Solved Win64 patched A trojan

Status
Not open for further replies.

RensvanDriel

Posts: 13   +0
Hey Guys,

Since this morning I get the message of AVG that I have a virus. Win64 PatchedA.
I read some topics on this forum and did run FRST in my system recovery options.

The scanned files are below as an attachement.

But what now? I would appreciate every help to remove this threat.

Sorry for my bad english.
 

Attachments

  • FRST.txt
    56 KB · Views: 1
  • Search.txt
    602 bytes · Views: 1
[FONT=Arial]Farbar Recovery Scan Tool (x64) Version: 15-10-2012
Ran by SYSTEM at 2012-10-16 15:45:02
Running from H:\[/FONT]

[FONT=Arial]================== Search: "services.exe" ===================[/FONT]
[FONT=Arial]C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB[/FONT]

[FONT=Arial]C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC[/FONT]

[FONT=Arial]===== End Of Search ======[/FONT]
 
[FONT=Arial] [/FONT]
[FONT=Arial]Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-10-2012[/FONT]
[FONT=Arial]Ran by SYSTEM at 16-10-2012 15:42:31[/FONT]
[FONT=Arial]Running from H:\[/FONT]
[FONT=Arial]Windows 7 Home Premium (X64) OS Language: English(US) [/FONT]
[FONT=Arial]The current controlset is ControlSet001[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Registry (Whitelisted) ===================[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [x][/FONT]
[FONT=Arial]HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6602856 2011-01-11] (Realtek Semiconductor)[/FONT]
[FONT=Arial]HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-07-21] (Hewlett-Packard Company)[/FONT]
[FONT=Arial]HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [446392 2012-04-03] (Adobe Systems Incorporated)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [336384 2011-03-04] (Advanced Micro Devices, Inc.)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [586296 2010-11-09] (Hewlett-Packard Development Company, L.P.)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-06-06] (Adobe Systems Incorporated)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-30] (Adobe Systems Incorporated)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-02-10] (EasyBits Software AS)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-13] (Hewlett-Packard Development Company, L.P.)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-30] (AVG Technologies CZ, s.r.o.)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-01-16] (Apple Inc.)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [947808 2012-09-04] ()[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup [312376 2012-02-08] (Power Software Ltd)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 [1022048 2012-09-04] ()[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-02] (Sun Microsystems, Inc.)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)[/FONT]
[FONT=Arial]HKLM-x32\...\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin [1073312 2012-03-09] (Adobe Systems Incorporated)[/FONT]
[FONT=Arial]HKU\Rens\...\Policies\system: [DisableLockWorkstation] 0[/FONT]
[FONT=Arial]HKU\Rens\...\Policies\system: [DisableChangePassword] 0[/FONT]
[FONT=Arial]HKU\Simone\...\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10w_Plugin.exe -update plugin [x][/FONT]
[FONT=Arial]Tcpip\Parameters: [DhcpNameServer] 192.168.1.254[/FONT]
[FONT=Arial]Startup: C:\Users\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk[/FONT]
[FONT=Arial]ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Services (Whitelisted) ===================[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]2 AM[/FONT][FONT=Arial]D Reservation Manager; "C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe" [194496 2010-06-16] (Advanced Micro Devices)[/FONT]
[FONT=Arial]2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-12] (AVG Technologies CZ, s.r.o.)[/FONT]
[FONT=Arial]2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-13] (AVG Technologies CZ, s.r.o.)[/FONT]
[FONT=Arial]2 PEVSystemStart; "C:\32788R22FWJFW\pev.3XE" EXEC /I CSCRIPT.exe //NOLOGO //E:VBSCRIPT //B //T:15 "C:\32788R22FWJFW\KNetSvcs.vbs" [322 2012-09-03] ()[/FONT]
[FONT=Arial]2 vToolbarUpdater12.2.6; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [722528 2012-09-04] ()[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Drivers (Whitelisted) =====================[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )[/FONT]
[FONT=Arial]3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )[/FONT]
[FONT=Arial]0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-18] (AVG Technologies CZ, s.r.o. )[/FONT]
[FONT=Arial]1 Avgldx64[/FONT][FONT=Arial]; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-25] (AVG Technologies CZ, s.r.o.)[/FONT]
[FONT=Arial]1 Avgmfx64[/FONT][FONT=Arial]; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)[/FONT]
[FONT=Arial]0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-30] (AVG Technologies CZ, s.r.o.)[/FONT]
[FONT=Arial]1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)[/FONT]
[FONT=Arial]1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-09-04] (AVG Technologies)[/FONT]
[FONT=Arial]3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [x][/FONT]
 
[FONT=Arial]==================== NetSvcs (Whitelisted) ====================[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== One Month Created Files and Folders ========[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 15:23 - 2012-10-16 15:23 - 00000000 ____D C:\FRST[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2012-10-16 04:56 - 00001124 ____A C:\Windows\PFRO.log[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2012-10-16 04:56 - 00000056 ____A C:\Windows\setupact.log[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2012-10-16 04:56 - 00000000 ____A C:\Windows\setuperr.log[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:56 - 00000514 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:46 - 00000490 ____A C:\Windows\Tasks\SpeedyPC Registration3.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:46 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:46 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:30 - 00001205 ____A C:\Users\Rens\Desktop\SpeedyPC Pro.lnk[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Users\Rens\AppData\Roaming\SpeedyPC Software[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Users\Rens\AppData\Roaming\DriverCure[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Users\All Users\SpeedyPC Software[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:30 - 00000000 ____D C:\Program Files (x86)\SpeedyPC Software[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:28 - 2012-10-16 04:29 - 05019760 ____A (SpeedyPC Software) C:\Users\Rens\Downloads\SpeedyPC Pro Installer.exe[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:26 - 2012-10-16 04:26 - 00001205 ____A C:\Users\Rens\Downloads\FixNCR.reg[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:04 - 2012-10-16 04:46 - 00000000 ____D C:\Qoobox[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:03 - 2012-10-16 04:47 - 00000000 ___SD C:\32788R22FWJFW[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 03:59 - 2012-10-16 03:59 - 04981258 ____R (Swearware) C:\Users\Rens\Downloads\ComboFix.exe[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 03:44 - 2012-10-16 03:44 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 03:41 - 2012-10-16 04:46 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 03:41 - 2012-10-16 04:30 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 03:40 - 2012-10-16 03:40 - 00000000 ____D C:\Windows\System32\Macromed[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 01:01 - 2012-10-16 01:02 - 00000000 ____D C:\Users\Rens\AppData\Local\{A8AA2FE4-C84C-458B-B4CA-59E8196278BF}[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:18 - 2012-10-15 23:18 - 00001142 ____A C:\Users\Rens\Desktop\ASIO4ALL v2 Instruction Manual.lnk[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:18 - 2012-10-15 23:18 - 00000000 ____D C:\Program Files (x86)\VstPlugins[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:18 - 2012-10-15 23:18 - 00000000 ____D C:\Program Files (x86)\ASIO4ALL v2[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:18 - 2006-06-20 00:56 - 00225280 ____A (Propellerhead Software AB) C:\Windows\SysWOW64\rewire.dll[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:17 - 2012-10-15 23:17 - 00001150 ____A C:\Users\Rens\Desktop\FL Studio 10.lnk[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:17 - 2012-10-15 23:17 - 00000000 ____D C:\Users\Rens\Documents\Image-Line[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:17 - 2012-10-15 23:17 - 00000000 ____D C:\Program Files (x86)\Outsim[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:17 - 2009-09-15 01:14 - 01554944 ____A (HMS http://hp.vector.co.jp/authors/VA012897/) C:\Windows\SysWOW64\vorbis.acm[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:11 - 2012-10-15 23:17 - 00000000 ____D C:\Program Files (x86)\Image-Line[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:11 - 2012-10-15 23:11 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:11 - 2012-10-15 23:11 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:10 - 2011-04-18 08:03 - 00000000 ____D C:\Users\Rens\Downloads\Fruityloops 10[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 05:36 - 2012-10-15 05:36 - 00000045 ____A C:\Users\Rens\jagex_cl_loginapplet_LIVE.dat[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 05:32 - 2012-10-15 23:51 - 00000024 ____A C:\Users\Rens\random.dat[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 05:32 - 2012-10-15 23:46 - 00000043 ____A C:\Users\Rens\jagex_cl_runescape_LIVE.dat[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 05:32 - 2012-10-15 05:36 - 00000000 ____D C:\Users\Rens\jagexcache[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 00:11 - 2012-10-15 00:12 - 00000000 ____D C:\Users\Rens\AppData\Local\{D49E7772-E700-4BAA-9189-7706E3743947}[/FONT]
[FONT=Arial]2012-10-11[/FONT][FONT=Arial] 04:48 - 2012-10-11 04:48 - 00000000 ____D C:\Users\Rens\Downloads\Test website[/FONT]
[FONT=Arial]2012-10-11[/FONT][FONT=Arial] 04:47 - 2012-10-11 04:47 - 07523534 ____A C:\Users\Rens\Downloads\MM_DWCS6.zip[/FONT]
[FONT=Arial]2012-10-11[/FONT][FONT=Arial] 01:52 - 2012-10-11 01:53 - 00000000 ____D C:\Users\Rens\AppData\Local\{B9C8E864-AFC8-4B10-AE51-7F3E5C56A0DA}[/FONT]
[FONT=Arial]2012-10-11[/FONT][FONT=Arial] 01:17 - 2012-10-11 02:57 - 00000000 ____D C:\Users\Rens\Documents\ViktorLindgren[/FONT]
[FONT=Arial]2012-10-10[/FONT][FONT=Arial] 13:43 - 2012-10-10 13:43 - 00000000 ____D C:\Users\Rens\AppData\Local\{9EBDD731-2569-420B-95D4-2D6D0DF5C49D}[/FONT]
[FONT=Arial]2012-10-10[/FONT][FONT=Arial] 09:34 - 2012-10-10 09:40 - 00000000 ____D C:\Users\Rens\Downloads\Dreamweaver.CS6.The.Missing.Manual[A4][/FONT]
[FONT=Arial]2012-10-10[/FONT][FONT=Arial] 09:13 - 2012-10-10 09:13 - 00000000 ____D C:\Users\All Users\regid.1986-12.com.adobe[/FONT]
[FONT=Arial]2012-10-10[/FONT][FONT=Arial] 09:06 - 2012-10-10 09:06 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia[/FONT]
[FONT=Arial]2012-10-10[/FONT][FONT=Arial] 09:06 - 2012-10-10 09:06 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia[/FONT]
[FONT=Arial]2012-10-10[/FONT][FONT=Arial] 08:57 - 2012-10-10 08:59 - 00000000 ____D C:\Users\Rens\Desktop\Adobe Dreamweaver CS6[/FONT]
[FONT=Arial]2012-10-10[/FONT][FONT=Arial] 08:09 - 2012-10-10 08:54 - 00000000 ____D C:\Users\Rens\Downloads\Adobe Dreamweaver CS6 12.0 build 5808 + Crack[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 23:41 - 2012-10-09 23:41 - 00000000 ____D C:\Users\Rens\AppData\Local\{3E84F428-0F24-473E-81E4-766173E18BFB}[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:35 - 2012-08-31 10:19 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:35 - 2012-08-30 10:03 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:35 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:35 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-09-14 11:19 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-24 10:05 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:48 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:48 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:48 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:48 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:48 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:48 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:48 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:46 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 10:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:40 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:38 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:37 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:37 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:37 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 07:38 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 07:38 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-10 16:56 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-06-01 21:41 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-06-01 21:41 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-06-01 21:41 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 13:34 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 08:58 - 2012-10-09 08:58 - 00000000 ____D C:\Users\Rens\AppData\Local\{78C3DFFF-89EE-4017-8840-22700BC3F3A5}[/FONT]
[FONT=Arial]2012-10-08[/FONT][FONT=Arial] 02:52 - 2012-10-08 02:52 - 00000000 ____D C:\Users\Rens\AppData\Local\{15A50328-B9EF-4DB0-A20F-89A068C891FA}[/FONT]
[FONT=Arial]2012-10-07[/FONT][FONT=Arial] 12:39 - 2012-10-07 12:39 - 00000000 ____D C:\Users\Rens\AppData\Local\{2DA27347-1A7A-4168-8196-10D9039EDD22}[/FONT]
[FONT=Arial]2012-10-06[/FONT][FONT=Arial] 10:35 - 2012-10-06 10:35 - 00000000 ____D C:\Users\Rens\AppData\Local\{B28EC2EF-3B08-4565-A7ED-36325E5FD902}[/FONT]
[FONT=Arial]2012-10-05[/FONT][FONT=Arial] 02:12 - 2012-10-05 02:13 - 00000000 ____D C:\Users\Rens\AppData\Local\{063C2BB3-C4AF-489B-8A30-C451836DDD75}[/FONT]
[FONT=Arial]2012-10-04[/FONT][FONT=Arial] 03:46 - 2012-10-04 03:47 - 00000000 ____D C:\Users\Rens\Documents\Hardlopen[/FONT]
[FONT=Arial]2012-10-03[/FONT][FONT=Arial] 23:27 - 2012-10-03 23:27 - 00000000 ____D C:\Users\Rens\AppData\Local\{F0D63B4D-9998-4595-B869-C80A1A18BCEE}[/FONT]
[FONT=Arial]2012-10-03[/FONT][FONT=Arial] 07:00 - 2012-10-03 07:00 - 00000000 ____D C:\Users\Rens\AppData\Local\{27D3F500-6DA5-4926-B3B8-C322EEB8F565}[/FONT]
[FONT=Arial]2012-10-02[/FONT][FONT=Arial] 01:18 - 2012-10-02 01:18 - 00000000 ____D C:\Users\Rens\AppData\Local\{17D88EA3-7714-4831-B398-7C519A88E213}[/FONT]
[FONT=Arial]2012-10-01[/FONT][FONT=Arial] 03:41 - 2012-09-11 12:53 - 00000000 ____D C:\Users\Rens\Downloads\Tor Browser[/FONT]
[FONT=Arial]2012-10-01[/FONT][FONT=Arial] 03:38 - 2012-10-01 03:40 - 23759265 ____A (Igor Pavlov) C:\Users\Rens\Downloads\tor-browser-2.2.39-1_en-US.exe[/FONT]
[FONT=Arial]2012-10-01[/FONT][FONT=Arial] 00:30 - 2012-10-15 23:43 - 00000000 ____D C:\Users\Rens\Documents\Sollicitatie 2012[/FONT]
[FONT=Arial]2012-09-30[/FONT][FONT=Arial] 23:46 - 2012-09-30 23:47 - 00000000 ____D C:\Users\Rens\AppData\Local\{2159BEE3-8041-428B-970D-0EB2922342D9}[/FONT]
[FONT=Arial]2012-09-28[/FONT][FONT=Arial] 03:19 - 2012-09-28 03:19 - 00000000 ____D C:\Users\Rens\AppData\Local\{F485BCBE-8364-4903-9432-3BAAE5B5F81C}[/FONT]
[FONT=Arial]2012-09-27[/FONT][FONT=Arial] 13:28 - 2012-09-27 13:28 - 00000000 ____D C:\Users\Rens\AppData\Local\{C5739B6F-8B5D-4441-B92A-230501530FC0}[/FONT]
[FONT=Arial]2012-09-26[/FONT][FONT=Arial] 10:22 - 2012-09-26 10:22 - 00000000 ____D C:\Users\Rens\AppData\Local\{76B6EB15-0D40-40B4-BA90-39AFED2ED73A}[/FONT]
[FONT=Arial]2012-09-26[/FONT][FONT=Arial] 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf[/FONT]
[FONT=Arial]2012-09-26[/FONT][FONT=Arial] 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf[/FONT]
[FONT=Arial]2012-09-26[/FONT][FONT=Arial] 00:00 - 2011-07-20 04:58 - 00044032 ____A (Research in Motion Ltd) C:\Windows\System32\Drivers\RimSerial_AMD64.sys[/FONT]
[FONT=Arial]2012-09-25[/FONT][FONT=Arial] 23:59 - 2012-09-25 23:59 - 00000000 ____D C:\Program Files (x86)\Research In Motion[/FONT]
[FONT=Arial]2012-09-25[/FONT][FONT=Arial] 22:34 - 2012-08-21 13:01 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe[/FONT]
[FONT=Arial]2012-09-25[/FONT][FONT=Arial] 22:21 - 2012-09-25 22:22 - 00000000 ____D C:\Users\Rens\AppData\Local\{92531922-AACF-4C4B-B9CD-34C58C579F11}[/FONT]
[FONT=Arial]2012-09-25[/FONT][FONT=Arial] 12:15 - 2012-09-28 00:28 - 00000000 ____D C:\Users\Rens\Documents\Psychologie[/FONT]
[FONT=Arial]2012-09-25[/FONT][FONT=Arial] 09:57 - 2012-09-25 09:57 - 00000000 ____D C:\Users\Rens\AppData\Local\{67107E0B-FCD0-470C-B36A-E60F8A2A4441}[/FONT]
[FONT=Arial]2012-09-23[/FONT][FONT=Arial] 01:33 - 2012-09-24 21:36 - 00000000 ____D C:\Users\Rens\AppData\Local\{63624CB8-9BAA-42EC-BECD-8A6304F4D287}[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:18 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 14:17 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 12:24 - 2012-09-22 12:24 - 00000000 ____D C:\Users\Rens\AppData\Local\{545499E2-1FBC-47A4-846C-24EF6AE5F128}[/FONT]
[FONT=Arial]2012-09-22[/FONT][FONT=Arial] 00:23 - 2012-09-22 00:23 - 00000000 ____D C:\Users\Rens\AppData\Local\{520F7F6E-18B7-4178-9452-4BF8B2B8C192}[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:04 - 2012-09-21 13:02 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:04 - 2012-09-21 13:02 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:03 - 2012-09-21 13:02 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:03 - 2012-09-21 13:02 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:03 - 2012-09-21 13:02 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:00 - 2012-09-21 13:00 - 00894952 ____A (Oracle Corporation) C:\Users\Rens\Downloads\jxpiinstall.exe[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 09:07 - 2012-09-21 09:07 - 00000000 ____D C:\Users\Rens\AppData\Local\{0FF5AFF2-ED21-46DF-B2CC-BF53045409F3}[/FONT]
 
[FONT=Arial]2012-09-20[/FONT][FONT=Arial] 12:38 - 2012-09-20 12:38 - 00000000 ____D C:\Users\Rens\AppData\Local\{EF50CC7A-D5C3-4ECB-8229-544AF44D8B1D}[/FONT]
[FONT=Arial]2012-09-19[/FONT][FONT=Arial] 09:08 - 2012-09-19 09:08 - 00000000 ____D C:\Users\Rens\AppData\Local\{FCFB2114-65C3-4433-9B3B-516116116F01}[/FONT]
[FONT=Arial]2012-09-18[/FONT][FONT=Arial] 03:42 - 2012-09-18 03:42 - 00000000 ____D C:\Users\Rens\AppData\Local\{C69295B8-4848-42B7-9F46-6F9A98BA9888}[/FONT]
[FONT=Arial]2012-09-16[/FONT][FONT=Arial] 04:01 - 2012-09-16 04:01 - 00000000 ____D C:\Users\Simone\AppData\Local\AVG Secure Search[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== 3 Months Modified Files ==================[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 05:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 05:08 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2012-10-16 04:56 - 00001124 ____A C:\Windows\PFRO.log[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2012-10-16 04:56 - 00000056 ____A C:\Windows\setupact.log[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2012-10-16 04:56 - 00000000 ____A C:\Windows\setuperr.log[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2012-10-16 04:30 - 00000514 ____A C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2011-09-15 04:03 - 00001048 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:56 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:47 - 2009-07-13 21:08 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:46 - 2012-10-16 04:30 - 00000490 ____A C:\Windows\Tasks\SpeedyPC Registration3.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:46 - 2012-10-16 04:30 - 00000462 ____A C:\Windows\Tasks\SpeedyPC Update Version3.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:46 - 2012-10-16 04:30 - 00000418 ____A C:\Windows\Tasks\SpeedyPC Pro.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:46 - 2012-10-16 03:41 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:31 - 2011-09-15 04:03 - 00001052 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 04:30 - 00001205 ____A C:\Users\Rens\Desktop\SpeedyPC Pro.lnk[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2012-10-16 03:41 - 00696760 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:30 - 2011-09-19 09:59 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:29 - 2012-10-16 04:28 - 05019760 ____A (SpeedyPC Software) C:\Users\Rens\Downloads\SpeedyPC Pro Installer.exe[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 04:26 - 2012-10-16 04:26 - 00001205 ____A C:\Users\Rens\Downloads\FixNCR.reg[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 03:59 - 2012-10-16 03:59 - 04981258 ____R (Swearware) C:\Users\Rens\Downloads\ComboFix.exe[/FONT]
[FONT=Arial]2012-10-16[/FONT][FONT=Arial] 03:18 - 2011-07-04 14:18 - 01431318 ____N C:\Windows\WindowsUpdate.log[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:51 - 2012-10-15 05:32 - 00000024 ____A C:\Users\Rens\random.dat[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:46 - 2012-10-15 05:32 - 00000043 ____A C:\Users\Rens\jagex_cl_runescape_LIVE.dat[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:18 - 2012-10-15 23:18 - 00001142 ____A C:\Users\Rens\Desktop\ASIO4ALL v2 Instruction Manual.lnk[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:17 - 2012-10-15 23:17 - 00001150 ____A C:\Users\Rens\Desktop\FL Studio 10.lnk[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:11 - 2012-10-15 23:11 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 23:11 - 2012-10-15 23:11 - 01060864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll[/FONT]
[FONT=Arial]2012-10-15[/FONT][FONT=Arial] 05:36 - 2012-10-15 05:36 - 00000045 ____A C:\Users\Rens\jagex_cl_loginapplet_LIVE.dat[/FONT]
[FONT=Arial]2012-10-14[/FONT][FONT=Arial] 10:03 - 2011-04-11 13:50 - 00744014 ____A C:\Windows\System32\perfh013.dat[/FONT]
[FONT=Arial]2012-10-14[/FONT][FONT=Arial] 10:03 - 2011-04-11 13:50 - 00152840 ____A C:\Windows\System32\perfc013.dat[/FONT]
[FONT=Arial]2012-10-14[/FONT][FONT=Arial] 10:03 - 2009-07-13 21:13 - 01665488 ____A C:\Windows\System32\PerfStringBackup.INI[/FONT]
[FONT=Arial]2012-10-12[/FONT][FONT=Arial] 12:55 - 2011-09-02 05:36 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log[/FONT]
[FONT=Arial]2012-10-11[/FONT][FONT=Arial] 04:47 - 2012-10-11 04:47 - 07523534 ____A C:\Users\Rens\Downloads\MM_DWCS6.zip[/FONT]
[FONT=Arial]2012-10-09[/FONT][FONT=Arial] 23:49 - 2011-09-13 09:14 - 65309168 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe[/FONT]
[FONT=Arial]2012-10-01[/FONT][FONT=Arial] 03:40 - 2012-10-01 03:38 - 23759265 ____A (Igor Pavlov) C:\Users\Rens\Downloads\tor-browser-2.2.39-1_en-US.exe[/FONT]
[FONT=Arial]2012-09-26[/FONT][FONT=Arial] 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimUsb_AMD64_01007.Wdf[/FONT]
[FONT=Arial]2012-09-26[/FONT][FONT=Arial] 00:00 - 2012-09-26 00:00 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_RimSerial_AMD64_01007.Wdf[/FONT]
[FONT=Arial]2012-09-23[/FONT][FONT=Arial] 01:31 - 2012-09-07 01:16 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForRens.job[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:02 - 2012-09-21 13:04 - 00821736 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:02 - 2012-09-21 13:04 - 00246760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:02 - 2012-09-21 13:03 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:02 - 2012-09-21 13:03 - 00174056 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:02 - 2012-09-21 13:03 - 00095208 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:02 - 2011-04-11 04:38 - 00746984 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll[/FONT]
[FONT=Arial]2012-09-21[/FONT][FONT=Arial] 13:00 - 2012-09-21 13:00 - 00894952 ____A (Oracle Corporation) C:\Users\Rens\Downloads\jxpiinstall.exe[/FONT]
[FONT=Arial]2012-09-14[/FONT][FONT=Arial] 11:19 - 2012-10-09 13:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll[/FONT]
[FONT=Arial]2012-09-14[/FONT][FONT=Arial] 10:28 - 2012-10-09 13:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll[/FONT]
[FONT=Arial]2012-09-14[/FONT][FONT=Arial] 00:44 - 2012-09-14 00:44 - 00002060 ____A C:\Users\Rens\Desktop\Curriculum_Vitae_Rens.txt[/FONT]
[FONT=Arial]2012-09-14[/FONT][FONT=Arial] 00:43 - 2012-09-14 00:43 - 00002513 ____A C:\Users\Public\Desktop\Skype.lnk[/FONT]
[FONT=Arial]2012-09-12[/FONT][FONT=Arial] 10:53 - 2012-09-12 10:49 - 39483256 ____A (Apple Inc.) C:\Users\Rens\Downloads\QuickTimeInstaller.exe[/FONT]
[FONT=Arial]2012-09-11[/FONT][FONT=Arial] 02:59 - 2011-09-01 07:50 - 00000975 ____A C:\Users\Public\Desktop\AVG 2012.lnk[/FONT]
[FONT=Arial]2012-09-10[/FONT][FONT=Arial] 02:17 - 2012-09-10 02:16 - 05701892 ____A C:\Users\Rens\Downloads\Kopie diploma.zip[/FONT]
[FONT=Arial]2012-09-04[/FONT][FONT=Arial] 13:20 - 2012-09-04 13:20 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys[/FONT]
[FONT=Arial]2012-08-31[/FONT][FONT=Arial] 10:19 - 2012-10-09 13:35 - 01659760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys[/FONT]
[FONT=Arial]2012-08-30[/FONT][FONT=Arial] 10:03 - 2012-10-09 13:35 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe[/FONT]
[FONT=Arial]2012-08-30[/FONT][FONT=Arial] 09:12 - 2012-10-09 13:35 - 03968880 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe[/FONT]
[FONT=Arial]2012-08-30[/FONT][FONT=Arial] 09:12 - 2012-10-09 13:35 - 03914096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 10:05 - 2012-10-09 13:34 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 08:57 - 2012-10-09 13:34 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 05:43 - 2012-08-24 05:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 03:15 - 2012-09-22 14:17 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:39 - 2012-09-22 14:17 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:31 - 2012-09-22 14:17 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:22 - 2012-09-22 14:17 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:21 - 2012-09-22 14:17 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:20 - 2012-09-22 14:17 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:18 - 2012-09-22 14:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:17 - 2012-09-22 14:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:14 - 2012-09-22 14:18 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:14 - 2012-09-22 14:17 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:13 - 2012-09-22 14:17 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:12 - 2012-09-22 14:17 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:11 - 2012-09-22 14:17 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:10 - 2012-09-22 14:18 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:09 - 2012-09-22 14:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb[/FONT]
[FONT=Arial]2012-08-24[/FONT][FONT=Arial] 02:04 - 2012-09-22 14:18 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 23:27 - 2012-09-22 14:17 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 23:03 - 2012-09-22 14:17 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:59 - 2012-09-22 14:17 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:51 - 2012-09-22 14:17 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:51 - 2012-09-22 14:17 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:51 - 2012-09-22 14:17 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:49 - 2012-09-22 14:18 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:48 - 2012-09-22 14:17 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:47 - 2012-09-22 14:18 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:47 - 2012-09-22 14:18 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:47 - 2012-09-22 14:17 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:45 - 2012-09-22 14:17 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:44 - 2012-09-22 14:18 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:44 - 2012-09-22 14:17 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:43 - 2012-09-22 14:18 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb[/FONT]
[FONT=Arial]2012-08-23[/FONT][FONT=Arial] 22:40 - 2012-09-22 14:18 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll[/FONT]
[FONT=Arial]2012-08-22[/FONT][FONT=Arial] 11:20 - 2012-08-22 11:20 - 00059992 ____A C:\Users\Rens\Downloads\player.html[/FONT]
[FONT=Arial]2012-08-22[/FONT][FONT=Arial] 10:12 - 2012-09-12 08:15 - 01913200 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys[/FONT]
[FONT=Arial]2012-08-22[/FONT][FONT=Arial] 10:12 - 2012-09-12 08:15 - 00950128 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys[/FONT]
[FONT=Arial]2012-08-22[/FONT][FONT=Arial] 10:12 - 2012-09-12 08:15 - 00376688 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys[/FONT]
[FONT=Arial]2012-08-22[/FONT][FONT=Arial] 10:12 - 2012-09-12 08:15 - 00288624 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS[/FONT]
[FONT=Arial]2012-08-21[/FONT][FONT=Arial] 13:01 - 2012-09-25 22:34 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:48 - 2012-10-09 13:34 - 01162240 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:48 - 2012-10-09 13:34 - 00424448 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:48 - 2012-10-09 13:34 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:48 - 2012-10-09 13:34 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:48 - 2012-10-09 13:34 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:48 - 2012-10-09 13:34 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:48 - 2012-10-09 13:34 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:46 - 2012-10-09 13:34 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 10:38 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:40 - 2012-10-09 13:34 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:38 - 2012-10-09 13:34 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:37 - 2012-10-09 13:34 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:37 - 2012-10-09 13:34 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:37 - 2012-10-09 13:34 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 09:32 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 07:38 - 2012-10-09 13:34 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 07:38 - 2012-10-09 13:34 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 07:33 - 2012-10-09 13:34 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 07:33 - 2012-10-09 13:34 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 07:33 - 2012-10-09 13:34 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-20[/FONT][FONT=Arial] 07:33 - 2012-10-09 13:34 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll[/FONT]
[FONT=Arial]2012-08-17[/FONT][FONT=Arial] 03:04 - 2009-07-13 20:45 - 00416992 ____A C:\Windows\System32\FNTCACHE.DAT[/FONT]
[FONT=Arial]2012-08-16[/FONT][FONT=Arial] 08:51 - 2012-08-16 08:49 - 15267728 ____A (Google Inc.) C:\Users\Rens\Downloads\picasa39-setup.exe[/FONT]
[FONT=Arial]2012-08-13[/FONT][FONT=Arial] 21:21 - 2012-08-13 03:44 - 00023544 ____A C:\Users\Rens\Documents\Kruidvat fotoservice.mcf[/FONT]
[FONT=Arial]2012-08-13[/FONT][FONT=Arial] 03:44 - 2012-08-13 03:44 - 00024101 ____A C:\Users\Rens\Documents\Kruidvat fotoservice.mcf~[/FONT]
[FONT=Arial]2012-08-11[/FONT][FONT=Arial] 12:40 - 2012-08-11 12:40 - 00004894 ____A C:\Users\Rens\Desktop\profiel.odt[/FONT]
[FONT=Arial]2012-08-11[/FONT][FONT=Arial] 11:55 - 2012-08-10 05:59 - 00011760 ____A C:\Users\Rens\Documents\Nederland waar recht krom is en krom recht is.odt[/FONT]
[FONT=Arial]2012-08-10[/FONT][FONT=Arial] 22:33 - 2012-08-10 22:33 - 01489352 ____A C:\Users\Rens\Downloads\setup_Kruidvat_fotoservice.exe[/FONT]
[FONT=Arial]2012-08-10[/FONT][FONT=Arial] 22:29 - 2011-09-01 07:26 - 01643648 ____A C:\Windows\SysWOW64\PerfStringBackup.INI[/FONT]
[FONT=Arial]2012-08-10[/FONT][FONT=Arial] 16:56 - 2012-10-09 13:34 - 00715776 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll[/FONT]
[FONT=Arial]2012-08-10[/FONT][FONT=Arial] 15:56 - 2012-10-09 13:34 - 00542208 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll[/FONT]
[FONT=Arial]2012-08-10[/FONT][FONT=Arial] 05:30 - 2012-08-10 05:25 - 50449456 ____A (Microsoft Corporation) C:\Users\Rens\Downloads\dotNetFx40_Full_x86_x64.exe[/FONT]
[FONT=Arial]2012-08-10[/FONT][FONT=Arial] 05:24 - 2012-08-10 05:24 - 02620660 ____A C:\Users\Rens\Downloads\ViperSetup.exe[/FONT]
[FONT=Arial]2012-08-02[/FONT][FONT=Arial] 09:58 - 2012-09-12 08:15 - 00574464 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll[/FONT]
[FONT=Arial]2012-08-02[/FONT][FONT=Arial] 08:57 - 2012-09-12 08:15 - 00490496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll[/FONT]
[FONT=Arial]2012-07-25[/FONT][FONT=Arial] 17:21 - 2012-07-25 17:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys[/FONT]
[FONT=Arial]2012-07-20[/FONT][FONT=Arial] 12:58 - 2011-11-04 09:18 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]ZeroAccess:[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\@[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\L[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\L\00000004.@[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\L\201d3dde[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000004.@[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000008.@[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\000000cb.@[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000000.@[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000032.@[/FONT]
[FONT=Arial]C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000064.@[/FONT]
[FONT=Arial] [/FONT]
 
[FONT=Arial]ZeroAccess:[/FONT]
[FONT=Arial]C:\Windows\assembly\GAC_32\Desktop.ini[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]ZeroAccess:[/FONT]
[FONT=Arial]C:\Windows\assembly\GAC_64\Desktop.ini[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Known DLLs (Whitelisted) =================[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Bamital & volsnap Check =================[/FONT]
[FONT=Arial]C:\Windows\System32\winlogon.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\System32\wininit.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\wininit.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\explorer.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\explorer.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\System32\svchost.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\svchost.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.[/FONT]
[FONT=Arial]C:\Windows\System32\User32.dll => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\User32.dll => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\System32\userinit.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\SysWOW64\userinit.exe => MD5 is legit[/FONT]
[FONT=Arial]C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== EXE ASSOCIATION =====================[/FONT]
[FONT=Arial]HKLM\...\.exe: exefile => OK[/FONT]
[FONT=Arial]HKLM\...\exefile\DefaultIcon: %1 => OK[/FONT]
[FONT=Arial]HKLM\...\exefile\open\command: "%1" %* => OK[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Restore Points =========================[/FONT]
[FONT=Arial]Restore point made on: 2012-09-21 13:02:20[/FONT]
[FONT=Arial]Restore point made on: 2012-09-22 14:17:22[/FONT]
[FONT=Arial]Restore point made on: 2012-09-25 23:58:48[/FONT]
[FONT=Arial]Restore point made on: 2012-09-27 23:17:22[/FONT]
[FONT=Arial]Restore point made on: 2012-10-04 23:17:49[/FONT]
[FONT=Arial]Restore point made on: 2012-10-09 23:41:41[/FONT]
[FONT=Arial]Restore point made on: 2012-10-12 12:48:46[/FONT]
[FONT=Arial]Restore point made on: 2012-10-16 03:26:31[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Memory info =========================== [/FONT]
[FONT=Arial]Percentage of memory in use: 19%[/FONT]
[FONT=Arial]Total physical RAM: 3690.9 MB[/FONT]
[FONT=Arial]Available physical RAM: 2967.15 MB[/FONT]
[FONT=Arial]Total Pagefile: 3689.05 MB[/FONT]
[FONT=Arial]Available Pagefile: 2971.83 MB[/FONT]
[FONT=Arial]Total Virtual: 8192 MB[/FONT]
[FONT=Arial]Available Virtual: 8191.91 MB[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================== Partitions =============================[/FONT]
[FONT=Arial]1 Drive c: () (Fixed) (Total:218.39 GB) (Free:109.21 GB) NTFS ==>[System with boot components (obtained from reading drive)][/FONT]
[FONT=Arial]2 Drive e: (RECOVERY) (Fixed) (Total:14.19 GB) (Free:1.39 GB) NTFS ==>[System with boot components (obtained from reading drive)][/FONT]
[FONT=Arial]3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32[/FONT]
[FONT=Arial]5 Drive h: (RENS) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32[/FONT]
[FONT=Arial]6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS[/FONT]
[FONT=Arial]7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)][/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] [/FONT][FONT=Arial]Schfnr. Status Grootte Vrij Dyn GPT[/FONT]
[FONT=Arial] [/FONT][FONT=Arial]-------- ------------- ------- ------- --- ---[/FONT]
[FONT=Arial] Schf 0 Online 232 GB 0 B [/FONT]
[FONT=Arial] Schf 1 Online 3824 MB 0 B [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Partitions of Disk 0:[/FONT]
[FONT=Arial]===============[/FONT]
[FONT=Arial]Schijf 0 is nu de geselecteerde schijf.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] Partitie ### Type Grootte Offset[/FONT]
[FONT=Arial] ------------- ---------------- ------- -------[/FONT]
[FONT=Arial] Partitie 1 Primair 199 MB 1024 KB[/FONT]
[FONT=Arial] Partitie 2 Primair 218 GB 200 MB[/FONT]
[FONT=Arial] Partitie 3 Primair 14 GB 218 GB[/FONT]
[FONT=Arial] Partitie 4 Primair 103 MB 232 GB[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================================================================================[/FONT]
[FONT=Arial]Disk: 0[/FONT]
[FONT=Arial]Schijf 0 is nu de geselecteerde schijf.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Partitie 1[/FONT]
[FONT=Arial]Type : 07[/FONT]
[FONT=Arial]Verborgen: Nee[/FONT]
[FONT=Arial]Actief : Ja[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] Volume ### Ltr Label FS Type Grootte Status Info[/FONT]
[FONT=Arial] ---------- --- ----------- ----- ---------- ------- --------- --------[/FONT]
[FONT=Arial]* volume 1 Y SYSTEM NTFS partitie 199 MB In orde [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]=========================================================[/FONT]
[FONT=Arial]Disk: 0[/FONT]
[FONT=Arial]Schijf 0 is nu de geselecteerde schijf.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Partitie 2[/FONT]
[FONT=Arial]Type : 07[/FONT]
[FONT=Arial]Verborgen: Nee[/FONT]
[FONT=Arial]Actief : Nee[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] Volume ### Ltr Label FS Type Grootte Status Info[/FONT]
[FONT=Arial] ---------- --- ----------- ----- ---------- ------- --------- --------[/FONT]
[FONT=Arial]* volume 2 C NTFS partitie 218 GB In orde [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]=========================================================[/FONT]
[FONT=Arial]Disk: 0[/FONT]
[FONT=Arial]Schijf 0 is nu de geselecteerde schijf.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Partitie 3[/FONT]
[FONT=Arial]Type : 07[/FONT]
[FONT=Arial]Verborgen: Nee[/FONT]
[FONT=Arial]Actief : Nee[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] Volume ### Ltr Label FS Type Grootte Status Info[/FONT]
[FONT=Arial] ---------- --- ----------- ----- ---------- ------- --------- --------[/FONT]
[FONT=Arial]* volume 3 E RECOVERY NTFS partitie 14 GB In orde [/FONT]
[FONT=Arial]=========================================================[/FONT]
[FONT=Arial]Disk: 0[/FONT]
[FONT=Arial]Schijf 0 is nu de geselecteerde schijf.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Partitie 4[/FONT]
[FONT=Arial]Type : 0C[/FONT]
[FONT=Arial]Verborgen: Nee[/FONT]
[FONT=Arial]Actief : Nee[/FONT]
[FONT=Arial] Volume ### Ltr Label FS Type Grootte Status Info[/FONT]
[FONT=Arial] [/FONT][FONT=Arial]---------- --- ----------- ----- ---------- ------- --------- --------[/FONT]
[FONT=Arial]* volume 4 F HP_TOOLS FAT32 partitie 103 MB In orde [/FONT]
[FONT=Arial]=========================================================[/FONT]
[FONT=Arial]Partitions of Disk 1:[/FONT]
[FONT=Arial]===============[/FONT]
[FONT=Arial]Schijf 1 is nu de geselecteerde schijf.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] Partitie ### Type Grootte Offset[/FONT]
[FONT=Arial] ------------- ---------------- ------- -------[/FONT]
[FONT=Arial] Partitie 1 Primair 3820 MB 4032 KB[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]==================================================================================[/FONT]
[FONT=Arial]Disk: 1[/FONT]
[FONT=Arial]Schijf 1 is nu de geselecteerde schijf.[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]Partitie 1[/FONT]
[FONT=Arial]Type : 0B[/FONT]
[FONT=Arial]Verborgen: Nee[/FONT]
[FONT=Arial]Actief : Nee[/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial] Volume ### Ltr Label FS Type Grootte Status Info[/FONT]
[FONT=Arial] ---------- --- ----------- ----- ---------- ------- --------- --------[/FONT]
[FONT=Arial]* volume 5 H RENS FAT32 Verwisselb 3820 MB In orde [/FONT]
[FONT=Arial] [/FONT]
[FONT=Arial]=========================================================[/FONT]
[FONT=Arial]Last Boot: 2012-10-15 14:03[/FONT]
[FONT=Arial]==================== End Of Log =============================[/FONT]

[FONT=Arial]Sorry people, I couldn't post it all in once ![/FONT]
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

FRST Fixlist

Please download attached fixlist.txt below, and save it to your flash drive in the same location as FRST.exe. Make sure it maintains the same name, otherwise the fix will fail.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

Now, please enter System Recovery Options then select Command Prompt.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Now restart, let it boot normally and tell me how it went.
 

Attachments

  • fixlist.txt
    326 bytes · Views: 3
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-10-2012
Ran by SYSTEM at 2012-10-17 09:07:27 Run:1
Running from H:\
==============================================
C:\Windows\Installer\{3a903a99-d5f2-2082-42a7-013fddf456b3} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====

When I rebootet my computer it was okay :). Afer I scanned my computer with AVG it found the virus in C:\FRST\QUARANTINE\SERVICES.EXE

Thanks for helping this far !!
 
"Scan" "Scan whole computer" "was finished."
"Infections", "1", "0", "1"
"To scan selected folders:"; "Scan whole computer"
"Scan started:"; "Wednesday, October 17, 2012, 9:45:16"
"Scan completed:"; "Wednesday, October 17, 2012, 10:01:47 (16 minutes 31 seconds (n))"
"Total objects scanned:"; "1458926"
"User", "Rens"

"Infections"
"", "File", "Infection"; "Result"
"", "C: \ FRST \ Quarantine \ services.exe"; "Virus detected Win64/Patched.A"; "Infected"
 
Good. Now, please do the following to search for more infection...

ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From BleepingComputer.com

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
ComboFix 12-10-16.02 - Rens 17-10-2012 14:54:26.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3691.2322 [GMT 2:00]
Gestart vanuit: c:\users\Rens\Desktop\IEXPLORE.exe.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-17 to 2012-10-17 ))))))))))))))))))))))))))))))
.
.
2012-10-17 13:12 . 2012-10-17 13:12 -------- d-----w- c:\users\Simone\AppData\Local\temp
2012-10-17 13:12 . 2012-10-17 13:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-17 11:21 . 2012-10-17 12:09 -------- d-----w- C:\ComboFix
2012-10-16 23:23 . 2012-10-16 17:13 -------- d-----w- C:\FRST
2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\users\Rens\AppData\Roaming\DriverCure
2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\users\Rens\AppData\Roaming\SpeedyPC Software
2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software
2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\programdata\SpeedyPC Software
2012-10-16 12:30 . 2012-10-16 12:30 -------- d-----w- c:\program files (x86)\SpeedyPC Software
2012-10-16 11:44 . 2012-10-16 11:44 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-10-16 11:41 . 2012-10-16 12:30 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-16 11:40 . 2012-10-16 11:40 -------- d-----w- c:\windows\system32\Macromed
2012-10-16 07:18 . 2012-10-16 07:18 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-10-16 07:18 . 2012-10-16 07:18 -------- d-----w- c:\program files (x86)\VstPlugins
2012-10-16 07:18 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-10-16 07:17 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-10-16 07:17 . 2012-10-16 07:17 -------- d-----w- c:\program files (x86)\Outsim
2012-10-16 07:11 . 2012-10-16 07:17 -------- d-----w- c:\program files (x86)\Image-Line
2012-10-16 07:11 . 2012-10-16 07:11 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-10-16 07:11 . 2012-10-16 07:11 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2012-10-15 13:32 . 2012-10-15 13:36 -------- d-----w- c:\users\Rens\jagexcache
2012-10-10 17:13 . 2012-10-10 17:13 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-10-10 17:06 . 2012-10-10 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-10-09 21:35 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-09 21:35 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 21:35 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-09 21:35 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-09-26 08:00 . 2011-07-20 12:58 44032 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2012-09-26 07:59 . 2012-09-26 07:59 -------- d-----w- c:\program files (x86)\Common Files\Research In Motion
2012-09-26 07:59 . 2012-09-26 07:59 -------- d-----w- c:\program files (x86)\Research In Motion
2012-09-26 06:34 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-22 22:17 . 2012-08-24 10:22 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-09-21 21:04 . 2012-09-21 21:04 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-21 21:04 . 2012-09-21 21:02 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-21 21:03 . 2012-09-21 21:02 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 12:30 . 2011-09-19 17:59 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-10 07:49 . 2011-09-13 17:14 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-21 21:02 . 2011-04-11 12:38 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-04 21:20 . 2012-09-04 21:20 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-24 13:43 . 2012-08-24 13:43 384352 ----a-w- c:\windows\system32\drivers\avgtdia.sys
2012-08-22 18:12 . 2012-09-12 16:15 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-12 16:15 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-12 16:15 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-12 16:15 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-09 21:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-08-02 17:58 . 2012-09-12 16:15 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-08-02 16:57 . 2012-09-12 16:15 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-07-26 01:21 . 2012-07-26 01:21 291680 ----a-w- c:\windows\system32\drivers\avgldx64.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-04 21:20 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll" [2012-09-04 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-23 09:34 220608 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-23 09:34 220608 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-23 09:34 220608 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-04 336384]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-06-06 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-02-10 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2010-12-13 318520]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-04 947808]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2012-02-09 312376]
"ROC_ROC_JULY_P1"="c:\program files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-11-18 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 250808]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-12 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2011-10-28 82048]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-04-12 147248]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-11-12 77952]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-11-12 37504]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-07-26 291680]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-08-24 384352]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-04 31080]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-03-04 203776]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-04 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-07-21 103992]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-05 291896]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2010-12-28 1817088]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-03-04 8283136]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-03-04 295424]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-02-09 31088]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-02-15 335464]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-03-05 436840]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-03-02 1142376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-16 12:30]
.
2012-09-23 c:\windows\Tasks\HPCeeScheduleForRens.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
2012-10-16 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files (x86)\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-10-04 20:42]
.
2012-10-16 c:\windows\Tasks\SpeedyPC Registration3.job
- c:\windows\system32\rundll32.exe [2009-07-13 01:14]
.
2012-10-17 c:\windows\Tasks\SpeedyPC Update Version3 Startup Task.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
2012-10-16 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-10-04 20:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-09-23 09:35 244672 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-09-23 09:35 244672 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-09-23 09:35 244672 ----a-w- c:\users\Rens\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-12-11 02:32 2240000 ----a-w- c:\program files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 6602856]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
.
------- Bijkomende Scan -------
.
uStart Page = https://isearch.avg.com/?cid={980E5...9dbdbcf45&lang=nl&ds=st011&pr=sa&d=2012-03-10 10:32&v=12.2.5.32&sap=hp
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath - c:\users\Rens\AppData\Roaming\Mozilla\Firefox\Profiles\zrrqulb6.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.nl
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bfb96998e-db94-47f2-b55d-1874bb82b13d%7D&mid=72dd1b09cab047d1a068ed906dc3419f-db6a4bde009317d23e94cff9a5f1b209dbdbcf45&ds=st011&v=10.0.0.7&lang=nl&pr=sa&d=2012-03-10%2010%3A32%3A45&sap=ku&q=
.
- - - - ORPHANS VERWIJDERD - - - -
.
URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{17FDB9F8-DCC4-4F6A-AE07-B16018A48469}"=hex:51,66,7a,6c,4c,1d,38,12,96,ba,ee,
13,f6,92,04,0a,d1,11,f2,20,1d,fa,c0,7d
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f6,18,5b,18,3f,26,cd,01
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-10-17 15:18:32
ComboFix-quarantined-files.txt 2012-10-17 13:18
.
Pre-Run: 115.369.357.312 bytes beschikbaar
Post-Run: 115.229.519.872 bytes beschikbaar
.
- - End Of File - - EB2AB227658902CA0FCB61BBCBD4049E
It didn't run very smooth. I had to restart the program about 4 times.
 
ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.

Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death
 
C:\FRST\Quarantine\services.exe Win64/Patched.A.Gen trojan deleted - quarantined
C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000004.@ Win64/Conedex.C trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\000000cb.@ Win64/Conedex.B trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000000.@ Win64/Sirefef.AP trojan cleaned by deleting - quarantined
C:\FRST\Quarantine\{3a903a99-d5f2-2082-42a7-013fddf456b3}\U\80000032.@ probably a variant of Win32/Sirefef.FD trojan cleaned by deleting - quarantined
I had no problems running Eset.
 
Hi there. It all appears to be good, so we will finish up to make sure your computer is protected from malware in the future.

Clean up System Restore

Now, to get you off to a clean start, we will be creating a new Restore Point, then clearing the old ones to make sure you do not get reinfected, in case you need to "restore back."

To manually create a new Restore Point
  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name I.e. Clean
  • Select Create
Now we can purge the infected ones
  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive I.e. C
  • For a few moments the system will make some calculations:
    diskcleanup1.png
  • Select the More Options tab
    moreoptions.png
  • In the System Restore and Shadow Backups select Clean up
    moreoptions2.png
  • Select Delete on the pop up
  • Select OK
  • Select Delete
Run OTC to remove our tools

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:
  • Save it to your Desktop.
  • Double click OTC.exe.
  • Click the CleanUp! button.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.
Note:If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Purge old temporary files

Download CCleaner Slim and save it to your Desktop - Alternate download link

When the file has been saved, go to your Desktop and double-click on ccsetupxxx_slim.exe
Follow the prompts to install the program.

* Double-click the CCleaner shortcut on the desktop to start the program.
* Click on the Options block on the left, then choose Cookies.
* Under Cookies to Delete, highlight any cookies you would like to retain permanently
* Click the right arrow > to move them to the Cookies to Keep window.
* Go into Options > Advanced & uncheck Only delete files in Windows Temp folders older than 48 hours
* Click Cleaner on the left then Run Cleaner on the right to run the program.
* Important: Make sure that ALL browser windows are closed before selecting Run Cleaner

Caution: Only use the Registry feature if you are very familiar with the registry.
Always back up your registry before making any changes. Exit CCleaner after it has completed it's process.

Security Check

Please download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
 
Results of screen317's Security Check version 0.99.51
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Anti-Virus Free Edition 2012
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 30
Java 7 Update 7
Adobe Flash Player 11.4.402.287
Adobe Reader X 10.1.0 Adobe Reader out of Date!
Mozilla Firefox (15.0.1)
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 
Adobe Reader Update!

Please download the newest version of Adobe Acrobat Reader from Adobe.com

Before installing: it is important to remove older versions of Acrobat Reader since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs (Programs and Features in Vista/7).
Search in the list for all previous installed versions of Adobe Acrobat Reader. Uninstall/Remove each of them.

Once old versions are gone, please install the newest version.

Personal Tips on Preventing Malware

See this page for more info about malware and prevention.

Read more about "FAQ: How did Sirefef or ZeroAccess Infect You?"

Any other questions before I mark this topic solved?
 
Status
Not open for further replies.
Back