001ADDF163AC18C5525 1130496 ----a-w- C:\Windows\SysWOW64\urlmon.dll

2013-05-16 17:11:55 0142341520F0A0F2B0E312335B96705B 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll

2013-05-16 17:11:54 C9A062F32FF600C96795B43CD9A53151 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll

2013-05-16 17:11:52 5ABB3F36AF17007F33FA275E96A2C95E 1767424 ----a-w- C:\Windows\SysWOW64\wininet.dll

2013-05-16 17:11:52 03180AFD271BFD88813F428421BC4A1A 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 17:11:47 7A468BC721C1D34E60389D3F2F87BBEA 14323712 ----a-w- C:\Windows\SysWOW64\mshtml.dll

2013-05-16 17:11:40 D5E5A86F49ACC11768D8339094C3AFD8 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll

====== C:\Windows\SysWOW64\drivers =====

2013-05-29 22:21:59 6CCD1135320109D6B219F1A6E04AD9F6 22784 ----a-w- C:\Windows\SysWOW64\drivers\afc.sys

====== C:\Windows\Sysnative =====

2013-05-26 19:30:14 315781E506D97F08E22F164B36EB5C11 108448 ----a-w- C:\Windows\Sysnative\WindowsAccessBridge-64.dll

2013-05-19 15:25:57 AC2EADCDF2ECE022D1DBCEAE3FA9AF25 621056 ------w- C:\Windows\Sysnative\MJ14.exe

2013-05-16 17:50:45 FE90B750AB808FB9DD8FBB428B5FF83B 230400 ----a-w- C:\Windows\Sysnative\wwansvc.dll

2013-05-16 17:50:45 30B1489F2DCD8DC1AB6BB60CA6093615 48640 ----a-w- C:\Windows\Sysnative\wwanprotdim.dll

2013-05-16 17:50:37 943F527DF79E6B400104341AA7023C75 144384 ----a-w- C:\Windows\Sysnative\cdd.dll

2013-05-16 17:50:06 1BFC94665BCA35F9001ADC7BFB167C63 14172672 ----a-w- C:\Windows\Sysnative\shell32.dll

2013-05-16 17:50:03 3EF480BFED1B5947A32585E30A58D4ED 1930752 ----a-w- C:\Windows\Sysnative\authui.dll

2013-05-16 17:50:03 22A0AE97360C1B146FDD9AA55AC0E989 197120 ----a-w- C:\Windows\Sysnative\shdocvw.dll

2013-05-16 17:50:01 E948D1D42DC68923ABD75EEB5BCCD1D3 111448 ----a-w- C:\Windows\Sysnative\consent.exe

2013-05-16 17:49:58 9D2A2369AB4B08A4905FE72DB104498F 70144 ----a-w- C:\Windows\Sysnative\appinfo.dll

2013-05-16 17:48:22 A11523523B31086DD760C0189C763359 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys

2013-05-16 17:12:07 9B2BB51ED6D28860A48CFF46FD6D3DC1 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb

2013-05-16 17:12:06 FE6CB2001A8C2A85B617CD3FC85D8242 526336 ----a-w- C:\Windows\Sysnative\ieui.dll

2013-05-16 17:12:05 42758AF68D3C4912C8D8A18088AD2555 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe

2013-05-16 17:12:02 97588F2871E1FE8E3EB57B17B98DF03B 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll

2013-05-16 17:12:02 168602AB16D30D5D6E091CA609FC7E75 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll

2013-05-16 17:12:01 A197763AA7487807279AB61CD6835CEF 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe

2013-05-16 17:12:00 EC6E8273B6CB79CA5B7B00CA82D1FCEE 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll

2013-05-16 17:12:00 7DAA72F6C30D81EE31EC2BDC90054326 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll

2013-05-16 17:11:59 9D6B9124B582F0FBF275B434CE5A672C 2647552 ----a-w- C:\Windows\Sysnative\iertutil.dll

2013-05-16 17:11:56 E34F0440799F9A0F9DC4265F4ADA75C1 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll

2013-05-16 17:11:56 772EC073332D1BA2DBEC32C6D063811A 855552 ----a-w- C:\Windows\Sysnative\jscript.dll

2013-05-16 17:11:54 2C96C695B6015042AC867EA419A45C20 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll

2013-05-16 17:11:52 254502230F2259D255D4149C235173B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll

2013-05-16 17:11:50 27A9000C534AA9BADC9EE74940F50C6D 2242048 ----a-w- C:\Windows\Sysnative\wininet.dll

2013-05-16 17:11:44 C56EF4C50A1FEED0CC9B7AE068CBBBBB 19231232 ----a-w- C:\Windows\Sysnative\mshtml.dll

2013-05-16 17:11:42 7F4F74880E0B586EB7A9E225C34B1296 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll

====== C:\Windows\Sysnative\drivers =====

2013-05-16 17:50:38 AF2E16242AA723F68F461B6EAE2EAD3D 983400 ----a-w- C:\Windows\Sysnative\drivers\dxgkrnl.sys

2013-05-16 17:50:38 1F04CFB79DD5FB7694468CE3FB3DCC31 265064 ----a-w- C:\Windows\Sysnative\drivers\dxgmms1.sys

====== C:\Windows\Tasks ======

2013-05-29 23:07:04 F34834A54AD3AC01EAF9D33E17697B33 3350 ----a-w- C:\Windows\Sysnative\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1364749199-3237543244-4035560231-1000

2013-05-25 02:14:44 B8E6D41F2A6A99B1974E2C1053B285AE 3124 ----a-w- C:\Windows\Sysnative\Tasks\{353AAF2B-C217-498C-98F7-38CC7F9E7293}

====== C:\Windows\Temp ======

======= C:\Program Files =====

2013-05-24 11:42:08 -------- d-----w- C:\Program Files\Microsoft Games

======= C:\Program Files (x86) =====

2013-05-29 22:49:32 -------- d-----w- C:\Program Files (x86)\OVT

2013-05-29 22:21:27 -------- d-----w- C:\Program Files (x86)\Common Files\ArcSoft

2013-05-29 22:21:26 -------- d-----w- C:\Program Files (x86)\ArcSoft

2013-05-27 13:32:01 -------- d-----w- C:\Program Files (x86)\MPC-HC

2013-05-25 10:14:27 -------- d-----w- C:\Program Files (x86)\FileASSASSIN

2013-05-24 01:57:17 -------- d-----w- C:\Program Files (x86)\x264 Video Codec

2013-05-19 15:58:21 -------- d-----w- C:\Program Files (x86)\Webteh

2013-05-19 15:25:56 -------- d-----w- C:\Program Files (x86)\J River

======= C: =====

2013-05-29 21:47:39 9A5ADA74C1E0416CA6F674A041F8ED61 77 ----a-w- C:\ADR_ColdStart.txt

2013-05-25 04:00:39 20E48F216A4627245A8002264FAE03BA 2336 ----a-w- C:\AdwCleaner[s2].txt

2013-05-25 03:57:52 5CBC797FAAD0084DF4A0321486249431 2242 ----a-w- C:\AdwCleaner[R1].txt

====== C:\Users\Hendrik\AppData\Roaming ======

2013-05-29 22:24:36 -------- d-----w- C:\users\Hendrik\AppData\Local\ArcSoft

2013-05-29 22:22:01 -------- d-----w- C:\users\Hendrik\AppData\Roaming\ArcSoft

2013-05-28 00:35:53 -------- d-----w- C:\users\Hendrik\AppData\Roaming\Media Player Classic

2013-05-28 00:09:01 -------- d-----w- C:\users\UpdatusUser\AppData\Local\temp

2013-05-28 00:09:01 -------- d-----w- C:\users\Public\AppData\Local\temp

2013-05-28 00:09:01 -------- d-----w- C:\users\Default\AppData\Local\temp

2013-05-28 00:09:01 -------- d-----w- C:\users\Default User\AppData\Local\temp

2013-05-28 00:09:01 -------- d-----w- C:\users\AppData\AppData\Local\temp

2013-05-24 01:57:23 -------- d-----w- C:\users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec

2013-05-19 15:58:25 -------- d-----w- C:\users\Hendrik\AppData\Roaming\BSplayer Pro

2013-05-19 15:58:25 -------- d-----w- C:\users\Hendrik\AppData\Roaming\BSplayer

2013-05-19 15:34:38 -------- d-----w- C:\users\Hendrik\AppData\Local\DDMSettings

2013-05-19 15:25:35 -------- d-----w- C:\users\Hendrik\AppData\Roaming\J River

====== C:\Users\Hendrik ======

2013-05-29 23:01:47 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect

2013-05-29 22:49:33 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ovt

2013-05-29 22:24:06 -------- d-----w- C:\ProgramData\ArcSoft

2013-05-29 22:21:56 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoImpression 6

2013-05-28 00:09:01 -------- d-----w- C:\Users\Public\AppData

2013-05-28 00:09:01 -------- d-----w- C:\Users\AppData\AppData

2013-05-27 13:32:03 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC

2013-05-25 10:14:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN

2013-05-19 15:59:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player

2013-05-19 15:27:46 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\J. River Media Jukebox 14

====== C: exe-files ==

2013-05-29 23:01:33 E72831417985680AAF432610DE880E53 192512 ----a-w- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\AcStBmhE.exe

2013-05-29 23:01:04 E8D31635B53668D75F01C67275669722 81920 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\uTwainPhotoExe.exe

2013-05-29 23:01:04 4CFFA06DBD22569068F05FD625800F65 81920 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\uTwainFilmExe.exe

2013-05-29 23:00:55 E61D65C33F2ECC93AE0C005DAC76D087 175104 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{063E409E-3D7C-4A4A-95AB-2F124B9224B3}\Setup.exe

2013-05-29 22:22:00 A021285655B6C0B2EB6ECDD9CDF45A44 51712 ----a-w- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACRun.exe

2013-05-29 22:22:00 82AC6AE0F6A7906861429EB852248F98 96768 ----a-w- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe

2013-05-29 22:22:00 769DB4F484957CC98153B3C1B5D1162F 109056 ----a-w- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

2013-05-29 22:22:00 764A17F28192A3EC01ACD1C034405B1C 188728 ----a-w- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

2013-05-29 22:21:43 944904845529B7D84E9E6DF73406FBB4 60160 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\Modules\SimpleEmail\Sendmail.exe

2013-05-29 22:21:42 1BB52BD6B2F4F75B07AB4C4A334D2050 97024 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\Modules\OrderPrintsOnline\Update.exe

2013-05-29 22:21:33 A19B87F7F263D99393432FDD1A845DA2 65536 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\uTwainExe.exe

2013-05-29 22:21:30 9B13717CBE7AD0DB055136BA81E05E2C 35584 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\TwainEnum.exe

2013-05-29 22:21:30 681202A6A5CDF4CEE504FBC3F3CB48BD 252672 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\PhotoViewer.exe

2013-05-29 22:21:29 9EEA978178A634A54CA6B0BC3C1645FC 167936 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\PhotoImpression.exe

2013-05-29 22:21:29 10FCF11B3AE0AF10E967FABE7476184B 117504 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\Monitor.exe

2013-05-29 22:21:28 BD3CD198FA568B11DF62B76245F799D1 43776 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\InitMediaLib.exe

2013-05-29 22:21:28 AFD801812E74471B8F01AE5391B75AC6 142080 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\MediaPlayer.exe

2013-05-29 22:21:26 8F1810ECD51F9F6B93A636ABD2525532 154112 ----a-w- C:\Program Files (x86)\ArcSoft\PhotoImpression 6\CheckUpdate.exe

2013-05-29 22:21:22 13A3876A7217F84BC045326C7C86E2A6 175104 ----a-w- C:\Program Files (x86)\InstallShield Installation Information\{D56401D6-E356-4CA5-97A3-024D666F5E5C}\Setup.exe

2013-05-27 23:38:55 F042EE4C8D66248D9B86DCF52ABAE416 256000 ----a-w- C:\Windows\PEV.exe

2013-05-27 23:38:55 9E05A9C264C8A908A8E79450FCBFF047 80412 ----a-w- C:\Windows\grep.exe

2013-05-27 23:38:55 5E832F4FAF5F481F2EAF3B3A48F603B8 68096 ----a-w- C:\Windows\zip.exe

2013-05-27 23:38:55 0297C72529807322B152F517FDB0A9FC 406528 ----a-w- C:\Windows\SWSC.exe

2013-05-27 23:38:55 0277C027A26428DB64EF4F64F52BB4FD 208896 ----a-w- C:\Windows\MBR.exe

2013-05-27 13:32:02 B4704B8857ED25E38D062369D2E4788A 11386208 ----a-w- C:\Program Files (x86)\MPC-HC\mpc-hc.exe

2013-05-27 13:32:01 B5CF68927816EDDFBC5FF9AA802DC80F 1239392 ----a-w- C:\Program Files (x86)\MPC-HC\unins000.exe

2013-05-26 13:44:32 7B9319D6C9CCE7467D0A0F2773B08E64 59392 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\template.exe

2013-05-26 13:44:32 3ECAC6384B793F4E73C71C822581EE63 54632 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\airappinstaller.exe

2013-05-26 13:44:32 2C47C653DB966100F841F89FDF97B75D 130408 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe

2013-05-26 13:44:32 01D20A3F86B8481950C368060898C967 103272 ----a-w- C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe

2013-05-25 10:14:28 0D4D1BA51BF0C1480AEAAF79E0EBE995 69223 ----a-w- C:\Program Files (x86)\FileASSASSIN\uninst.exe

2013-05-24 01:57:31 98C41AB0F6C05B0DEC773EC74526EACC 371561 ----a-w- C:\Program Files (x86)\x264 Video Codec\Uninstall.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:11 46BC5F8AB093CAAD1135003AE7F1ABDD 1918976 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\CurseClient.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs...exe_9e9e83ddf3ed3ead_0005.0001_none_ee6919cf167f23c7\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs...exe_9e9e83ddf3ed3ead_0005.0001_none_ee6919cf167f23c7\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs...exe_9e9e83ddf3ed3ead_0005.0001_none_ee6919cf167f23c7\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs...exe_9e9e83ddf3ed3ead_0005.0001_none_ee6919cf167f23c7\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs...exe_9e9e83ddf3ed3ead_0005.0001_none_ee6919cf167f23c7\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

2013-05-23 11:02:10 122787B85554A8D7B3D4C0B2B138A1DC 133632 ----a-w- C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Apps\2.0\QNGTC4Y9.75E\YWZ2QVZG.EQN\curs..tion_9e9e83ddf3ed3ead_0005.0001_181b5e0542e9eb6c\ESMODInstaller\Curse.CurseClient.CMODInstaller.exe

=== C: other files ==

2013-05-29 22:21:59 6CCD1135320109D6B219F1A6E04AD9F6 22784 ----a-w- C:\Windows\SysWOW64\drivers\afc.sys

2013-05-28 00:36:37 0F69938F999304C2039FE62C2938C798 56101 ----a-w- C:\Users\Hendrik\AppData\Roaming\J River\Media Jukebox 14\Library Backups\MJ Library Backup (Default - mei).zip

==== Startup Registry Enabled ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"hpqSRMon"="C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe"

"Ulead AutoDetector v2"="C:\Program Files (x86)\Common Files\Ulead Systems\AutoDetector\monitor.exe"

"Adobe Reader Speed Launcher"="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot"

"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"

"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

"ArcSoft Connection Service"="C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"

"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonMyPrinter]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonMyPrinter"

"hkey"="HKLM"

"command"="C:\\Program Files\\Canon\\MyPrinter\\BJMyPrt.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CanonSolutionMenu]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="CanonSolutionMenu"

"hkey"="HKLM"

"command"="C:\\Program Files (x86)\\Canon\\SolutionMenu\\CNSLMAIN.exe /logon"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Tray]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EaseUs Tray"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\TrayNotify.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EaseUs Watch]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="EaseUs Watch"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\EASEUS\\Todo Backup\\bin\\EuWatch.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Freecorder FLV Service]

"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Freecorder FLV Service"

"hkey"="HKLM"

"command"="\"C:\\Program Files (x86)\\Freecorder\\FLVSrvc.exe\" /run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MediaGet2]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="MediaGet2"

"hkey"="HKCU"

"command"="C:\\Users\\Hendrik\\AppData\\Local\\MediaGet2\\mediaget.exe --minimized"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pando Media Booster]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Pando Media Booster"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Pando Networks\\Media Booster\\PMB.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Xvid]

"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"

"item"="Xvid"

"hkey"="HKCU"

"command"="C:\\Program Files (x86)\\Xvid\\CheckUpdate.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^simplicheck.lnk]

"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\simplicheck.lnk"

"backup"="C:\\Windows\\pss\\simplicheck.lnk.CommonStartup"

"backupExtension"=".CommonStartup"

"command"="C:\\PROGRA~2\\SIMPLI~1\\SIMPLI~1\\SIMPLI~1.EXE -timer"

"item"="simplicheck"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Hendrik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse Client.lnk]

"path"="C:\\Users\\Hendrik\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\Curse Client.lnk"

"backup"="C:\\Windows\\pss\\Curse Client.lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Hendrik\\AppData\\Local\\Apps\\2.0\\QNGTC4Y9.75E\\YWZ2QVZG.EQN\\curs..tion_eee711038731a406_0004.0000_2bd39706d04e72c8\\CurseClient.exe "

"item"="Curse Client"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Hendrik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]

"path"="C:\\Users\\Hendrik\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"

"backup"="C:\\Windows\\pss\\CurseClientStartup.ccip.Startup"

"backupExtension"=".Startup"

"command"="C:\\Users\\Hendrik\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\CurseClientStartup.ccip"

"item"="CurseClientStartup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Hendrik^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3 .lnk]

"path"="C:\\Users\\Hendrik\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.3 .lnk"

"backup"="C:\\Windows\\pss\\OpenOffice.org 3.3 .lnk.Startup"

"backupExtension"=".Startup"

"command"="C:\\PROGRA~2\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "

"item"="OpenOffice.org 3.3 "

==== Startup Folders ======================

2012-11-12 00:51:49 2105 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15/05/2013 00:11]

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/08/2011 23:09]

C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [19/08/2011 23:09]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\opp9rn57.default

- HP Smart Print - %ProfilePath%\extensions\hpwebprint@hpwebprint.com.xpi

- Easy YouTube Video Downloader - %ProfilePath%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\opp9rn57.default

ADC539F67D3198679F480974EE203678 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 7.0.210.11

7ABE33792F2787D599B6963E71B9E8CD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll - Shockwave Flash

66640A55AEFF3819C94E0A8D40D7E0AD - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll - Shockwave for Director / Shockwave for Director

F7015E6C5FE1E74C0E029A291E732787 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)

BF115DE08783E9FA8A9BB83DAA39149B - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)

395BB0421E1C57D201DCE4D48E05E0BA - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)

A56B8E622037E6D57480F16F4B8F472C - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin

3CB231F12674D3CB0AC1F5EDE9578E85 - C:\Windows\SysWOW64\npwmsdrm.dll - Microsoft® Windows Media Services

15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[06/03/2013 02:26]

jbolfgndggfhhpbnkgnpjkfhinclbigj - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx[27/06/2012 13:01]

mpfkfpmlciebaiepdediekoemmjaoong - C:\Users\Hendrik\AppData\Local\PC Speed Up Extension\Chrome\PC Speed Up Extension.crx[01/01/2013 00:47]

nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[06/05/2013 10:12]

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Autodesk Design Review 2013.lnk - C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\DesignReview.exe

C:\Users\Public\Desktop\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\Users\Public\Desktop\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe

C:\Users\Public\Desktop\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe

C:\Users\Public\Desktop\FileASSASSIN.lnk - C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe

C:\Users\Public\Desktop\Media Jukebox 14.lnk - C:\Program Files (x86)\J River\Media Jukebox 14\Media Jukebox 14.exe

C:\Users\Public\Desktop\Photo Impression 6.lnk - C:\Program Files (x86)\ArcSoft\PhotoImpression 6\PhotoImpression.exe

C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe

C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec\Uninstall.lnk - C:\Program Files (x86)\x264 Video Codec\Uninstall.exe

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec\Filters\FFDShow Audio Decoder Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.ax",configureAudio

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec\Filters\FFDShow VFW Codec Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\FFDShow\ff_vfw.dll",configureVFW

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec\Filters\FFDShow Video Decoder Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\FFDShow\ffdshow.ax",configure

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\Haali\Splitter.ax",Configure

C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\x264 Video Codec\Filters\vsfilter.dll",DirectVobSub

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X .lnk - C:\Windows\Installer\{AC76BA86-7AD7-1043-7B44-AA1000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\ArcSoft Connect starten.lnk - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACStart.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect\My ArcSoft Info bekijken.lnk - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACRun.exe ProductInfo.ac

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoImpression 6\PhotoImpression 6 Monitor.lnk - C:\Program Files (x86)\ArcSoft\PhotoImpression 6\Monitor.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft PhotoImpression 6\PhotoImpression 6.lnk - C:\Program Files (x86)\ArcSoft\PhotoImpression 6\PhotoImpression.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Autodesk\Autodesk Design Review 2013.lnk - C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\DesignReview.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BS.Player\Uninstall BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\uninstall.EXE

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Check for Updates.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Plus Converter.lnk - C:\Program Files (x86)\DivX\DivX Plus Converter\DivXConverterLauncher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Plus Player.lnk - C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus Player.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\DivX Support.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus\Register.lnk - C:\Program Files (x86)\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\FileASSASSIN.lnk - C:\Program Files (x86)\FileASSASSIN\FileASSASSIN.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN\Uninstall.lnk - C:\Program Files (x86)\FileASSASSIN\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive\Google Drive.lnk - C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\J. River Media Jukebox 14\Check For Updates.lnk - C:\Program Files (x86)\J River\Media Jukebox 14\PackageInstaller.exe /Update

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\J. River Media Jukebox 14\Media Jukebox 14.lnk - C:\Program Files (x86)\J River\Media Jukebox 14\Media Jukebox 14.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\J. River Media Jukebox 14\Uninstall Media Jukebox 14.lnk - C:\Program Files (x86)\J River\Media Jukebox 14\JRMediaUninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC\Changelog.lnk - C:\Program Files (x86)\MPC-HC\Changelog.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC\MPC-HC.lnk - C:\Program Files (x86)\MPC-HC\mpc-hc.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC\Verwijder MPC-HC.lnk - C:\Program Files (x86)\MPC-HC\unins000.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ovt\ovtscanner_vista64\Uninstall OVT Scanner.lnk - C:\Windows\SysWOW64\msiexec.exe /x {AE09704D-9051-4C25-B940-77F889F0C93F}

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy\Uninstall Speccy.lnk - C:\Program Files\Speccy\uninst.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk - C:\Program Files (x86)\VideoLAN\VLC\Documentation.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk - C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --reset-config --reset-plugins-cache vlc://quit

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk - C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe -Iskins

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe

==== shortcuts in Quick Launch ======================

C:\Users\Hendrik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe

C:\Users\Hendrik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Media Jukebox 14.lnk - C:\Program Files (x86)\J River\Media Jukebox 14\Media Jukebox 14.exe

C:\Users\Hendrik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Hendrik\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==== Reset IE Proxy ======================

Value(s) before fix:

"ProxyOverride"="<local>"

"ProxyEnable"=dword:00000000

Value(s) after fix:

"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat will be deleted at reboot

C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Hendrik\AppData\Local\Mozilla\Firefox\Profiles\opp9rn57.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied

C:\Users\Hendrik\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Temporary Internet Files\Content.IE5\container.dat" not found

"C:\Users\Hendrik\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5\container.dat" not found

==== EOF on do 30/05/2013 at 7:35:07,07 ======================

ik begin me hier toch wel wat zorgen te maken bij het lezen van dit verslag.

Link naar reactie
Delen op andere sites

Ik doe regelmatig eens een betaling met PayPal en deze zijn over de hele wereld ook in China en andere aziatische landen, Europa meerbepaald Duistland en België en Amerika.

Om mijn PayPal te spijzen gebruik ik mijn eigen bankrekening maar ook mijn Maestro die gelinkt is aan beide rekeningen.

Doch onlangs kreeg ik een mail van PayPal dat ik Maestro niet langer kan gebruiken als gelinkte spijzer om betalingen te doen omdat mijn eigen bank het tegenhoud, volgens PayPal zijn zij aan het onderhandelen met mijn bank om dit op te lossen ik hoef dus niks te doen en zal vervolgens een mail krijgen van PayPal als dit euvel opgelost is.

Maar nu ik dit verslag hier lees van zoek.exe begin ik me zorgen te maken over een mogelijke poging tot het verzamelen van mijn bankgegevens via PayPal/Maestro.

Mijn eigen bank heeft me nog niet op de hoogte gebracht van de mogelijke problemen met mijn Maestro en Paypal en het feit dat mijn eigen bank deze Maestro met PayPal heeft geblokkeerd. Zijn zij op een security break gekomen of niet ik weet het niet.

Wordt mijn computer gebruikt voor andere doeleinden zonder dat ik het weet of niet?

Feit is wel dat mijn eigen antivirus buiten strijd is gezet van buitenaf.

Zijn mijn zorgen gegrond?

Graag uw feedback a.u.b.

Link naar reactie
Delen op andere sites

Dag kweezie wabbit,

Met blijdschap in het hart kan ik u melden dat Microsoft Security Essentials terug actief is!

zie screenshot taakbalk:

[ATTACH=CONFIG]26185[/ATTACH]

Ook heeft MSE de detectie gedaan destijds van de kwaadaardige programma's die mijn pc infecteerden maar kreeg de kans niet mij dit te laten zien.

zie screenshot:

[ATTACH=CONFIG]26187[/ATTACH]

Ook mijn IE versie 10 werkt weer naar behoren en laat downloads toe en uitvoeren van die downloads ook.

Ondertussen heb ik mijn IE terug als standaard browser aangevinkt.

Het enige ambetante nu nog is de steeds maar weerkerende Security Alert bij elke pagina die ik open in mijn browser dat mij verteld dat ik nu een beveiligde connection verlaat en dat anderen mogelijk kunnen zien wat ik verzend.

zie screenshot:

[ATTACH=CONFIG]26188[/ATTACH]

Kan ik dit nog op een of andere manier oplossen zonder een vinkje te plaatsen die "waarschuwing niet meer te laten zien"?

En verder ben ik nu wel heel nieuwsgierig te willen weten wat er nu eigenlijk op mijn pc is gebeurd?

Link naar reactie
Delen op andere sites

Mogelijke aanval door Itemgarden?

Wat is Itemgarden:

Itemgarden is een verkoopswebsite waar je als klant ingame gold kan kopen met echt geld!

Je kiest hoeveel gold je ingame wenst te kopen en je betaalt via een secure beveiliging met PayPal.

Je geeft aan op de website nadat de betaling is voltooid dat je online bent met uw character in het game.

Itemgarden komt ook online in het game met een low level character (meestal level 1) en doet een ingame trade met jouw character en overhandigd het aangekochte gold.

Wat is me nu opgevallen!

Itemgarden is gehost in China

Na betaling kon er niet direct worden overhandigd van de koopwaar en ik moest wachten.

Na enkele dagen kon er een eerste schijf van de koopwaar afgeleverd worden maar kreeg een bericht dat er problemen waren en de rest van de koopwaar later zou volgen.

Twee weken verder kreeg ik nog een schijf van de aangekochte koopwaar met de melding te wachten op de laatste schijf

die ik nu nog steeds niet heb gekregen.

Kan het zijn dat men daar probeert mijn account te hacken door mij aan het lijntje te houden?

Ik weet het niet.

Maar feit is wel dat ik zal moeten voorzichtiger zijn.

Toch raar dat mijn pc alleen maar kan geopend worden door 13 karakters in te vullen, willekeurig, geen namen of datums, maar letters, hoofdletters, tekens en cijfers.

En toch kan er een hidden user zijn die een poort opent voor eigen gebruik op mijn pc?

Link naar reactie
Delen op andere sites

Het enige ambetante nu nog is de steeds maar weerkerende Security Alert bij elke pagina die ik open in mijn browser dat mij verteld dat ik nu een beveiligde connection verlaat en dat anderen mogelijk kunnen zien wat ik verzend.

zie screenshot:

26188d1369950731t-rootkit-windows-cannot-access-specified-device-security-alert-ie.jpg

Kan ik dit nog op een of andere manier oplossen zonder een vinkje te plaatsen die "waarschuwing niet meer te laten zien"?

Dit is een standaard melding als je vanuit een beveilide verbinding doorklikt naar een onbeveiligde verbinding. Je kan deze melding enkel uitschakelen door het vinkje te plaatsen.

Ik zou toch maar opletten met itemgarden want deze site heeft niet echt een goede reputatie op Web Of Trust.

Op je vragen over paypal moet ik het antwoord schuldig blijven.

Ik maak zelf geen gebruik van paypal en ik weet ook niet hoe het werkt.

Je hebt waarschijnlijk ergens een besmetting met een rootkit opgelopen.

Zoek.exe heeft een aantal van de "neveneffecten" kunnen herstellen maar we zullen de echte besmetting nog moeten vinden.

Download 51a5f5c328e95-aswmbr16.pngaswMBR.exe naar het bureaublad.

  • Dubbelklik op "aswMBR.exe" om de tool te starten.
  • Klik op "Ja" bij de vraag om de laatste virusdefinities van Avast te downloaden.
  • Klik nu op de knop "scan" er zal nu tevens een snelle scan van de systeemschijf worden uitgevoerd.
  • Als de scan gereed is klikt u op de knop "save log"
    5062f6a4d59ad-aswmbr2.png
  • Plaats dit log bestand in het volgende bericht als bijlage.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.