hoe secure.bidvertiser.com verwijderen

[HPc]

Ja ik heb ACDSee inderdaad verwijderd.

Bovenstaande opdracht is niet gelukt, omdat de antivirusscan op stand. Mag ik deze herhalen?

Log inhoud:

ComboFix 12-03-13.01 - Pela 15/03/2012 15:48:57.7.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.1911.798 [GMT 1:00]

Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Aanwezig AV is actief

.

.

FILE ::

"c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-15 to 2012-03-15 ))))))))))))))))))))))))))))))

.

.

2012-03-15 14:58 . 2012-03-15 14:58 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-14 15:56 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 15:56 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 13:28 . 2012-03-14 13:28 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2012-03-14 12:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:15 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:14 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 12:14 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:14 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:14 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:14 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 09:01 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3BA3B933-7B70-4D3E-A24E-049E3BD621FD}\mpengine.dll

2012-03-12 15:38 . 2012-03-12 15:38 -------- d-----w- c:\windows\system32\SPReview

2012-03-11 22:43 . 2012-03-15 14:48 -------- d-----w- C:\QUARANTINE

2012-03-11 22:29 . 2008-09-29 07:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll

2012-03-11 22:29 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-03-11 22:29 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-03-11 22:29 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-11 22:29 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-03-11 22:29 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-03-11 22:29 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-03-11 22:29 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-03-11 22:28 . 2012-03-11 22:28 -------- d-----w- c:\program files\Common Files\McAfee

2012-03-11 22:18 . 2012-03-11 22:28 -------- d-----w- c:\program files\McAfee

2012-03-11 22:18 . 2012-03-11 22:18 -------- d-----w- c:\program files\Common Files\Cisco Systems

2012-03-10 21:14 . 2012-03-10 21:14 -------- d-----w- c:\program files\CCleaner

2012-03-08 23:05 . 2012-03-15 14:58 -------- d-----w- c:\users\Pela\AppData\Local\temp

2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur

2012-03-06 12:26 . 2010-11-20 03:30 53120 ----a-w- c:\windows\system32\drivers\termdd.sys

2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java

2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders

2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe

2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp

2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro

2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro

2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems

2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems

2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems

2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations

2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software

2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software

2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent

2012-02-14 22:56 . 2011-12-14 02:50 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-14 22:56 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-02-14 22:56 . 2011-12-14 03:04 1798656 ----a-w- c:\windows\system32\jscript9.dll

2012-02-14 22:56 . 2011-12-14 02:57 1127424 ----a-w- c:\windows\system32\wininet.dll

2012-02-14 22:56 . 2011-12-14 02:54 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-02-14 22:55 . 2011-12-14 02:59 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll

2012-02-14 22:55 . 2011-12-14 02:56 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-14 21:29 . 2011-12-30 05:27 478720 ----a-w- c:\windows\system32\timedate.cpl

2012-02-14 21:29 . 2011-12-16 07:52 690688 ----a-w- c:\windows\system32\msvcrt.dll

2012-02-14 21:29 . 2012-01-04 08:58 442880 ----a-w- c:\windows\system32\ntshrui.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-12 15:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2008-09-29 07:07 . 2012-03-11 22:29 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]

"FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07]

.

2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.bing.com/

TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.032"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.abr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ani"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.apd"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.arw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bay"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.bmp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.bw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cr2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.crw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cs1"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.cur"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dcx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.dib"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.djv"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.djvu"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.dng"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.emf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.eps"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.erf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fff"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.fpx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.gif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.hdr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icl"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.icn"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iff"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ilbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.int"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.inta"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.iw4"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2c"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.j2k"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jbr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jfif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jp2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpc"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jpe"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jpeg"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.jpg"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpk"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.jpx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.kdc"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.lbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mef"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mos"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.mrw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nef"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.nrw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.orf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pbr"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcd"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pct"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pcx"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pef"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pgm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pic"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pict"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pix"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.png"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ppm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psd"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.psp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspbrush"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.pspimage"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ras"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.raw"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgb"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rgba"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rle"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rsb"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rw2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.rwl"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sgi"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.sr2"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.srf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.tga"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.thm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.tif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (LocalSystem)

@Denied: (2) (S-1-5-21-2062663584-2361553994-830336109-1000)

"Progid"="ACDSee Pro 3.tiff"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttc"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.ttf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wbmp"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.wmf"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xbm"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xif"

.

[HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 3.xpm"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-03-15 16:01:15

ComboFix-quarantined-files.txt 2012-03-15 15:01

ComboFix2.txt 2012-03-14 15:46

ComboFix3.txt 2012-03-14 13:17

ComboFix4.txt 2012-03-09 20:23

.

Pre-Run: 183.316.680.704 bytes beschikbaar

Post-Run: 183.037.063.168 bytes beschikbaar

.

- - End Of File - - DD0D802C08228149643D48DAA1E90838

[kweezie wabbit]

Open het bestand CFScript.txt

Vervang de tekst daarin door onderstaande vetgedrukte tekst.

File::

c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

Firefox::

FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Registry::

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NEF\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.THM\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

[-HKEY_USERS\S-1-5-21-2062663584-2361553994-830336109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

Bewaar het bestand en sluit het kladblok

Herstart de pc in veilige modus.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Indien geen herstart gevraagd wordt, herstart dan zelf de pc in normale modus.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

[HPc]

ComboFix 12-03-13.01 - Pela 17/03/2012 11:35:15.8.4 - x86 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.1911.991 [GMT 1:00]

Gestart vanuit: c:\users\Pela\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Pela\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

FILE ::

"c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-17 to 2012-03-17 ))))))))))))))))))))))))))))))

.

.

2012-03-17 10:40 . 2012-03-17 10:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-16 13:36 . 2012-02-20 00:05 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EC1C82E0-B5D9-48A4-97C3-13EDC9C52770}\mpengine.dll

2012-03-14 15:56 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-14 15:56 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 13:28 . 2012-03-14 13:28 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2012-03-14 12:15 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 12:15 . 2012-02-03 03:54 2343424 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 12:14 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-14 12:14 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-14 12:14 . 2012-02-17 04:14 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-14 12:14 . 2012-01-25 05:32 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-14 12:14 . 2012-01-25 05:27 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-14 12:14 . 2012-01-25 05:32 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-12 15:38 . 2012-03-12 15:38 -------- d-----w- c:\windows\system32\SPReview

2012-03-11 22:43 . 2012-03-15 14:48 -------- d-----w- C:\QUARANTINE

2012-03-11 22:29 . 2008-09-29 07:07 22576 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll

2012-03-11 22:29 . 2008-09-29 07:07 90360 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-03-11 22:29 . 2008-09-29 07:07 74648 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-03-11 22:29 . 2008-09-29 07:07 67904 ----a-w- c:\windows\system32\mfevtps.exe

2012-03-11 22:29 . 2008-09-29 07:07 64432 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-03-11 22:29 . 2008-09-29 07:07 62704 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2012-03-11 22:29 . 2008-09-29 07:07 42424 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2012-03-11 22:29 . 2008-09-29 07:07 340592 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-03-11 22:28 . 2012-03-11 22:28 -------- d-----w- c:\program files\Common Files\McAfee

2012-03-11 22:18 . 2012-03-11 22:28 -------- d-----w- c:\program files\McAfee

2012-03-11 22:18 . 2012-03-11 22:18 -------- d-----w- c:\program files\Common Files\Cisco Systems

2012-03-10 21:14 . 2012-03-10 21:14 -------- d-----w- c:\program files\CCleaner

2012-03-08 23:05 . 2012-03-17 10:40 -------- d-----w- c:\users\Pela\AppData\Local\temp

2012-03-08 15:16 . 2012-03-08 15:16 -------- d-----w- c:\windows\CheckSur

2012-03-06 12:26 . 2010-11-20 03:30 53120 ----a-w- c:\windows\system32\drivers\termdd.sys

2012-03-03 22:36 . 2012-03-03 22:36 637848 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-03-03 22:36 . 2012-03-03 22:36 -------- d-----w- c:\program files\Java

2012-03-02 15:49 . 2012-03-02 15:49 -------- d-----w- c:\windows\system32\EventProviders

2012-03-01 16:24 . 2012-03-01 16:24 388096 ----a-r- c:\users\Pela\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-29 16:42 . 2012-03-01 21:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-27 17:28 . 2012-02-27 17:28 -------- d-----w- c:\program files\Common Files\Adobe

2012-02-23 18:48 . 2012-02-23 18:48 -------- d-----w- C:\temp

2012-02-23 18:37 . 2012-02-23 18:37 -------- d-----w- c:\users\Pela\AppData\Local\Trend Micro

2012-02-23 18:26 . 2012-03-02 20:48 -------- d-----w- c:\program files\Trend Micro

2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Local\ACD Systems

2012-02-21 16:24 . 2012-02-21 16:24 -------- d-----w- c:\users\Pela\AppData\Roaming\ACD Systems

2012-02-21 16:22 . 2012-02-23 22:00 -------- d-----w- c:\program files\Common Files\ACD Systems

2012-02-21 16:21 . 2012-02-21 16:21 -------- d-----w- c:\users\Pela\AppData\Local\Downloaded Installations

2012-02-21 16:10 . 2012-02-21 16:10 -------- d-----w- c:\users\Pela\AppData\Roaming\TuneUp Software

2012-02-21 16:09 . 2012-02-21 16:11 -------- d-----w- c:\programdata\TuneUp Software

2012-02-21 16:07 . 2012-03-03 20:03 -------- d-----w- c:\users\Pela\AppData\Roaming\uTorrent

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-12 15:34 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll

2012-03-03 22:36 . 2011-10-19 15:56 567696 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-03 19:58 . 2011-10-16 16:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2010-11-10 17:36 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-04 08:58 . 2012-02-14 21:29 442880 ----a-w- c:\windows\system32\ntshrui.dll

2011-12-30 05:27 . 2012-02-14 21:29 478720 ----a-w- c:\windows\system32\timedate.cpl

2011-09-29 07:28 . 2011-10-16 12:22 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2008-09-29 07:07 . 2012-03-11 22:29 22576 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-14_13.10.32 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-03-14 12:14 . 2012-01-25 13:49 58880 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpwsx.dll

+ 2012-03-14 12:14 . 2012-01-25 05:32 58880 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpwsx.dll

+ 2012-03-14 12:14 . 2012-01-25 05:38 57856 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpwsx.dll

+ 2012-03-14 12:14 . 2012-01-25 05:44 57856 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpwsx.dll

+ 2012-03-14 12:14 . 2012-02-17 04:09 24576 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.21924_none_de3273e8bc1f0f12\tdtcp.sys

+ 2012-03-14 12:14 . 2012-02-17 04:13 24576 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7601.17779_none_dd77c70da3257c89\tdtcp.sys

+ 2012-03-14 12:14 . 2012-02-17 04:16 24064 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.21151_none_dc287c7cbf13e10f\tdtcp.sys

+ 2012-03-14 12:14 . 2012-02-15 04:22 24064 c:\windows\winsxs\x86_microsoft-windows-t..es-transportdrivers_31bf3856ad364e35_6.1.7600.16963_none_db963837a5fc5ca2\tdtcp.sys

+ 2010-09-05 13:43 . 2012-03-16 18:09 61530 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 04:55 . 2012-03-14 12:11 38828 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2012-03-17 10:24 38828 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-10-06 18:36 . 2012-03-15 21:15 18288 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2062663584-2361553994-830336109-1000_UserData.bin

+ 2009-07-14 04:50 . 2012-03-17 10:23 86016 c:\windows\System32\DriverStore\infpub.dat

- 2009-07-14 04:50 . 2012-03-14 12:11 86016 c:\windows\System32\DriverStore\infpub.dat

+ 2012-03-17 10:32 . 2012-03-17 10:32 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-03-13 23:28 . 2012-03-13 23:28 14189 c:\windows\System32\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2010-09-30 09:59 . 2012-03-14 12:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-09-30 09:59 . 2012-03-17 10:26 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-30 09:59 . 2012-03-14 12:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-30 09:59 . 2012-03-17 10:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:41 . 2012-03-14 12:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:41 . 2012-03-17 10:26 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:34 . 2012-03-17 10:26 94000 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-03-14 13:28 . 2012-03-14 13:28 61457 c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP\WiseCustomCalla.dll

+ 2012-03-14 12:14 . 2012-01-25 13:42 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.21907_none_9cb016ace2622726\rdrmemptylst.exe

+ 2012-03-14 12:14 . 2012-01-25 05:27 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7601.17767_none_9be59873c97531db\rdrmemptylst.exe

+ 2012-03-14 12:14 . 2012-01-25 05:33 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.21136_none_9aa81fd4e5552bd1\rdrmemptylst.exe

+ 2012-03-14 12:14 . 2012-01-25 05:40 8192 c:\windows\winsxs\x86_microsoft-windows-t..instationextensions_31bf3856ad364e35_6.1.7600.16952_none_9a0509e7cc4b2b4b\rdrmemptylst.exe

+ 2012-03-17 10:33 . 2012-03-17 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-14 12:09 . 2012-03-14 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-14 12:09 . 2012-03-14 12:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-17 10:33 . 2012-03-17 10:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-03-14 12:14 . 2012-02-17 04:16 152064 c:\windows\winsxs\x86_microsoft-windows-t..s-rdp-displaydriver_31bf3856ad364e35_6.1.7600.21151_none_e5081a03cf558ee4\rdpdd.dll

+ 2012-03-14 12:14 . 2012-01-25 13:49 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.21907_none_a6460977573d9d2a\rdpcorekmts.dll

+ 2012-03-14 12:14 . 2012-01-25 05:32 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7601.17767_none_a57b8b3e3e50a7df\rdpcorekmts.dll

+ 2012-03-14 12:14 . 2012-01-25 05:38 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.21136_none_a43e129f5a30a1d5\rdpcorekmts.dll

+ 2012-03-14 12:14 . 2012-01-25 05:44 129536 c:\windows\winsxs\x86_microsoft-windows-t..extensions-binaries_31bf3856ad364e35_6.1.7600.16952_none_a39afcb24126a14f\rdpcorekmts.dll

+ 2012-03-14 12:14 . 2012-02-17 04:09 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.21924_none_4dfbc4c44c6a5495\rdpwd.sys

+ 2012-03-14 12:14 . 2012-02-17 04:14 183808 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17779_none_4d4117e93370c20c\rdpwd.sys

+ 2012-03-14 12:14 . 2012-02-17 04:16 178176 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.21151_none_4bf1cd584f5f2692\rdpwd.sys

+ 2012-03-14 12:14 . 2012-02-15 04:22 177152 c:\windows\winsxs\x86_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_4b5f89133647a225\rdpwd.sys

+ 2012-03-14 12:14 . 2012-02-17 05:30 826880 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7601.21924_none_bd9532d96d928465\rdpcore.dll

+ 2012-03-14 12:14 . 2012-02-17 05:34 826880 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7601.17779_none_bcda85fe5498f1dc\rdpcore.dll

+ 2012-03-14 12:14 . 2012-02-17 05:43 827904 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7600.21151_none_bb8b3b6d70875662\rdpcore.dll

+ 2012-03-14 12:14 . 2012-02-15 05:44 826368 c:\windows\winsxs\x86_microsoft-windows-t..-collaboration-core_31bf3856ad364e35_6.1.7600.16963_none_baf8f728576fd1f5\rdpcore.dll

+ 2012-03-14 12:14 . 2012-02-17 05:30 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.21924_none_321467207f36f8cc\rdpcorets.dll

+ 2012-03-14 12:14 . 2012-02-17 05:34 919040 c:\windows\winsxs\x86_microsoft-windows-r..s-regkeys-component_31bf3856ad364e35_6.1.7601.17779_none_3159ba45663d6643\rdpcorets.dll

+ 2012-03-14 12:15 . 2012-02-10 05:35 218624 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.21148_none_50b7946823e04aa2\d3d10_1core.dll

+ 2012-03-14 12:15 . 2012-02-10 05:35 161792 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.21148_none_50b7946823e04aa2\d3d10_1.dll

+ 2012-03-14 12:15 . 2012-02-10 05:41 218624 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16961_none_50117d9d0ad8fe17\d3d10_1core.dll

+ 2012-03-14 12:15 . 2012-02-10 05:41 161792 c:\windows\winsxs\x86_microsoft-windows-directx-direct3d10.1_31bf3856ad364e35_6.1.7600.16961_none_50117d9d0ad8fe17\d3d10_1.dll

+ 2012-03-14 12:15 . 2012-02-10 05:35 739840 c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_6.1.7600.21148_none_a82afdc6d63f2cda\d2d1.dll

+ 2012-03-14 12:15 . 2012-02-10 05:41 739840 c:\windows\winsxs\x86_microsoft-windows-d2d_31bf3856ad364e35_6.1.7600.16961_none_a784e6fbbd37e04f\d2d1.dll

+ 2010-10-11 18:14 . 2012-03-16 21:04 343674 c:\windows\System32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 08:27 . 2012-03-14 14:04 723522 c:\windows\System32\perfh013.dat

- 2009-07-14 08:27 . 2012-03-12 18:54 723522 c:\windows\System32\perfh013.dat

- 2009-07-14 08:27 . 2012-03-12 18:54 142422 c:\windows\System32\perfc013.dat

+ 2009-07-14 08:27 . 2012-03-14 14:04 142422 c:\windows\System32\perfc013.dat

+ 2009-07-14 04:33 . 2012-03-14 16:33 293456 c:\windows\System32\FNTCACHE.DAT

- 2009-07-14 04:33 . 2012-03-12 16:18 293456 c:\windows\System32\FNTCACHE.DAT

- 2009-07-14 04:50 . 2012-03-14 12:11 143360 c:\windows\System32\DriverStore\infstrng.dat

+ 2009-07-14 04:50 . 2012-03-17 10:23 143360 c:\windows\System32\DriverStore\infstrng.dat

+ 2009-07-14 04:50 . 2012-03-17 10:23 143360 c:\windows\System32\DriverStore\infstor.dat

- 2009-07-14 04:50 . 2012-03-14 12:11 143360 c:\windows\System32\DriverStore\infstor.dat

+ 2009-07-14 04:47 . 2012-03-17 10:32 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:47 . 2012-03-13 23:28 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-03-14 12:15 . 2012-02-03 04:13 2351104 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.21914_none_bb84862311e67a0a\win32k.sys

+ 2012-03-14 12:15 . 2012-02-03 03:54 2343424 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7601.17772_none_bab80755f8fb5211\win32k.sys

+ 2012-03-14 12:15 . 2012-02-03 03:53 2350592 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.21143_none_b97c8f4b14d97eb5\win32k.sys

+ 2012-03-14 12:15 . 2012-02-03 04:01 2341376 c:\windows\winsxs\x86_microsoft-windows-win32k_31bf3856ad364e35_6.1.7600.16957_none_b8ec4b99fbc02cf6\win32k.sys

+ 2012-03-14 15:56 . 2011-11-19 11:11 3916656 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe

+ 2012-03-14 15:56 . 2011-11-19 11:11 3971440 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe

+ 2012-03-14 15:56 . 2011-11-19 14:50 3913584 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe

+ 2012-03-14 15:56 . 2011-11-19 14:50 3968368 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe

+ 2012-03-14 15:56 . 2011-11-19 11:24 3915632 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntoskrnl.exe

+ 2012-03-14 15:56 . 2011-11-19 11:24 3971440 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.21094_none_6c8465f92e9d6f42\ntkrnlpa.exe

+ 2012-03-14 15:56 . 2011-11-19 14:25 3902320 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntoskrnl.exe

+ 2012-03-14 15:56 . 2011-11-19 14:25 3957616 c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7600.16917_none_6c547330153c05da\ntkrnlpa.exe

+ 2012-03-14 12:15 . 2012-02-10 05:35 1170944 c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.21148_none_eaf1bae6d0fa9229\d3d10warp.dll

+ 2012-03-14 12:15 . 2012-02-10 05:41 1170944 c:\windows\winsxs\x86_microsoft-windows-directx-warp10_31bf3856ad364e35_6.1.7600.16961_none_ea4ba41bb7f3459e\d3d10warp.dll

+ 2012-03-14 12:15 . 2012-02-10 05:27 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.21920_none_d51faa7676da7693\DWrite.dll

+ 2012-03-14 12:15 . 2012-02-10 05:38 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7601.17776_none_d465fde55ddffd61\DWrite.dll

+ 2012-03-14 12:15 . 2012-02-10 05:35 1077248 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.21148_none_d32b862479bd435c\DWrite.dll

+ 2012-03-14 12:15 . 2012-02-10 05:41 1074176 c:\windows\winsxs\x86_microsoft-windows-directwrite_31bf3856ad364e35_6.1.7600.16961_none_d2856f5960b5f6d1\DWrite.dll

- 2009-07-14 04:34 . 2012-03-13 14:37 7113772 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:34 . 2012-03-14 16:36 7113772 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-09-12 19:58 . 2012-03-14 15:58 6116196 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-12288.dat

+ 2010-11-15 16:38 . 2012-03-14 15:57 54215544 c:\windows\System32\MRT.exe

+ 2010-10-19 19:47 . 2012-03-17 10:32 32306807 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-8192.dat

+ 2011-11-02 01:11 . 2012-03-17 10:33 47497476 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2062663584-2361553994-830336109-1000-4096.dat

+ 2011-05-18 20:04 . 2012-03-14 15:56 150572603 c:\windows\winsxs\ManifestCache\a786a517e28d5687_blobs.bin

.

-- Snapshot teruggezet naar huidige datum --

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-01-08 1602856]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-04-07 495708]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-21 136216]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-21 171032]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-21 169496]

"FreeFallProtection"="c:\program files\STMicroelectronics\Accelerometer\FF_Protection.exe" [2009-07-22 2384896]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-09-05 5249024]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]

"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-14 50472]

"DBRMTray"="c:\dell\DBRM\Reminder\DbrmTrayIcon.exe" [2010-05-20 206336]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

.

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_f39a6924a795ad94\aestsrv.exe [2009-03-03 81920]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

R2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\Accelerometer\InstallFilterService.exe [2009-11-30 60928]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904]

R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;c:\program files\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-11-04 2320920]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]

R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 136176]

R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-27 125696]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-08-10 171520]

R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-05 277536]

R3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

R3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

R3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-06 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

S0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdflt.sys [2009-11-27 16176]

S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-12-03 41648]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07]

.

2012-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-06 19:07]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.bing.com/

TCP: DhcpNameServer = 193.74.208.65 194.119.228.67 192.168.1.1

FF - ProfilePath - c:\users\Pela\AppData\Roaming\Mozilla\Firefox\Profiles\9ndw5now.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-03-17 11:41:11

ComboFix-quarantined-files.txt 2012-03-17 10:41

ComboFix2.txt 2012-03-15 15:01

ComboFix3.txt 2012-03-14 15:46

ComboFix4.txt 2012-03-14 13:17

ComboFix5.txt 2012-03-17 10:34

.

Pre-Run: 182.754.869.248 bytes beschikbaar

Post-Run: 182.615.654.400 bytes beschikbaar

.

- - End Of File - - 6E28546B36A54A6009FB3A67E08AA310

[kweezie wabbit]

ACDSee is opgeruimd maar de rest wil blijkbaar niet lukken

Kan je het vetgedrukte bestand/map verwijderen c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

Kijk eens bij de firefox extensies of daar misschien nog iets van babylon tussen staat en verwijder het dan.

[HPc]

Ik heb de map kunnen verwijderen. Er zijn geen extensies van babylon in firefox.

---------- Post toegevoegd om 11:28 ---------- Vorige post was om 11:14 ----------

In internet explorer zit onder "zoeken" (vergrootglas) in de adresbalk ook "search the web babylon" . Ik weet niet hoe ik deze kan verwijderen.

[kweezie wabbit]

OK.

Welke versie van firefox gebruik je?

[HPc]

Firefox 7.0.1

[kweezie wabbit]

Ondertussen zitten we al aan Firefox 11.0

In internet explorer zit onder "zoeken" (vergrootglas) in de adresbalk ook "search the web babylon" . Ik weet niet hoe ik deze kan verwijderen.

Open internet explorer

Klik op het neerwaartse pijltje naast het vergrootglas en kies voor beheer zoekmachines (laatste optie in het lijstje)

Selecteer nu de babylon en klik dan rechts onderaan op verwijderen.

Terwijl je nu toch bezig bent, kijk ook de andere na en verwijder de ongewenste zoekmachines.

Bij Firefox kan je op gelijkaardige wijze ongewenste zoekmachines verwijderen.

Het neerwaartse pijltje staat hier echter vooraan en niet achteraan bij het vergrootglas.

19 maart 2012 aangepast door kweezie wabbit

[HPc]

OK Dit is allemaal gelukt.

[kweezie wabbit]

En hoe staat het nu met de problemen?

Nog ergens last van (buiten hoofdpijn )