istage

28 juli 2013

Het probleeem blijft, geen verbeteringen, blijft vastlopen na een poosje, soms snel soms na een poosje.

Moet PC dan hardware matig herstarten.

Zat zelf ook nog te deneken aan een conflict of een fout in het geheugen.

28 juli 2013

Heb de hele procedure nog eens gedaan. Hieronder het logbestand.

ComboFix 13-07-27.01 - Andries 28-07-2013 12:30:49.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.7693.5970 [GMT 2:00]

Gestart vanuit: d:\download\ComboFix.exe

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Voorgaande Run -------

.

c:\users\Andries\AppData\Local\Temp\{53C72472-E2C5-4AA8-BE14-B2BDA7EA8CD5}\fpb.tmp

c:\users\Andries\AppData\Roaming\moka

c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBook.sqlitedb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBookImages.sqlitedb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Calendar.sqlitedb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\call_history.db

c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Info.plist

c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\notes.db

c:\users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\sms.db

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\158x158.ithmb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBook.sqlitedb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBookImages.sqlitedb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748-preview-left.jpg

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748.jpg

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666-preview-left.jpg

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666.jpg

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Calendar.sqlitedb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\call_history.db

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Info.plist

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Manifest.mbdb

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\notes.db

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Photos.sqlite

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\PhotosAux.sqlite

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\sms.db

c:\users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Thumbs.THM

c:\users\Andries\AppData\Roaming\Secure-Soft Stealer

c:\users\Andries\AppData\Roaming\Secure-Soft Stealer\Update.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-28 ))))))))))))))))))))))))))))))

.

2013-07-28 10:33 . 2013-07-28 10:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-27 20:10 . 2013-07-27 20:10 76232 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{522E183B-83AD-4245-B9D1-98EDB466EAD7}\offreg.dll

2013-07-27 18:16 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{522E183B-83AD-4245-B9D1-98EDB466EAD7}\mpengine.dll

2013-07-27 14:51 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-27 14:46 . 2013-07-28 10:33 -------- d-----w- c:\users\Andries\AppData\Local\Temp

2013-07-27 14:46 . 2013-07-27 14:43 24064 ----a-w- c:\windows\zoek-delete.exe

2013-07-27 12:35 . 2013-07-27 12:35 388096 ----a-r- c:\users\Andries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-27 12:35 . 2013-07-27 12:35 -------- d-----w- c:\program files (x86)\Trend Micro

2013-07-26 18:48 . 2013-07-26 18:48 941720 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{410F4D8B-27BC-468F-BC57-76794736708E}\gapaengine.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-27 16:00 . 2011-11-17 14:44 78185248 ----a-w- c:\windows\system32\MRT.exe

2013-06-21 17:50 . 2012-02-10 08:47 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-29 07:46 . 2013-05-29 07:46 204932 ----a-r- c:\windows\SysWow64\MSPOS_USB.dll

2013-05-13 05:51 . 2013-06-21 21:31 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-21 21:31 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-21 21:31 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-21 21:31 52224 ----a-w- c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-21 21:31 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45 . 2013-06-21 21:31 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-21 21:31 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43 . 2013-06-21 21:31 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-21 21:31 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-21 21:31 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-05-10 05:49 . 2013-06-21 21:31 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-21 21:31 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-05-08 06:39 . 2013-06-21 21:31 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]

.

c:\users\Andries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

MailWasherPro.lnk - c:\program files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2011-10-5 5385552]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R1 mcnialzh;mcnialzh;c:\windows\system32\drivers\mcnialzh.sys;c:\windows\SYSNATIVE\drivers\mcnialzh.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam E3500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x]

S2 RtlService;RtlService;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;c:\program files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;c:\program files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys;c:\windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys;c:\windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

.

Inhoud van de 'Gedeelde Taken' map

.

2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:32]

.

2013-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000Core.job

- c:\users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01]

.

2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000UA.job

- c:\users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ----a-w- c:\users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://istage.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.1

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2013-07-28 12:34:13

ComboFix-quarantined-files.txt 2013-07-28 10:34

.

Pre-Run: 66.215.661.568 bytes free

Post-Run: 66.176.737.280 bytes free

.

- - End Of File - - B518AB6D1C612152EAFDC02EC301BB02

D41D8CD98F00B204E9800998ECF8427E

27 juli 2013

ComboFix 13-07-27.01 - Andries 27-07-2013 20:09:41.1.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.7693.5754 [GMT 2:00]

Gestart vanuit: D:\Download\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Users\Andries\AppData\Local\Temp\{53C72472-E2C5-4AA8-BE14-B2BDA7EA8CD5}\fpb.tmp

C:\Users\Andries\AppData\Roaming\moka

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBook.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\AddressBookImages.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Calendar.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\call_history.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\Info.plist

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\notes.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\(Default)\sms.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\158x158.ithmb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBook.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\AddressBookImages.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748-preview-left.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\341814AB-9B15-4B08-8D70-0146A6BE2222\IMG_5748.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666-preview-left.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Attachments\44F9522B-9106-4A25-8FD4-8A2F3BCF2168\IMG_3666.jpg

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Calendar.sqlitedb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\call_history.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Info.plist

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Manifest.mbdb

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\notes.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Photos.sqlite

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\PhotosAux.sqlite

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\sms.db

C:\Users\Andries\AppData\Roaming\moka\iTwin\data\2012-06-15 10.21 (iPhone van Andries via iTunes)\Thumbs.THM

C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer

C:\Users\Andries\AppData\Roaming\Secure-Soft Stealer\Update.exe

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-27 to 2013-07-27 ))))))))))))))))))))))))))))))

2013-07-27 18:12:07 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Default\AppData\Local\temp

2013-07-27 14:51:31 . 2013-07-02 08:34:27 9460976 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-07-27 14:46:27 . 2013-07-27 18:12:07 -------- d-----w- C:\Users\Andries\AppData\Local\Temp

2013-07-27 14:46:27 . 2013-07-27 14:43:39 24064 ----a-w- C:\Windows\zoek-delete.exe

2013-07-27 12:35:19 . 2013-07-27 12:35:20 388096 ----a-r- C:\Users\Andries\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-27 12:35:19 . 2013-07-27 12:35:19 -------- d-----w- C:\Program Files (x86)\Trend Micro

2013-07-26 18:48:53 . 2013-07-26 18:48:20 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{410F4D8B-27BC-468F-BC57-76794736708E}\gapaengine.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-07-27 16:00:23 . 2011-11-17 14:44:45 78185248 ----a-w- C:\Windows\system32\MRT.exe

2013-06-21 17:50:04 . 2012-02-10 08:47:58 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-05-29 07:46:52 . 2013-05-29 07:46:52 204932 ----a-r- C:\Windows\SysWow64\MSPOS_USB.dll

2013-05-13 05:51:01 . 2013-06-21 21:31:05 184320 ----a-w- C:\Windows\system32\cryptsvc.dll

2013-05-13 05:51:00 . 2013-06-21 21:31:05 1464320 ----a-w- C:\Windows\system32\crypt32.dll

2013-05-13 05:51:00 . 2013-06-21 21:31:05 139776 ----a-w- C:\Windows\system32\cryptnet.dll

2013-05-13 05:50:40 . 2013-06-21 21:31:05 52224 ----a-w- C:\Windows\system32\certenc.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 . 2013-06-21 21:31:05 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 . 2013-06-21 21:31:05 1192448 ----a-w- C:\Windows\system32\certutil.exe

2013-05-13 03:08:10 . 2013-06-21 21:31:05 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 . 2013-06-21 21:31:05 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 . 2013-06-21 21:31:12 30720 ----a-w- C:\Windows\system32\cryptdlg.dll

2013-05-10 03:20:54 . 2013-06-21 21:31:12 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 . 2013-06-21 21:31:11 1910632 ----a-w- C:\Windows\system32\drivers\tcpip.sys

2013-05-02 15:29:56 . 2010-11-21 03:27:21 278800 ------w- C:\Windows\system32\MpSigStub.exe

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 130736 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 09:10:12 284440]

C:\Users\Andries\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - C:\Users\Andries\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]

MailWasherPro.lnk - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe -nosplash [2011-10-5 5385552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

R1 mcnialzh;mcnialzh;C:\Windows\system32\drivers\mcnialzh.sys;C:\Windows\SYSNATIVE\drivers\mcnialzh.sys [x]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]

R3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys;C:\Windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 ewusbnet;HUAWEI USB-NDIS miniport;C:\Windows\system32\DRIVERS\ewusbnet.sys;C:\Windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]

R3 hwusbfake;Huawei DataCard USB Fake;C:\Windows\system32\DRIVERS\ewusbfake.sys;C:\Windows\SYSNATIVE\DRIVERS\ewusbfake.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech QuickCam E3500(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys;C:\Windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]

R3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys;C:\Windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]

R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys;C:\Windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe;C:\Program Files\Microsoft Security Client\NisSrv.exe [x]

R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys;C:\Windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe;C:\Windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys;C:\Windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]

S2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x]

S2 RtlService;RtlService;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe;C:\Program Files (x86)\Sitecom\300N USB Wireless LAN Utility\RtlService.exe [x]

S2 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]

S2 VMCService;Vodafone Mobile Connect Service;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe;C:\Program Files (x86)\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [x]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys;C:\Windows\SYSNATIVE\Drivers\EtronHub3.sys [x]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys;C:\Windows\SYSNATIVE\Drivers\EtronXHCI.sys [x]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys;C:\Windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys;C:\Windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]

Inhoud van de 'Gedeelde Taken' map

2013-07-27 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 07:32:25 . 2012-04-19 07:32:25]

2013-07-26 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000Core.job

- C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01:51 . 2011-11-30 15:01:50]

2013-07-27 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2153816164-651254337-1067588528-1000UA.job

- C:\Users\Andries\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-30 15:01:51 . 2011-11-30 15:01:50]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36:40 164016 ----a-w- C:\Users\Andries\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe" [2013-01-27 10:34:16 1281512]

"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-12-14 01:42:14 172144]

"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-12-14 01:42:10 399984]

"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-12-14 01:42:14 441968]

------- Bijkomende Scan -------

uLocal Page = C:\Windows\system32\blank.htm

uStart Page = hxxp://istage.nl/

mLocal Page = C:\Windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

27 juli 2013