Win64 patched A trojan

Solved
By RensvanDriel
Oct 16, 2012
Topic Status:
Not open for further replies.
  1. Hey Guys,

    Since this morning I get the message of AVG that I have a virus. Win64 PatchedA.
    I read some topics on this forum and did run FRST in my system recovery options.

    The scanned files are below as an attachement.

    But what now? I would appreciate every help to remove this threat.

    Sorry for my bad english.

    Attached Files:

  2. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    Farbar Recovery Scan Tool (x64) Version: 15-10-2012
    Ran by SYSTEM at 2012-10-16 15:45:02
    Running from H:\

    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ===== End Of Search ======
  3. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2012
    Ran by SYSTEM at 16-10-2012 15:42:31
    Running from H:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ==================== Registry (Whitelisted) ===================

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x]
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-06-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-04] ()
    HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [312376 2012-02-08] (Power Software Ltd)
    HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-04] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKU\Rens\...\Policies\system: [DisableLockWorkstation] 0
    HKU\Rens\...\Policies\system: [DisableChangePassword] 0
    HKU\Simone\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe -update plugin [x]
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
    ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)

    ==================== Services (Whitelisted) ===================

    2 AMD Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [194496 2010-06-16] (Advanced Micro Devices)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)
    2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /I CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [322 2012-09-03] ()
    2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-04] ()

    ==================== Drivers (Whitelisted) =====================

    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-04] (AVG Technologies)
    3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x]
  4. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    ==================== NetSvcs (Whitelisted) ====================


    ==================== One Month Created Files and Folders ========

    2012-10-16 15:23 - 2012-10-16 15:23 - 00000000 ____D C:\FRST
    2012-10-16 04:56 - 2012-10-16 04:56 - 00001124 ____A C:\Windows\PFRO.log
    2012-10-16 04:56 - 2012-10-16 04:56 - 00000056 ____A C:\Windows\setupact.log
    2012-10-16 04:56 - 2012-10-16 04:56 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-16 04:30 - 2012-10-16 04:56 - 00000514 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    2012-10-16 04:30 - 2012-10-16 04:46 - 00000490 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-10-16 04:30 - 2012-10-16 04:46 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
    2012-10-16 04:30 - 2012-10-16 04:46 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
    2012-10-16 04:30 - 2012-10-16 04:30 - 00001205 ____A C:\Users\Rens\Desktop\SpeedyPC Pro.lnk
    2012-10-16 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Users\Rens\AppData\Roaming\SpeedyPC Software
    2012-10-16 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Users\Rens\AppData\Roaming\DriverCure
    2012-10-16 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Users\All Users\SpeedyPC Software
    2012-10-16 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software
    2012-10-16 04:28 - 2012-10-16 04:29 - 05019760 ____A (SpeedyPC Software) C:\Users\Rens\Downloads\SpeedyPC Pro Installer.exe
    2012-10-16 04:26 - 2012-10-16 04:26 - 00001205 ____A C:\Users\Rens\Downloads\FixNCR.reg
    2012-10-16 04:04 - 2012-10-16 04:46 - 00000000 ____D C:\Qoobox
    2012-10-16 04:03 - 2012-10-16 04:47 - 00000000 ___SD C:\32788R22FWJFW
    2012-10-16 03:59 - 2012-10-16 03:59 - 04981258 ____R (Swearware) C:\Users\Rens\Downloads\ComboFix.exe
    2012-10-16 03:44 - 2012-10-16 03:44 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-10-16 03:41 - 2012-10-16 04:46 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-16 03:41 - 2012-10-16 04:30 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-16 03:40 - 2012-10-16 03:40 - 00000000 ____D C:\Windows\System32\Macromed
    2012-10-16 01:01 - 2012-10-16 01:02 - 00000000 ____D C:\Users\Rens\AppData\Local\{A8AA2FE4-C84C-458B-B4CA-59E8196278BF}
    2012-10-15 23:18 - 2012-10-15 23:18 - 00001142 ____A C:\Users\Rens\Desktop\ASIO4ALL v2 Instruction Manual.lnk
    2012-10-15 23:18 - 2012-10-15 23:18 - 00000000 ____D C:\Program Files (x86)\VstPlugins
    2012-10-15 23:18 - 2012-10-15 23:18 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2
    2012-10-15 23:18 - 2006-06-20 00:56 - 00225280 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll
    2012-10-15 23:17 - 2012-10-15 23:17 - 00001150 ____A C:\Users\Rens\Desktop\FL Studio 10.lnk
    2012-10-15 23:17 - 2012-10-15 23:17 - 00000000 ____D C:\Users\Rens\Documents\Image-Line
    2012-10-15 23:17 - 2012-10-15 23:17 - 00000000 ____D C:\Program Files (x86)\Outsim
    2012-10-15 23:17 - 2009-09-15 01:14 - 01554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm
    2012-10-15 23:11 - 2012-10-15 23:17 - 00000000 ____D C:\Program Files (x86)\Image-Line
    2012-10-15 23:11 - 2012-10-15 23:11 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
    2012-10-15 23:11 - 2012-10-15 23:11 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2012-10-15 23:10 - 2011-04-18 08:03 - 00000000 ____D C:\Users\Rens\Downloads\Fruityloops 10
    2012-10-15 05:36 - 2012-10-15 05:36 - 00000045 ____A C:\Users\Rens\jagex_cl_loginapplet_LIVE.dat
    2012-10-15 05:32 - 2012-10-15 23:51 - 00000024 ____A C:\Users\Rens\random.dat
    2012-10-15 05:32 - 2012-10-15 23:46 - 00000043 ____A C:\Users\Rens\jagex_cl_runescape_LIVE.dat
    2012-10-15 05:32 - 2012-10-15 05:36 - 00000000 ____D C:\Users\Rens\jagexcache
    2012-10-15 00:11 - 2012-10-15 00:12 - 00000000 ____D C:\Users\Rens\AppData\Local\{D49E7772-E700-4BAA-9189-7706E3743947}
    2012-10-11 04:48 - 2012-10-11 04:48 - 00000000 ____D C:\Users\Rens\Downloads\Test website
    2012-10-11 04:47 - 2012-10-11 04:47 - 07523534 ____A C:\Users\Rens\Downloads\MM_DWCS6.zip
    2012-10-11 01:52 - 2012-10-11 01:53 - 00000000 ____D C:\Users\Rens\AppData\Local\{B9C8E864-AFC8-4B10-AE51-7F3E5C56A0DA}
    2012-10-11 01:17 - 2012-10-11 02:57 - 00000000 ____D C:\Users\Rens\Documents\ViktorLindgren
    2012-10-10 13:43 - 2012-10-10 13:43 - 00000000 ____D C:\Users\Rens\AppData\Local\{9EBDD731-2569-420B-95D4-2D6D0DF5C49D}
    2012-10-10 09:34 - 2012-10-10 09:40 - 00000000 ____D C:\Users\Rens\Downloads\Dreamweaver.CS6.The.Missing.Manual[A4]
    2012-10-10 09:13 - 2012-10-10 09:13 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe
    2012-10-10 09:06 - 2012-10-10 09:06 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2012-10-10 09:06 - 2012-10-10 09:06 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2012-10-10 08:57 - 2012-10-10 08:59 - 00000000 ____D C:\Users\Rens\Desktop\Adobe Dreamweaver CS6
    2012-10-10 08:09 - 2012-10-10 08:54 - 00000000 ____D C:\Users\Rens\Downloads\Adobe Dreamweaver CS6 12.0 build 5808 + Crack
    2012-10-09 23:41 - 2012-10-09 23:41 - 00000000 ____D C:\Users\Rens\AppData\Local\{3E84F428-0F24-473E-81E4-766173E18BFB}
    2012-10-09 13:35 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-10-09 13:35 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-10-09 13:35 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-10-09 13:35 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-10-09 13:34 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-10-09 13:34 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-10-09 13:34 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-10-09 13:34 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-10-09 13:34 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-10-09 13:34 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-10-09 13:34 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-10-09 13:34 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-10-09 13:34 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-10-09 13:34 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-10-09 13:34 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-10-09 13:34 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-10-09 13:34 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-10-09 13:34 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-10-09 13:34 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-10-09 13:34 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-10-09 13:34 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-10-09 13:34 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-10-09 13:34 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-10-09 13:34 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-10-09 13:34 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-10-09 13:34 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-10-09 13:34 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-10-09 13:34 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-10-09 13:34 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-10-09 13:34 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-10-09 13:34 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-10-09 08:58 - 2012-10-09 08:58 - 00000000 ____D C:\Users\Rens\AppData\Local\{78C3DFFF-89EE-4017-8840-22700BC3F3A5}
    2012-10-08 02:52 - 2012-10-08 02:52 - 00000000 ____D C:\Users\Rens\AppData\Local\{15A50328-B9EF-4DB0-A20F-89A068C891FA}
    2012-10-07 12:39 - 2012-10-07 12:39 - 00000000 ____D C:\Users\Rens\AppData\Local\{2DA27347-1A7A-4168-8196-10D9039EDD22}
    2012-10-06 10:35 - 2012-10-06 10:35 - 00000000 ____D C:\Users\Rens\AppData\Local\{B28EC2EF-3B08-4565-A7ED-36325E5FD902}
    2012-10-05 02:12 - 2012-10-05 02:13 - 00000000 ____D C:\Users\Rens\AppData\Local\{063C2BB3-C4AF-489B-8A30-C451836DDD75}
    2012-10-04 03:46 - 2012-10-04 03:47 - 00000000 ____D C:\Users\Rens\Documents\Hardlopen
    2012-10-03 23:27 - 2012-10-03 23:27 - 00000000 ____D C:\Users\Rens\AppData\Local\{F0D63B4D-9998-4595-B869-C80A1A18BCEE}
    2012-10-03 07:00 - 2012-10-03 07:00 - 00000000 ____D C:\Users\Rens\AppData\Local\{27D3F500-6DA5-4926-B3B8-C322EEB8F565}
    2012-10-02 01:18 - 2012-10-02 01:18 - 00000000 ____D C:\Users\Rens\AppData\Local\{17D88EA3-7714-4831-B398-7C519A88E213}
    2012-10-01 03:41 - 2012-09-11 12:53 - 00000000 ____D C:\Users\Rens\Downloads\Tor Browser
    2012-10-01 03:38 - 2012-10-01 03:40 - 23759265 ____A (Igor Pavlov) C:\Users\Rens\Downloads\tor-browser-2.2.39-1_en-US.exe
    2012-10-01 00:30 - 2012-10-15 23:43 - 00000000 ____D C:\Users\Rens\Documents\Sollicitatie 2012
    2012-09-30 23:46 - 2012-09-30 23:47 - 00000000 ____D C:\Users\Rens\AppData\Local\{2159BEE3-8041-428B-970D-0EB2922342D9}
    2012-09-28 03:19 - 2012-09-28 03:19 - 00000000 ____D C:\Users\Rens\AppData\Local\{F485BCBE-8364-4903-9432-3BAAE5B5F81C}
    2012-09-27 13:28 - 2012-09-27 13:28 - 00000000 ____D C:\Users\Rens\AppData\Local\{C5739B6F-8B5D-4441-B92A-230501530FC0}
    2012-09-26 10:22 - 2012-09-26 10:22 - 00000000 ____D C:\Users\Rens\AppData\Local\{76B6EB15-0D40-40B4-BA90-39AFED2ED73A}
    2012-09-26 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    2012-09-26 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
    2012-09-26 00:00 - 2011-07-20 04:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys
    2012-09-25 23:59 - 2012-09-25 23:59 - 00000000 ____D C:\Program Files (x86)\Research In Motion
    2012-09-25 22:34 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-09-25 22:21 - 2012-09-25 22:22 - 00000000 ____D C:\Users\Rens\AppData\Local\{92531922-AACF-4C4B-B9CD-34C58C579F11}
    2012-09-25 12:15 - 2012-09-28 00:28 - 00000000 ____D C:\Users\Rens\Documents\Psychologie
    2012-09-25 09:57 - 2012-09-25 09:57 - 00000000 ____D C:\Users\Rens\AppData\Local\{67107E0B-FCD0-470C-B36A-E60F8A2A4441}
    2012-09-23 01:33 - 2012-09-24 21:36 - 00000000 ____D C:\Users\Rens\AppData\Local\{63624CB8-9BAA-42EC-BECD-8A6304F4D287}
    2012-09-22 14:18 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-09-22 14:18 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-09-22 14:18 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-09-22 14:18 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-09-22 14:18 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-09-22 14:18 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-09-22 14:18 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-09-22 14:18 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-09-22 14:18 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-09-22 14:18 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-09-22 14:18 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-09-22 14:17 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-09-22 14:17 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-09-22 14:17 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-09-22 14:17 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-09-22 14:17 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-09-22 14:17 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-09-22 14:17 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-09-22 14:17 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-09-22 14:17 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-09-22 14:17 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-09-22 14:17 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-09-22 14:17 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-09-22 14:17 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-09-22 14:17 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-09-22 14:17 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-09-22 14:17 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-09-22 14:17 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-09-22 14:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-09-22 14:17 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-09-22 14:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-09-22 14:17 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-09-22 12:24 - 2012-09-22 12:24 - 00000000 ____D C:\Users\Rens\AppData\Local\{545499E2-1FBC-47A4-846C-24EF6AE5F128}
    2012-09-22 00:23 - 2012-09-22 00:23 - 00000000 ____D C:\Users\Rens\AppData\Local\{520F7F6E-18B7-4178-9452-4BF8B2B8C192}
    2012-09-21 13:04 - 2012-09-21 13:02 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-21 13:04 - 2012-09-21 13:02 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-21 13:03 - 2012-09-21 13:02 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-21 13:03 - 2012-09-21 13:02 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-21 13:03 - 2012-09-21 13:02 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-21 13:00 - 2012-09-21 13:00 - 00894952 ____A (Oracle Corporation) C:\Users\Rens\Downloads\jxpiinstall.exe
    2012-09-21 09:07 - 2012-09-21 09:07 - 00000000 ____D C:\Users\Rens\AppData\Local\{0FF5AFF2-ED21-46DF-B2CC-BF53045409F3}
  5. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    2012-09-20 12:38 - 2012-09-20 12:38 - 00000000 ____D C:\Users\Rens\AppData\Local\{EF50CC7A-D5C3-4ECB-8229-544AF44D8B1D}
    2012-09-19 09:08 - 2012-09-19 09:08 - 00000000 ____D C:\Users\Rens\AppData\Local\{FCFB2114-65C3-4433-9B3B-516116116F01}
    2012-09-18 03:42 - 2012-09-18 03:42 - 00000000 ____D C:\Users\Rens\AppData\Local\{C69295B8-4848-42B7-9F46-6F9A98BA9888}
    2012-09-16 04:01 - 2012-09-16 04:01 - 00000000 ____D C:\Users\Simone\AppData\Local\AVG Secure Search

    ==================== 3 Months Modified Files ==================

    2012-10-16 05:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-10-16 05:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-10-16 04:56 - 2012-10-16 04:56 - 00001124 ____A C:\Windows\PFRO.log
    2012-10-16 04:56 - 2012-10-16 04:56 - 00000056 ____A C:\Windows\setupact.log
    2012-10-16 04:56 - 2012-10-16 04:56 - 00000000 ____A C:\Windows\setuperr.log
    2012-10-16 04:56 - 2012-10-16 04:30 - 00000514 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    2012-10-16 04:56 - 2011-09-15 04:03 - 00001048 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-10-16 04:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-10-16 04:47 - 2009-07-13 21:08 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-10-16 04:46 - 2012-10-16 04:30 - 00000490 ____A C:\Windows\Tasks\SpeedyPC Registration3.job
    2012-10-16 04:46 - 2012-10-16 04:30 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job
    2012-10-16 04:46 - 2012-10-16 04:30 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job
    2012-10-16 04:46 - 2012-10-16 03:41 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-10-16 04:31 - 2011-09-15 04:03 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-10-16 04:30 - 2012-10-16 04:30 - 00001205 ____A C:\Users\Rens\Desktop\SpeedyPC Pro.lnk
    2012-10-16 04:30 - 2012-10-16 03:41 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-10-16 04:30 - 2011-09-19 09:59 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-10-16 04:29 - 2012-10-16 04:28 - 05019760 ____A (SpeedyPC Software) C:\Users\Rens\Downloads\SpeedyPC Pro Installer.exe
    2012-10-16 04:26 - 2012-10-16 04:26 - 00001205 ____A C:\Users\Rens\Downloads\FixNCR.reg
    2012-10-16 03:59 - 2012-10-16 03:59 - 04981258 ____R (Swearware) C:\Users\Rens\Downloads\ComboFix.exe
    2012-10-16 03:18 - 2011-07-04 14:18 - 01431318 ____N C:\Windows\WindowsUpdate.log
    2012-10-15 23:51 - 2012-10-15 05:32 - 00000024 ____A C:\Users\Rens\random.dat
    2012-10-15 23:46 - 2012-10-15 05:32 - 00000043 ____A C:\Users\Rens\jagex_cl_runescape_LIVE.dat
    2012-10-15 23:18 - 2012-10-15 23:18 - 00001142 ____A C:\Users\Rens\Desktop\ASIO4ALL v2 Instruction Manual.lnk
    2012-10-15 23:17 - 2012-10-15 23:17 - 00001150 ____A C:\Users\Rens\Desktop\FL Studio 10.lnk
    2012-10-15 23:11 - 2012-10-15 23:11 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
    2012-10-15 23:11 - 2012-10-15 23:11 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
    2012-10-15 05:36 - 2012-10-15 05:36 - 00000045 ____A C:\Users\Rens\jagex_cl_loginapplet_LIVE.dat
    2012-10-14 10:03 - 2011-04-11 13:50 - 00744014 ____A C:\Windows\System32\perfh013.dat
    2012-10-14 10:03 - 2011-04-11 13:50 - 00152840 ____A C:\Windows\System32\perfc013.dat
    2012-10-14 10:03 - 2009-07-13 21:13 - 01665488 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-10-12 12:55 - 2011-09-02 05:36 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-10-11 04:47 - 2012-10-11 04:47 - 07523534 ____A C:\Users\Rens\Downloads\MM_DWCS6.zip
    2012-10-09 23:49 - 2011-09-13 09:14 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-10-01 03:40 - 2012-10-01 03:38 - 23759265 ____A (Igor Pavlov) C:\Users\Rens\Downloads\tor-browser-2.2.39-1_en-US.exe
    2012-09-26 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf
    2012-09-26 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf
    2012-09-23 01:31 - 2012-09-07 01:16 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForRens.job
    2012-09-21 13:02 - 2012-09-21 13:04 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-09-21 13:02 - 2012-09-21 13:04 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-09-21 13:02 - 2012-09-21 13:03 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-09-21 13:02 - 2012-09-21 13:03 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-09-21 13:02 - 2012-09-21 13:03 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2012-09-21 13:02 - 2011-04-11 04:38 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-09-21 13:00 - 2012-09-21 13:00 - 00894952 ____A (Oracle Corporation) C:\Users\Rens\Downloads\jxpiinstall.exe
    2012-09-14 11:19 - 2012-10-09 13:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
    2012-09-14 10:28 - 2012-10-09 13:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2012-09-14 00:44 - 2012-09-14 00:44 - 00002060 ____A C:\Users\Rens\Desktop\Curriculum_Vitae_Rens.txt
    2012-09-14 00:43 - 2012-09-14 00:43 - 00002513 ____A C:\Users\Public\Desktop\Skype.lnk
    2012-09-12 10:53 - 2012-09-12 10:49 - 39483256 ____A (Apple Inc.) C:\Users\Rens\Downloads\QuickTimeInstaller.exe
    2012-09-11 02:59 - 2011-09-01 07:50 - 00000975 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-09-10 02:17 - 2012-09-10 02:16 - 05701892 ____A C:\Users\Rens\Downloads\Kopie diploma.zip
    2012-09-04 13:20 - 2012-09-04 13:20 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-31 10:19 - 2012-10-09 13:35 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2012-08-30 10:03 - 2012-10-09 13:35 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-08-30 09:12 - 2012-10-09 13:35 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-08-30 09:12 - 2012-10-09 13:35 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-08-24 10:05 - 2012-10-09 13:34 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-08-24 08:57 - 2012-10-09 13:34 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-08-24 05:43 - 2012-08-24 05:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
    2012-08-24 03:15 - 2012-09-22 14:17 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-08-24 02:39 - 2012-09-22 14:17 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-08-24 02:31 - 2012-09-22 14:17 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-08-24 02:22 - 2012-09-22 14:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-08-24 02:21 - 2012-09-22 14:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-08-24 02:20 - 2012-09-22 14:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-08-24 02:18 - 2012-09-22 14:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-08-24 02:17 - 2012-09-22 14:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-08-24 02:14 - 2012-09-22 14:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-08-24 02:14 - 2012-09-22 14:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-08-24 02:13 - 2012-09-22 14:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2012-08-24 02:12 - 2012-09-22 14:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-08-24 02:11 - 2012-09-22 14:17 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2012-08-24 02:10 - 2012-09-22 14:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-08-24 02:09 - 2012-09-22 14:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-08-24 02:04 - 2012-09-22 14:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-08-23 23:27 - 2012-09-22 14:17 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-08-23 23:03 - 2012-09-22 14:17 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-08-23 22:59 - 2012-09-22 14:17 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-08-23 22:51 - 2012-09-22 14:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-08-23 22:51 - 2012-09-22 14:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-08-23 22:51 - 2012-09-22 14:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-08-23 22:49 - 2012-09-22 14:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-08-23 22:48 - 2012-09-22 14:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-08-23 22:47 - 2012-09-22 14:18 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2012-08-23 22:47 - 2012-09-22 14:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-08-23 22:47 - 2012-09-22 14:17 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-08-23 22:45 - 2012-09-22 14:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2012-08-23 22:44 - 2012-09-22 14:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-08-23 22:44 - 2012-09-22 14:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-08-23 22:43 - 2012-09-22 14:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-08-23 22:40 - 2012-09-22 14:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-08-22 11:20 - 2012-08-22 11:20 - 00059992 ____A C:\Users\Rens\Downloads\player.html
    2012-08-22 10:12 - 2012-09-12 08:15 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-08-22 10:12 - 2012-09-12 08:15 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
    2012-08-22 10:12 - 2012-09-12 08:15 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
    2012-08-22 10:12 - 2012-09-12 08:15 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
    2012-08-21 13:01 - 2012-09-25 22:34 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
    2012-08-20 10:48 - 2012-10-09 13:34 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
    2012-08-20 10:48 - 2012-10-09 13:34 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
    2012-08-20 10:48 - 2012-10-09 13:34 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
    2012-08-20 10:48 - 2012-10-09 13:34 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
    2012-08-20 10:48 - 2012-10-09 13:34 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
    2012-08-20 10:48 - 2012-10-09 13:34 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
    2012-08-20 10:48 - 2012-10-09 13:34 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
    2012-08-20 10:46 - 2012-10-09 13:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
    2012-08-20 10:38 - 2012-10-09 13:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 09:40 - 2012-10-09 13:34 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2012-08-20 09:38 - 2012-10-09 13:34 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2012-08-20 09:37 - 2012-10-09 13:34 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2012-08-20 09:37 - 2012-10-09 13:34 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2012-08-20 09:37 - 2012-10-09 13:34 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2012-08-20 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2012-08-20 07:38 - 2012-10-09 13:34 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2012-08-20 07:38 - 2012-10-09 13:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2012-08-20 07:33 - 2012-10-09 13:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 07:33 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2012-08-17 03:04 - 2009-07-13 20:45 - 00416992 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-08-16 08:51 - 2012-08-16 08:49 - 15267728 ____A (Google Inc.) C:\Users\Rens\Downloads\picasa39-setup.exe
    2012-08-13 21:21 - 2012-08-13 03:44 - 00023544 ____A C:\Users\Rens\Documents\Kruidvat fotoservice.mcf
    2012-08-13 03:44 - 2012-08-13 03:44 - 00024101 ____A C:\Users\Rens\Documents\Kruidvat fotoservice.mcf~
    2012-08-11 12:40 - 2012-08-11 12:40 - 00004894 ____A C:\Users\Rens\Desktop\profiel.odt
    2012-08-11 11:55 - 2012-08-10 05:59 - 00011760 ____A C:\Users\Rens\Documents\Nederland waar recht krom is en krom recht is.odt
    2012-08-10 22:33 - 2012-08-10 22:33 - 01489352 ____A C:\Users\Rens\Downloads\setup_Kruidvat_fotoservice.exe
    2012-08-10 22:29 - 2011-09-01 07:26 - 01643648 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-08-10 16:56 - 2012-10-09 13:34 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
    2012-08-10 15:56 - 2012-10-09 13:34 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2012-08-10 05:30 - 2012-08-10 05:25 - 50449456 ____A (Microsoft Corporation) C:\Users\Rens\Downloads\dotNetFx40_Full_x86_x64.exe
    2012-08-10 05:24 - 2012-08-10 05:24 - 02620660 ____A C:\Users\Rens\Downloads\ViperSetup.exe
    2012-08-02 09:58 - 2012-09-12 08:15 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
    2012-08-02 08:57 - 2012-09-12 08:15 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2012-07-25 17:21 - 2012-07-25 17:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
    2012-07-20 12:58 - 2011-11-04 09:18 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

    ZeroAccess:
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\@
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\L
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\L\00000004.@
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\L\201d3dde
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000004.@
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000008.@
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\000000cb.@
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000000.@
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000032.@
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000064.@
  6. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ==================== Known DLLs (Whitelisted) =================


    ==================== Bamital & volsnap Check =================
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================
    Restore point made on: 2012-09-21 13:02:20
    Restore point made on: 2012-09-22 14:17:22
    Restore point made on: 2012-09-25 23:58:48
    Restore point made on: 2012-09-27 23:17:22
    Restore point made on: 2012-10-04 23:17:49
    Restore point made on: 2012-10-09 23:41:41
    Restore point made on: 2012-10-12 12:48:46
    Restore point made on: 2012-10-16 03:26:31

    ==================== Memory info ===========================
    Percentage of memory in use: 19%
    Total physical RAM: 3690.9 MB
    Available physical RAM: 2967.15 MB
    Total Pagefile: 3689.05 MB
    Available Pagefile: 2971.83 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.91 MB

    ==================== Partitions =============================
    1 Drive c: () (Fixed) (Total:218.39 GB) (Free:109.21 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (RECOVERY) (Fixed) (Total:14.19 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
    5 Drive h: (RENS) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Schfnr. Status Grootte Vrij Dyn GPT
    -------- ------------- ------- ------- --- ---
    Schf 0 Online 232 GB 0 B
    Schf 1 Online 3824 MB 0 B

    Partitions of Disk 0:
    ===============
    Schijf 0 is nu de geselecteerde schijf.

    Partitie ### Type Grootte Offset
    ------------- ---------------- ------- -------
    Partitie 1 Primair 199 MB 1024 KB
    Partitie 2 Primair 218 GB 200 MB
    Partitie 3 Primair 14 GB 218 GB
    Partitie 4 Primair 103 MB 232 GB

    ==================================================================================
    Disk: 0
    Schijf 0 is nu de geselecteerde schijf.

    Partitie 1
    Type : 07
    Verborgen: Nee
    Actief : Ja

    Volume ### Ltr Label FS Type Grootte Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * volume 1 Y SYSTEM NTFS partitie 199 MB In orde

    =========================================================
    Disk: 0
    Schijf 0 is nu de geselecteerde schijf.

    Partitie 2
    Type : 07
    Verborgen: Nee
    Actief : Nee

    Volume ### Ltr Label FS Type Grootte Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * volume 2 C NTFS partitie 218 GB In orde

    =========================================================
    Disk: 0
    Schijf 0 is nu de geselecteerde schijf.

    Partitie 3
    Type : 07
    Verborgen: Nee
    Actief : Nee

    Volume ### Ltr Label FS Type Grootte Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * volume 3 E RECOVERY NTFS partitie 14 GB In orde
    =========================================================
    Disk: 0
    Schijf 0 is nu de geselecteerde schijf.

    Partitie 4
    Type : 0C
    Verborgen: Nee
    Actief : Nee
    Volume ### Ltr Label FS Type Grootte Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * volume 4 F HP_TOOLS FAT32 partitie 103 MB In orde
    =========================================================
    Partitions of Disk 1:
    ===============
    Schijf 1 is nu de geselecteerde schijf.

    Partitie ### Type Grootte Offset
    ------------- ---------------- ------- -------
    Partitie 1 Primair 3820 MB 4032 KB

    ==================================================================================
    Disk: 1
    Schijf 1 is nu de geselecteerde schijf.

    Partitie 1
    Type : 0B
    Verborgen: Nee
    Actief : Nee

    Volume ### Ltr Label FS Type Grootte Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * volume 5 H RENS FAT32 Verwisselb 3820 MB In orde

    =========================================================
    Last Boot: 2012-10-15 14:03
    ==================== End Of Log =============================

    Sorry people, I couldn't post it all in once !
  7. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    FRST Fixlist

    Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.

    Attached Files:

    RensvanDriel likes this.
  8. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2012
    Ran by SYSTEM at 2012-10-17 09:07:27 Run:1
    Running from H:\
    ==============================================
    C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====

    When I rebootet my computer it was okay :). Afer I scanned my computer with AVG it found the virus in C:\FRST\QUARANTINE\SERVICES.EXE

    Thanks for helping this far !!
  9. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    "Scan" "Scan whole computer" "was finished."
    "Infections", "1", "0", "1"
    "To scan selected folders:"; "Scan whole computer"
    "Scan started:"; "Wednesday, October 17, 2012, 9:45:16"
    "Scan completed:"; "Wednesday, October 17, 2012, 10:01:47 (16 minutes 31 seconds (n))"
    "Total objects scanned:"; "1458926"
    "User", "Rens"

    "Infections"
    "", "File", "Infection"; "Result"
    "", "C: \ FRST \ Quarantine \ services.exe"; "Virus detected Win64/Patched.A"; "Infected"
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Good. Now, please do the following to search for more infection...

    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  11. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    ComboFix 12-10-16.02 - Rens 17-10-2012 14:54:26.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3691.2322 [GMT 2:00]
    Gestart vanuit: c:\users\Rens\Desktop\IEXPLORE.exe.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-09-17 to 2012-10-17 ))))))))))))))))))))))))))))))
    .
    .
    2012-10-17 13:12 . 2012-10-17 13:12 -------- d-----w- c:\users\Simone\AppData\Local\temp
    2012-10-17 13:12 . 2012-10-17 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-17 11:21 . 2012-10-17 12:09 -------- d-----w- C:\ComboFix
    2012-10-16 23:23 . 2012-10-16 17:13 -------- d-----w- C:\FRST
    2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\users\Rens\AppData\Roaming\DriverCure
    2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\users\Rens\AppData\Roaming\SpeedyPC Software
    2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
    2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\programdata\SpeedyPC Software
    2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\program files (x86)\SpeedyPC Software
    2012-10-16 11:44 . 2012-10-16 11:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-10-16 11:41 . 2012-10-16 12:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-16 11:40 . 2012-10-16 11:40 -------- d-----w- c:\windows\system32\Macromed
    2012-10-16 07:18 . 2012-10-16 07:18 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
    2012-10-16 07:18 . 2012-10-16 07:18 -------- d-----w- c:\program files (x86)\VstPlugins
    2012-10-16 07:18 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
    2012-10-16 07:17 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
    2012-10-16 07:17 . 2012-10-16 07:17 -------- d-----w- c:\program files (x86)\Outsim
    2012-10-16 07:11 . 2012-10-16 07:17 -------- d-----w- c:\program files (x86)\Image-Line
    2012-10-16 07:11 . 2012-10-16 07:11 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
    2012-10-16 07:11 . 2012-10-16 07:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
    2012-10-15 13:32 . 2012-10-15 13:36 -------- d-----w- c:\users\Rens\jagexcache
    2012-10-10 17:13 . 2012-10-10 17:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2012-10-10 17:06 . 2012-10-10 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
    2012-10-09 21:35 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-09 21:35 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-09 21:35 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-10-09 21:35 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-09-26 08:00 . 2011-07-20 12:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
    2012-09-26 07:59 . 2012-09-26 07:59 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
    2012-09-26 07:59 . 2012-09-26 07:59 -------- d-----w- c:\program files (x86)\Research In Motion
    2012-09-26 06:34 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-09-22 22:17 . 2012-08-24 10:22 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-09-21 21:04 . 2012-09-21 21:04 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-09-21 21:04 . 2012-09-21 21:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-09-21 21:03 . 2012-09-21 21:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-10-16 12:30 . 2011-09-19 17:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-10 07:49 . 2011-09-13 17:14 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-21 21:02 . 2011-04-11 12:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-09-04 21:20 . 2012-09-04 21:20 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-08-24 13:43 . 2012-08-24 13:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-08-22 18:12 . 2012-09-12 16:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 18:12 . 2012-09-12 16:15 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 18:12 . 2012-09-12 16:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 18:12 . 2012-09-12 16:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-20 17:38 . 2012-10-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-08-02 17:58 . 2012-09-12 16:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
    2012-08-02 16:57 . 2012-09-12 16:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
    2012-07-26 01:21 . 2012-07-26 01:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-09-04 21:20 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-09-23 09:34 220608 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-09-23 09:34 220608 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-09-23 09:34 220608 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-06-06 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-02-10 61112]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 947808]
    "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
    "ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "HideFastUserSwitching"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "EnableShellExecuteHooks"= 1 (0x1)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 250808]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114144]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-28 82048]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-02 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
    S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-04 8283136]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-04 295424]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-03-02 1142376]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 12:30]
    .
    2012-09-23 c:\windows\Tasks\HPCeeScheduleForRens.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
    .
    2012-10-16 c:\windows\Tasks\SpeedyPC Pro.job
    - c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]
    .
    2012-10-16 c:\windows\Tasks\SpeedyPC Registration3.job
    - c:\windows\system32\rundll32.exe [2009-07-13 01:14]
    .
    2012-10-17 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    2012-10-16 c:\windows\Tasks\SpeedyPC Update Version3.job
    - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2012-09-23 09:35 244672 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2012-09-23 09:35 244672 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2012-09-23 09:35 244672 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = https://isearch.avg.com/?cid={980E5...9dbdbcf45&lang=nl&ds=st011&pr=sa&d=2012-03-10 10:32&v=12.2.5.32&sap=hp
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
    FF - ProfilePath - c:\users\Rens\AppData\Roaming\Mozilla\Firefox\Profiles\zrrqulb6.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - www.google.nl
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfb96998e-db94-47f2-b55d-1874bb82b13d%7D&mid=72dd1b09cab047d1a068ed906dc3419f-db6a4bde009317d23e94cff9a5f1b209dbdbcf45&ds=st011&v=10.0.0.7&lang=nl&pr=sa&d=2012-03-10%2010%3A32%3A45&sap=ku&q=
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
    .
    .
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
    91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
    "{17FDB9F8-DCC4-4F6A-AE07-B16018A48469}"=hex:51,66,7a,6c,4c,1d,38,12,96,ba,ee,
    13,f6,92,04,0a,d1,11,f2,20,1d,fa,c0,7d
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
    38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
    "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
    72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
    b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
    "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
    df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:f6,18,5b,18,3f,26,cd,01
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-10-17 15:18:32
    ComboFix-quarantined-files.txt 2012-10-17 13:18
    .
    Pre-Run: 115.369.357.312 bytes beschikbaar
    Post-Run: 115.229.519.872 bytes beschikbaar
    .
    - - End Of File - - EB2AB227658902CA0FCB61BBCBD4049E
    It didn't run very smooth. I had to restart the program about 4 times.
     
  12. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.

    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death
  13. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan deleted - quarantined
    C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
    C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
    I had no problems running Eset.
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

    Clean up System Restore

    Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

    To manually create a new Restore Point
    • Go to Control Panel and select System and Maintenance
    • Select System
    • On the left select Advance System Settings and accept the warning if you get one
    • Select System Protection Tab
    • Select Create at the bottom
    • Type in a name I.e. Clean
    • Select Create
    Now we can purge the infected ones
    • Go back to the System and Maintenance page
    • Select Performance Information and Tools
    • On the left select Open Disk Cleanup
    • Select Files from all users and accept the warning if you get one
    • In the drop down box select your main drive I.e. C
    • For a few moments the system will make some calculations:
      [​IMG]
    • Select the More Options tab
      [​IMG]
    • In the System Restore and Shadow Backups select Clean up
      [​IMG]
    • Select Delete on the pop up
    • Select OK
    • Select Delete
    Run OTC to remove our tools

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC.exe by OldTimer:
    • Save it to your Desktop.
    • Double click OTC.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.
    Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

    Purge old temporary files

    Download CCleaner Slim and save it to your Desktop - Alternate download link

    When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
    Follow the prompts to install the program.

    * Double-click the CCleaner shortcut on the desktop to start the program.
    * Click on the Options block on the left, then choose Cookies.
    * Under Cookies to Delete, highlight any cookies you would like to retain permanently
    * Click the right arrow > to move them to the Cookies to Keep window.
    * Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
    * Click Cleaner on the left then Run Cleaner on the right to run the program.
    * Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

    Caution: Only use the Registry feature if you are very familiar with the registry.
    Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

    Security Check

    Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  15. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    Results of screen317's Security Check version 0.99.51
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Anti-Virus Free Edition 2012
    Antivirus up to date! (On Access scanning disabled!)
    `````````Anti-malware/Other Utilities Check:`````````
    Java(TM) 6 Update 30
    Java 7 Update 7
    Adobe Flash Player 11.4.402.287
    Adobe Reader X 10.1.0 Adobe Reader out of Date!
    Mozilla Firefox (15.0.1)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    AVG avgtray.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 0%
    ````````````````````End of Log``````````````````````
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Adobe Reader Update!

    Please download the newest version of Adobe Acrobat Reader from Adobe.com

    Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
    Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
    Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

    Once old versions are gone, please install the newest version.

    Personal Tips on Preventing Malware

    See this page for more info about malware and prevention.

    Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

    Any other questions before I mark this topic solved?
  17. RensvanDriel

    RensvanDriel Newcomer, in training Topic Starter

    No, Thank you very much for your help !!!
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome. Topic marked solved. :D
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.