windows safe mode: internet snel, windows normal mode: internet traag

Edward Glyver · 26 juni 2012

Nee, ik had Office ook aangeschaft, op onze andere laptop. We hadden betaald voor zo'n voorgeinstalleerde versie, maar na een herinstallatie hadden we geen code meer om te activeren (bellen met de leverancier hielp ook niet). Ik had geen zin om twee keer te betalen voor hetzelfde product. Als we de sleutel nog hadden, had ik office ook op deze laptop legaal geinstalleerd (zo'n sleutel werkt toch voor meerdere pc's?). Het is weliswaar niet legaal, maar ik vind het ook niet oneerlijk wat ik heb gedaan. Maar goed, dat ding stond hier al een half jaar op, kan het zo zijn dat ie nu besluit om kwaadaardig te zijn?

kape · 26 juni 2012

Malwarebytes heeft behoorlijk wat rommel opgeruimd en logje HijackThis ziet er nu netjes uit. Dan mag je het volgende doen :

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

clarkie · 7 juli 2012

Dag Edward,

Lukt het niet om bericht 12 uit te voeren?

Edward Glyver · 7 juli 2012

Mijn excuses, door mijn scriptie heb ik geen tijd gehad om combofix uit te voeren. Ik zal dit zo snel mogelijk doen en hierop posten. Nogmaals bedankt dat u meedenkt.

Edward Glyver · 7 juli 2012

Hierbij de inhoud van het logbestand:

ComboFix 12-07-07.04 - Fuad Yusibov 07-07-2012 23:42:07.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3990.2089 [GMT 2:00]

Gestart vanuit: C:\Users\Fuad Yusibov\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files (x86)\StartSearch plugin

C:\Program Files (x86)\StartSearch plugin\IEhelperActiveX.dll

C:\Program Files (x86)\StartSearch plugin\StartBar.dll

C:\Program Files (x86)\StartSearch plugin\uninst.exe

C:\Program Files (x86)\StartSearch plugin\vshareplg.crx

C:\ProgramData\Roaming

C:\Users\Fuad Yusibov\AppData\Local\TempDIR

C:\Windows\SysWow64\muzapp.exe

C:\Windows\SysWOW64mfc45.dll

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-07 to 2012-07-07 ))))))))))))))))))))))))))))))

2012-07-07 21:50:44 . 2012-07-07 21:50:44 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp

2012-07-07 21:50:44 . 2012-07-07 21:50:44 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-07-07 21:35:40 . 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\system32\qdvd.dll

2012-07-07 21:35:40 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-07-07 19:30:53 . 2012-07-07 19:35:52 -------- d-----w- C:\ProgramData\PCPitstop

2012-07-07 19:30:52 . 2012-07-07 19:30:56 -------- d-----w- C:\Program Files (x86)\PCPitstop

2012-07-07 15:50:42 . 2012-07-07 15:50:42 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery

2012-07-06 08:08:37 . 2012-06-18 01:12:50 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8DACD813-DD1B-4E96-90B5-17A5F902C6F9}\mpengine.dll

2012-07-05 16:21:38 . 2012-07-05 16:26:29 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Roaming\Norton Utilities

2012-06-29 15:49:11 . 2012-06-29 15:49:11 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Roaming\Quantitative Micro Software

2012-06-29 15:48:26 . 2001-09-04 23:14:42 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll

2012-06-29 15:48:26 . 2001-09-04 23:13:42 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll

2012-06-29 15:48:26 . 2001-09-04 22:18:34 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\IScript.dll

2012-06-29 15:48:25 . 2001-09-04 23:18:52 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll

2012-06-29 15:47:50 . 2003-10-29 09:00:14 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe

2012-06-26 10:26:36 . 2012-06-26 10:26:36 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Roaming\Malwarebytes

2012-06-26 10:26:14 . 2012-06-26 10:26:16 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-26 10:26:14 . 2012-06-26 10:26:14 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-26 10:26:14 . 2012-04-04 13:56:40 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-06-25 22:38:28 . 2012-06-25 22:38:28 388096 ----a-r- C:\Users\Fuad Yusibov\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-25 22:38:28 . 2012-06-25 22:38:28 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-06-25 21:19:27 . 2012-06-25 21:19:27 -------- d-----w- C:\Program Files (x86)\Common Files\Java

2012-06-25 21:19:00 . 2012-06-25 21:19:00 -------- d-----w- C:\Program Files (x86)\Oracle

2012-06-25 21:16:51 . 2012-06-25 21:16:51 -------- d-----w- C:\Program Files (x86)\Java

2012-06-25 20:35:37 . 2012-07-06 08:24:34 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-06-25 20:00:51 . 2012-06-25 20:00:51 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab

2012-06-25 17:27:28 . 2012-06-25 17:27:28 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Roaming\Macrovision

2012-06-25 17:02:57 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll

2012-06-25 17:02:57 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe

2012-06-25 17:02:57 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll

2012-06-25 17:02:57 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll

2012-06-25 17:02:42 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll

2012-06-25 17:02:42 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll

2012-06-25 17:02:42 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll

2012-06-25 17:02:30 . 2012-06-02 13:19:42 186752 ----a-w- C:\Windows\system32\wuwebv.dll

2012-06-25 17:02:30 . 2012-06-02 13:15:12 36864 ----a-w- C:\Windows\system32\wuapp.exe

2012-06-23 13:51:12 . 2012-06-23 13:51:12 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Roaming\Leadertech

2012-06-23 13:49:46 . 2012-06-25 11:54:27 -------- d-----w- C:\ProgramData\Logishrd

2012-06-23 13:49:14 . 2012-06-23 13:51:16 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Roaming\Logitech

2012-06-23 13:49:14 . 2012-06-23 13:49:23 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Roaming\Logishrd

2012-06-21 19:23:12 . 2012-06-21 19:23:12 -------- d-----w- C:\ProgramData\Quantitative Micro Software

2012-06-21 19:23:02 . 2012-07-04 13:41:17 -------- d-----w- C:\Program Files (x86)\EViews7

2012-06-19 15:35:14 . 2012-06-19 15:35:14 4967624 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-06-15 20:31:11 . 2012-06-15 20:31:12 -------- d-----w- C:\Program Files\Recuva

2012-06-13 16:01:20 . 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\system32\rdpwsx.dll

2012-06-09 09:46:22 . 2012-06-09 09:46:22 -------- d-----w- C:\Users\Fuad Yusibov\AppData\Local\Macromedia

2012-06-08 20:10:15 . 2012-06-08 20:10:21 13160 ----a-w- C:\Windows\SysWow64\Upgrd.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-07-07 20:53:09 . 2011-09-30 22:01:03 17920 ----a-w- C:\Windows\system32\rpcnetp.exe

2012-07-07 20:53:07 . 2011-09-29 12:47:48 58288 ----a-w- C:\Windows\SysWow64\rpcnet.dll

2012-07-07 15:35:51 . 2011-09-30 22:02:15 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.dll

2012-07-07 15:34:37 . 2011-09-30 22:01:03 17920 ----a-w- C:\Windows\SysWow64\rpcnetp.exe

2012-06-25 20:37:19 . 2012-04-06 03:33:18 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-25 20:37:19 . 2011-09-23 03:54:17 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-25 20:37:03 . 2012-04-06 03:41:16 9815752 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-06-08 20:10:14 . 2011-09-29 12:47:30 58288 ------w- C:\Windows\SysWow64\rpcnet.exe

2012-06-04 17:42:57 . 2010-08-20 19:22:27 49592 ----a-w- C:\Windows\SysWow64\pkgslv.exe

2012-06-04 17:42:56 . 2010-08-20 19:22:27 46008 ----a-w- C:\Windows\SysWow64\pkgmgr.dll

2012-05-04 17:29:22 . 2012-05-19 21:37:56 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-04 17:29:16 . 2011-09-23 04:05:19 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-04-17 22:49:26 . 2012-04-17 22:49:26 4246016 ----a-w- C:\Windows\system32\wlihvui.dll

2012-04-17 22:45:22 . 2012-04-17 22:45:22 2463744 ----a-w- C:\Windows\system32\iwmssvc.dll

2012-04-17 14:11:54 . 2012-04-27 20:04:00 49152 ----a-w- C:\Windows\system32\iolobtdfg.exe

2012-04-17 14:11:38 . 2012-04-27 20:04:00 17920 ----a-w- C:\Windows\system32\smrgdf.exe

2012-04-17 13:37:06 . 2012-04-27 20:04:01 2154032 ----a-w- C:\Windows\system32\Incinerator64.dll

2012-04-17 13:37:02 . 2012-04-27 20:04:00 2095816 ----a-w- C:\Windows\SysWow64\Incinerator32.dll

2012-04-17 12:25:12 . 2012-04-27 20:03:59 69000 ----a-w- C:\Windows\system32\offreg.dll

2012-04-17 12:25:12 . 2012-04-27 20:03:59 56200 ----a-w- C:\Windows\SysWow64\offreg.dll

2012-04-17 12:25:02 . 2012-04-27 20:01:03 31432 ----a-w- C:\Windows\system32\drivers\ElRawDsk.sys

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Absolute Notifier"="C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 11:37:30 85672]

"AVP"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 21:15:02 202296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 20:34:06 991296]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]

R2 KMService;KMService;C:\Windows\system32\srvany.exe [x]

R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2012-04-17 23:20:50 2671376]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 20:37:20 250056]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys [2012-03-01 14:55:26 195584]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys [2011-12-08 04:22:28 36328]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 20:34:04 1298496]

R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\system32\drivers\btmaud.sys [x]

R3 cpuz135;cpuz135;C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 EMUXMIDI;E-MU Xmidi Driver;C:\Windows\system32\DRIVERS\EMUXMIDI.sys [2009-12-04 07:56:12 257624]

R3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 18:38:10 116648]

R3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys [2010-02-27 15:32:14 158976]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\system32\drivers\intelaud.sys [2011-05-17 14:27:50 34200]

R3 ioloSystemService;iolo System Service;C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 13:30:36 1047336]

R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys [2011-07-22 10:28:38 175192]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 16:51:12 30963576]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2012-04-17 23:20:42 273168]

R3 NIHardwareService;NIHardwareService;C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 15:37:16 5352960]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2011-07-07 23:21:28 174184]

R3 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-05-16 14:28:54 91848]

R3 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 10:34:18 219632]

R3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 17:12:14 160944]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys [2011-12-08 04:22:28 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 04:22:28 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 04:22:28 177640]

R3 SW2SVC;SecureW2 Service;C:\Program Files (x86)\SecureW2\sw2_service.exe [2011-08-05 10:51:18 121224]

R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 12:37:14 517096]

R3 SymDSMon;SymDSMon;C:\Windows\system32\drivers\SymDSMon.sys [2010-11-30 00:24:02 191232]

R3 SYMSpeedDisk;SYMSpeedDisk;C:\Windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 00:24:02 163384]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 20:00:56 149504]

R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-30 13:34:19 1255736]

R4 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 23:38:04 140672]

R4 AbsoluteNotifier;Absolute Notifier;C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 11:37:32 10920]

R4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 13:10:42 63928]

R4 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 17:14:26 98208]

R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 16:10:02 3276800]

R4 gupdate;Google Update-service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 18:38:10 116648]

R4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 22:17:46 113120]

R4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-07-22 12:26:40 690472]

R4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 10:33:18 1116656]

R4 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 15:32:30 3048136]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-03 11:24:06 381248]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 23:10:10 57184]

S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-11-04 03:19:00 28992]

S0 PxHlpa64;PxHlpa64;C:\Windows\System32\Drivers\PxHlpa64.sys [2010-03-19 08:00:00 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 09:05:12 21616]

S1 ElRawDisk;ElRawDisk;C:\Windows\system32\drivers\ElRawDsk.sys [2012-04-17 12:25:02 31432]

S1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11:23:28 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 16:36:24 29488]

S1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys [2011-11-04 03:19:00 249152]

S1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 16:26:56 14928]

S1 SAS***IL;SAS***IL;C:\Program Files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 21:55:18 12368]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 15:35:24 659976]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 20:33:30 901184]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 16:19:40 135952]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 12:33:06 173056]

S2 DiskDoctorService;Norton Disk Doctor Service;C:\Program Files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 00:23:44 1029480]

S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 22:09:10 1253376]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 14:12:52 13592]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-04 03:19:00 2253120]

S2 SpeedDiskService;Norton SpeedDisk Service;C:\Program Files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 00:23:56 1037672]

S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys [2010-11-29 20:00:04 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 23:24:38 2656280]

S3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys [2010-12-13 17:34:14 27760]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys [2012-03-01 14:55:26 195584]

S3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys [2011-01-24 07:24:52 58128]

S3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-15 05:13:00 327168]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 16:20:46 176096]

S3 cyhid;Cypress Input Device;C:\Windows\system32\DRIVERS\cyhid.sys [2011-06-07 15:16:56 108032]

S3 cykbfltrService;Cypress Keyboard Filter Driver;C:\Windows\system32\DRIVERS\cykbfltr.sys [2011-05-26 01:44:48 11264]

S3 cymfltrService;Cypress Trackpad Filter Driver;C:\Windows\system32\DRIVERS\cymfltr.sys [2011-05-22 21:05:02 70656]

S3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 23:45:00 60416]

S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 00:28:18 317440]

S3 iwdbus;IWD Bus Enumerator;C:\Windows\system32\DRIVERS\iwdbus.sys [2011-05-17 14:27:52 25496]

S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 18:27:10 22544]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 22:49:18 104048]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 07:46:00 27136]

S3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-20 00:34:26 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;C:\Windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 18:06:46 11471872]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 08:57:38 96768]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 08:57:38 213504]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 00:07:28 17920]

S3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys [2011-05-17 14:27:54 42392]

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Inhoud van de 'Gedeelde Taken' map

2012-07-07 C:\Windows\Tasks\Adobe Flash Player Updater.job

- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 03:33:18 . 2012-06-25 20:37:20]

2011-11-27 C:\Windows\Tasks\AutoKMSCustom.job

- C:\Windows\AutoKMS\AutoKMS.exe [2011-11-27 19:19:55 . 2011-11-27 19:21:26]

2012-07-06 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002Core.job

- C:\Users\Fuad Yusibov\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-01 11:34:21 . 2012-01-01 11:34:18]

2012-07-07 C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002UA.job

- C:\Users\Fuad Yusibov\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-01 11:34:21 . 2012-01-01 11:34:18]

2012-07-07 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 18:38:13 . 2012-04-24 18:38:10]

2012-07-07 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 18:38:13 . 2012-04-24 18:38:10]

2012-07-06 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002Core.job

- C:\Users\Fuad Yusibov\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 18:27:55 . 2011-09-29 18:27:54]

2012-07-07 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002UA.job

- C:\Users\Fuad Yusibov\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 18:27:55 . 2011-09-29 18:27:54]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-06-20 17:02:32 755224 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-06-20 17:02:32 755224 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-06-20 17:02:32 755224 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-06-20 17:02:32 755224 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CyCpIo"="C:\Program Files\Cypress\TrackPad\CyCpIo.exe" [2011-05-20 22:01:08 2352640]

"CyHidWin"="C:\Program Files\Cypress\TrackPad\CyHidWin.exe" [2011-05-26 03:00:48 2356224]

"FreeFallProtection"="C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 15:25:22 686704]

"QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe" [2011-07-13 00:57:36 4146848]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 01:39:57 168960]

"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-10-18 13:17:52 7509096]

"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 13:47:50 2278504]

"NVHotkey"="C:\Windows\system32\nvHotkey.dll" [2011-11-04 03:19:00 540992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll

------- Bijkomende Scan -------

uInternet Settings,ProxyOverride = local

IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

FF - ProfilePath - C:\Users\Fuad Yusibov\AppData\Roaming\Mozilla\Firefox\Profiles\b0b8d2kd.default\

FF - prefs.js: browser.startup.homepage - hxxp://startsear.ch/?aff=1

------- Bestandsassociaties -------

JSEFile=NOTEPAD.EXE %1

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-TaskTray - (no file)

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-LiveVDO plugin - C:\Program Files (x86)\StartSearch plugin\uninst.exe

kape · 8 juli 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\Windows\Tasks\AutoKMSCustom.job

Folder::

C:\Windows\AutoKMS

Firefox::

FF - ProfilePath - C:\Users\Fuad Yusibov\AppData\Roaming\Mozilla\Firefox\Profiles\b0b8d2kd.default\

FF - prefs.js: browser.startup.homepage -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Edward Glyver · 8 juli 2012

Alstublieft. Ik moet trouwens wel zeggen dat kort nadat ik deze post had aangemaakt de problemen zomaar weg waren, ik weet niet wat en of ik iets had gedaan. Maar ze zijn al een paar dagen terug:

ComboFix 12-07-07.04 - Fuad Yusibov 08-07-2012 11:33:16.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3990.2479 [GMT 2:00]

Gestart vanuit: c:\users\Fuad Yusibov\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Fuad Yusibov\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\Tasks\AutoKMSCustom.job"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\AutoKMS

c:\windows\AutoKMS\AutoKMS.exe

c:\windows\AutoKMS\AutoKMS.ini

c:\windows\Tasks\AutoKMSCustom.job

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-08 to 2012-07-08 ))))))))))))))))))))))))))))))

.

2012-07-08 09:42 . 2012-07-08 09:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-08 09:42 . 2012-07-08 09:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-07 21:35 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-07 21:35 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-07 19:30 . 2012-07-07 19:35 -------- d-----w- c:\programdata\PCPitstop

2012-07-07 19:30 . 2012-07-07 19:30 -------- d-----w- c:\program files (x86)\PCPitstop

2012-07-07 15:50 . 2012-07-07 15:50 -------- d-----w- c:\program files (x86)\Dell Digital Delivery

2012-07-06 08:08 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8DACD813-DD1B-4E96-90B5-17A5F902C6F9}\mpengine.dll

2012-07-05 16:21 . 2012-07-05 16:26 -------- d-----w- c:\users\Fuad Yusibov\AppData\Roaming\Norton Utilities

2012-06-29 15:49 . 2012-06-29 15:49 -------- d-----w- c:\users\Fuad Yusibov\AppData\Roaming\Quantitative Micro Software

2012-06-29 15:48 . 2001-09-04 23:14 176128 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll

2012-06-29 15:48 . 2001-09-04 23:13 32768 ------w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll

2012-06-29 15:48 . 2001-09-04 22:18 225280 ------w- c:\program files (x86)\Common Files\InstallShield\IScript\IScript.dll

2012-06-29 15:48 . 2001-09-04 23:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll

2012-06-29 15:47 . 2003-10-29 09:00 614532 ----a-w- c:\program files (x86)\Common Files\InstallShield\engine\6\Intel 32\IKernel.exe

2012-06-26 10:26 . 2012-06-26 10:26 -------- d-----w- c:\users\Fuad Yusibov\AppData\Roaming\Malwarebytes

2012-06-26 10:26 . 2012-06-26 10:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-26 10:26 . 2012-06-26 10:26 -------- d-----w- c:\programdata\Malwarebytes

2012-06-26 10:26 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-25 22:38 . 2012-06-25 22:38 388096 ----a-r- c:\users\Fuad Yusibov\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-06-25 22:38 . 2012-06-25 22:38 -------- d-----w- c:\program files (x86)\Trend Micro

2012-06-25 21:19 . 2012-06-25 21:19 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-06-25 21:19 . 2012-06-25 21:19 -------- d-----w- c:\program files (x86)\Oracle

2012-06-25 21:16 . 2012-06-25 21:16 -------- d-----w- c:\program files (x86)\Java

2012-06-25 20:35 . 2012-07-06 08:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-06-25 20:00 . 2012-06-25 20:00 -------- d-----w- c:\program files (x86)\Kaspersky Lab

2012-06-25 17:27 . 2012-06-25 17:27 -------- d-----w- c:\users\Fuad Yusibov\AppData\Roaming\Macrovision

2012-06-25 17:02 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-25 17:02 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-25 17:02 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-25 17:02 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-25 17:02 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-25 17:02 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-25 17:02 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-25 17:02 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-25 17:02 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-23 13:51 . 2012-06-23 13:51 -------- d-----w- c:\users\Fuad Yusibov\AppData\Roaming\Leadertech

2012-06-23 13:49 . 2012-06-25 11:54 -------- d-----w- c:\programdata\Logishrd

2012-06-23 13:49 . 2012-06-23 13:51 -------- d-----w- c:\users\Fuad Yusibov\AppData\Roaming\Logitech

2012-06-23 13:49 . 2012-06-23 13:49 -------- d-----w- c:\users\Fuad Yusibov\AppData\Roaming\Logishrd

2012-06-21 19:23 . 2012-06-21 19:23 -------- d-----w- c:\programdata\Quantitative Micro Software

2012-06-21 19:23 . 2012-07-04 13:41 -------- d-----w- c:\program files (x86)\EViews7

2012-06-19 15:35 . 2012-06-19 15:35 4967624 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

2012-06-15 20:31 . 2012-06-15 20:31 -------- d-----w- c:\program files\Recuva

2012-06-13 16:01 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-06-09 09:46 . 2012-06-09 09:46 -------- d-----w- c:\users\Fuad Yusibov\AppData\Local\Macromedia

2012-06-08 20:10 . 2012-06-08 20:10 13160 ----a-w- c:\windows\SysWow64\Upgrd.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-08 09:10 . 2011-09-30 22:01 17920 ----a-w- c:\windows\system32\rpcnetp.exe

2012-07-08 09:10 . 2011-09-29 12:47 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll

2012-07-07 15:35 . 2011-09-30 22:02 17920 ----a-w- c:\windows\SysWow64\rpcnetp.dll

2012-07-07 15:34 . 2011-09-30 22:01 17920 ----a-w- c:\windows\SysWow64\rpcnetp.exe

2012-06-25 20:37 . 2012-04-06 03:33 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-25 20:37 . 2011-09-23 03:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-06-25 20:37 . 2012-04-06 03:41 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-06-08 20:10 . 2011-09-29 12:47 58288 ------w- c:\windows\SysWow64\rpcnet.exe

2012-06-04 17:42 . 2010-08-20 19:22 49592 ----a-w- c:\windows\SysWow64\pkgslv.exe

2012-06-04 17:42 . 2010-08-20 19:22 46008 ----a-w- c:\windows\SysWow64\pkgmgr.dll

2012-05-04 17:29 . 2012-05-19 21:37 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-04 17:29 . 2011-09-23 04:05 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-04-17 22:49 . 2012-04-17 22:49 4246016 ----a-w- c:\windows\system32\wlihvui.dll

2012-04-17 22:45 . 2012-04-17 22:45 2463744 ----a-w- c:\windows\system32\iwmssvc.dll

2012-04-17 14:11 . 2012-04-27 20:04 49152 ----a-w- c:\windows\system32\iolobtdfg.exe

2012-04-17 14:11 . 2012-04-27 20:04 17920 ----a-w- c:\windows\system32\smrgdf.exe

2012-04-17 13:37 . 2012-04-27 20:04 2154032 ----a-w- c:\windows\system32\Incinerator64.dll

2012-04-17 13:37 . 2012-04-27 20:04 2095816 ----a-w- c:\windows\SysWow64\Incinerator32.dll

2012-04-17 12:25 . 2012-04-27 20:03 69000 ----a-w- c:\windows\system32\offreg.dll

2012-04-17 12:25 . 2012-04-27 20:03 56200 ----a-w- c:\windows\SysWow64\offreg.dll

2012-04-17 12:25 . 2012-04-27 20:01 31432 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-07-07_21.51.06 )))))))))))))))))))))))))))))))))))))))))

.

- 2009-07-14 04:54 . 2012-07-07 20:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-07-08 09:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-07-07 20:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-08 09:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-07 20:55 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-08 09:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-21 03:09 . 2012-07-08 09:12 56500 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-08 09:12 43664 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-09-29 13:23 . 2012-07-07 20:54 16610 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1941087755-3768846296-3944321467-1002_UserData.bin

+ 2011-09-29 13:23 . 2012-07-08 09:12 16610 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1941087755-3768846296-3944321467-1002_UserData.bin

+ 2009-07-14 04:46 . 2012-07-08 09:17 96928 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

- 2011-09-22 21:48 . 2012-07-07 16:01 3076 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2011-09-22 21:48 . 2012-07-07 22:43 3076 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2012-07-08 09:09 . 2012-07-08 09:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-07 16:26 . 2012-07-07 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-08 09:09 . 2012-07-08 09:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-07-07 16:26 . 2012-07-07 20:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-07-07 16:01 574540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-07 22:43 574540 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:45 . 2012-06-25 20:35 7294510 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-07-14 04:45 . 2012-07-07 22:17 7294510 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-09-29 13:19 . 2012-07-07 22:13 13774236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1941087755-3768846296-3944321467-1002-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Absolute Notifier"="c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe" [2011-05-10 85672]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-25 250056]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2012-03-01 195584]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]

R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [x]

R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]

R3 EMUXMIDI;E-MU Xmidi Driver;c:\windows\system32\DRIVERS\EMUXMIDI.sys [2009-12-04 257624]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 116648]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336]

R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-07-22 175192]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2012-04-17 273168]

R3 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 5352960]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-05-16 91848]

R3 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 SW2SVC;SecureW2 Service;c:\program files (x86)\SecureW2\sw2_service.exe [2011-08-05 121224]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 SymDSMon;SymDSMon;c:\windows\system32\drivers\SymDSMon.sys [2010-11-30 191232]

R3 SYMSpeedDisk;SYMSpeedDisk;c:\windows\system32\drivers\SymSpeedDisk.sys [2010-11-30 163384]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-30 1255736]

R4 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

R4 AbsoluteNotifier;Absolute Notifier;c:\program files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe [2011-05-10 10920]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

R4 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-17 98208]

R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R4 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 116648]

R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-14 113120]

R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-07-22 690472]

R4 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]

R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-11-03 381248]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-11-04 28992]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]

S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]

S1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2011-11-04 249152]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-03-01 659976]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-03-08 135952]

S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]

S2 DiskDoctorService;Norton Disk Doctor Service;c:\program files (x86)\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [2010-11-30 1029480]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-11-04 2253120]

S2 SpeedDiskService;Norton SpeedDisk Service;c:\program files (x86)\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [2010-11-30 1037672]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [2012-04-17 2671376]

S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtuele adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2012-03-01 195584]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096]

S3 cyhid;Cypress Input Device;c:\windows\system32\DRIVERS\cyhid.sys [2011-06-07 108032]

S3 cykbfltrService;Cypress Keyboard Filter Driver;c:\windows\system32\DRIVERS\cykbfltr.sys [2011-05-26 11264]

S3 cymfltrService;Cypress Trackpad Filter Driver;c:\windows\system32\DRIVERS\cymfltr.sys [2011-05-22 70656]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2012-03-02 104048]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows 7 64 Bit;c:\windows\system32\DRIVERS\Netwsw00.sys [2012-03-12 11471872]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-10-25 96768]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-10-25 213504]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2011-05-17 42392]

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:37]

.

2012-07-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002Core.job

- c:\users\Fuad Yusibov\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-01 11:34]

.

2012-07-07 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002UA.job

- c:\users\Fuad Yusibov\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-01 11:34]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 18:38]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-24 18:38]

.

2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002Core.job

- c:\users\Fuad Yusibov\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 18:27]

.

2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1941087755-3768846296-3944321467-1002UA.job

- c:\users\Fuad Yusibov\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 18:27]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-06-20 17:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CyCpIo"="c:\program files\Cypress\TrackPad\CyCpIo.exe" [2011-05-20 2352640]

"CyHidWin"="c:\program files\Cypress\TrackPad\CyHidWin.exe" [2011-05-26 2356224]

"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-10-18 7509096]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-14 2278504]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-11-04 540992]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = local

IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

FF - ProfilePath - c:\users\Fuad Yusibov\AppData\Roaming\Mozilla\Firefox\Profiles\b0b8d2kd.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-07-08 11:57:11

ComboFix-quarantined-files.txt 2012-07-08 09:57

ComboFix2.txt 2012-07-07 22:05

.

Pre-Run: 295.675.228.160 bytes beschikbaar

Post-Run: 295.611.363.328 bytes beschikbaar

.

- - End Of File - - B3CD27F1D9B1D80463099213326E6976

kape · 9 juli 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\srvany.exe

Driver::

KMService

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Edward Glyver · 9 juli 2012

Ik heb het gedaan, maar nu doet mijn computer heel erg raar. Geen enkel programma, maar dan ook geen een kan geopend worden. Ik krijg de foutmelding: 'Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.' Dit zit ik dan ook op een andere laptop te typen. Enig idee waarom dat gebeurd is? Het logbestand heb ik via usb overgezet op deze laptop, het gaat als volgt:

ComboFix 12-07-08.01 - Fuad Yusibov 09-07-2012 12:35:23.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3990.2430 [GMT 2:00]

Gestart vanuit: c:\users\Fuad Yusibov\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Fuad Yusibov\Desktop\CFScript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}

FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}

SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\srvany.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_KMService

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-09 to 2012-07-09 ))))))))))))))))))))))))))))))

.

2012-07-09 10:44 . 2012-07-09 10:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp