Ga naar inhoud

Kan de usb-stick niet lezen/openen


Gast caris1949

Aanbevolen berichten

Het tweede logfile van combofix:

ComboFix 12-10-21.02 - Jan 22-10-2012 16:34:37.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.1914 [GMT 2:00]

Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jan\Desktop\Cfscript.txt

AV: Kaspersky Internet Security *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Jan\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-22 to 2012-10-22 ))))))))))))))))))))))))))))))

.

.

2012-10-22 14:48 . 2012-10-22 14:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-22 11:51 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-20 09:03 . 2012-10-20 09:03 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\programdata\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-20 09:02 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-19 11:40 . 2012-10-20 12:34 -------- d-----w- c:\users\Jan\AppData\Roaming\Ulead Systems

2012-10-19 11:38 . 2012-10-19 11:38 -------- d-----w- c:\programdata\InterVideo

2012-10-19 11:24 . 2012-10-19 11:37 -------- d-----w- c:\programdata\Ulead Systems

2012-10-19 11:24 . 2012-10-19 11:24 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems

2012-10-19 10:47 . 2012-10-19 10:47 388096 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-19 10:47 . 2012-10-19 10:47 -------- d-----w- c:\program files (x86)\Trend Micro

2012-10-17 08:27 . 2012-10-17 08:27 -------- d-----w- c:\users\Jan\AppData\Roaming\Visan

2012-10-17 08:26 . 2012-10-17 08:27 -------- d-----w- c:\programdata\Visan

2012-10-16 09:30 . 2012-10-16 09:30 -------- d-----w- c:\programdata\HP Product Assistant

2012-10-16 09:03 . 2012-10-16 09:03 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-10-11 07:51 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-11 07:51 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-11 07:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-11 07:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-11 07:51 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-11 07:51 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-11 07:51 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-11 07:51 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-11 07:51 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-11 07:51 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-02 09:50 . 2012-10-02 09:50 -------- d-----w- c:\program files (x86)\Softonic

2012-09-26 12:35 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\windows\PCHEALTH

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-09-25 11:51 . 2012-09-25 11:51 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-09-24 09:58 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-24 09:58 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-09-24 09:58 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-09-24 09:58 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-22 14:48 . 2012-10-19 16:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68232777-B5A8-445F-B274-4B4E570429EE}\offreg.dll

2012-10-20 12:30 . 2012-02-28 12:53 3350 --sha-w- c:\programdata\KGyGaAvL.sys

2012-10-12 07:19 . 2012-10-19 10:27 9291768 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68232777-B5A8-445F-B274-4B4E570429EE}\mpengine.dll

2012-10-11 08:10 . 2011-05-20 21:28 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 12:38 . 2012-04-10 12:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 12:38 . 2011-05-20 22:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-02 07:38 . 2012-07-01 09:31 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-02 07:38 . 2012-01-20 12:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-22 18:12 . 2012-09-12 09:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 09:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 09:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 09:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-11 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 09:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 09:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-07-30 12:16 . 2012-02-07 19:30 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-07-30 12:16 . 2012-07-30 12:16 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-07-30 12:16 . 2012-07-30 12:16 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-07-30 12:16 . 2012-07-30 12:16 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-07-30 12:16 . 2012-07-30 12:16 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-07-30 12:16 . 2012-08-15 11:59 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudobex.sys

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-30 11:32 . 2012-07-30 11:32 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]

.

c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

NovaBACKUP Tray Control.lnk - c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe [2011-11-11 222352]

Password.lnk - c:\users\Jan\AppData\Local\Temp\Password.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe"

"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe"

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2012-03-31 900480]

R3 AtiIrRcvr;Cinergy T Stick Video HID Service;c:\windows\system32\DRIVERS\cinergy_t_stick_video_hid.sys [2011-01-11 32760]

R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2011-11-08 217600]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]

R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 iComp;Grabster AV 400 service;c:\windows\system32\DRIVERS\p2usbhum.sys [2009-12-09 1794112]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-07-30 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1255736]

R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-31 254528]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2011-11-11 371856]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-05-17 25496]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-13 87552]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-13 207872]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:38]

.

2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

2012-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\

FF - ExtSQL: 2012-09-19 10:46; crossriderapp4479@crossrider.com; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\extensions\crossriderapp4479@crossrider.com

FF - ExtSQL: 2012-09-19 10:46; ffxtlbr@funmoods.com; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\extensions\ffxtlbr@funmoods.com

FF - ExtSQL: 2012-09-19 10:53; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

FF - ExtSQL: 2012-09-19 10:53; ffxtlbr@babylon.com; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\extensions\ffxtlbr@babylon.com

FF - ExtSQL: !HIDDEN! 2011-08-27 14:19; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: extensions.BabylonToolbar_i.id - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.BabylonToolbar_i.hardId - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15541

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBzy0FtCtDyDzy0DtB0BtBtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1445743144

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBzy0FtCtDyDzy0DtB0BtBtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1445743144

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBzy0FtCtDyDzy0DtB0BtBtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1445743144&q=

FF - user.js: extensions.funmoods.id - BC77379F1059D2B2

FF - user.js: extensions.funmoods.instlDay - 15602

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:46

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - test312

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - test312

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b0b0d2b2000000000000bc77379f1059&q=

FF - user.js: extensions.BabylonToolbar.id - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15602

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:21

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115300&tt=120912_pcp_3812_5

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.Softonic.instlDay - 15615

FF - user.js: extensions.Softonic.vrsn - 1.6.7.4

FF - user.js: extensions.Softonic.vrsni - 1.6.7.4

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.411:54

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - orgnl

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00001

FF - user.js: extensions.Softonic.dfltLng -

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\PSIService.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-22 17:04:31 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-22 15:04

ComboFix2.txt 2012-10-22 12:33

.

Pre-Run: 233.672.773.632 bytes beschikbaar

Post-Run: 233.600.290.816 bytes beschikbaar

.

- - End Of File - - 567343726000EDD7FD5373BC949F4EE3

Link naar reactie
Delen op andere sites

  • Reacties 35
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Combofix gedraaid in de veilige modus:

ComboFix 12-10-21.02 - Jan 23-10-2012 18:45:47.3.4 - x64 MINIMAL

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.2864 [GMT 2:00]

Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jan\Desktop\cfscript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-23 to 2012-10-23 ))))))))))))))))))))))))))))))

.

.

2012-10-23 16:55 . 2012-10-23 16:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-23 07:39 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71D062E0-CFEC-4777-B561-52B1C16F9F52}\mpengine.dll

2012-10-22 17:11 . 2012-10-22 17:11 -------- d-----w- C:\AutoKMS_Dylan

2012-10-22 11:51 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-20 09:03 . 2012-10-20 09:03 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\programdata\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-20 09:02 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-19 11:40 . 2012-10-20 12:34 -------- d-----w- c:\users\Jan\AppData\Roaming\Ulead Systems

2012-10-19 11:38 . 2012-10-19 11:38 -------- d-----w- c:\programdata\InterVideo

2012-10-19 11:24 . 2012-10-19 11:37 -------- d-----w- c:\programdata\Ulead Systems

2012-10-19 11:24 . 2012-10-19 11:24 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems

2012-10-19 10:47 . 2012-10-19 10:47 388096 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-19 10:47 . 2012-10-19 10:47 -------- d-----w- c:\program files (x86)\Trend Micro

2012-10-17 08:27 . 2012-10-17 08:27 -------- d-----w- c:\users\Jan\AppData\Roaming\Visan

2012-10-17 08:26 . 2012-10-17 08:27 -------- d-----w- c:\programdata\Visan

2012-10-16 09:30 . 2012-10-16 09:30 -------- d-----w- c:\programdata\HP Product Assistant

2012-10-16 09:03 . 2012-10-16 09:03 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-10-11 07:51 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-11 07:51 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-11 07:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-11 07:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-11 07:51 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-11 07:51 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-11 07:51 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-11 07:51 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-11 07:51 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-11 07:51 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-02 09:50 . 2012-10-02 09:50 -------- d-----w- c:\program files (x86)\Softonic

2012-09-26 12:35 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\windows\PCHEALTH

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-09-25 11:51 . 2012-09-25 11:51 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

2012-09-24 09:58 . 2012-08-24 10:09 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-09-24 09:58 . 2012-08-24 06:43 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-09-24 09:58 . 2012-08-24 10:10 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-09-24 09:58 . 2012-08-24 07:34 140936 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-20 12:30 . 2012-02-28 12:53 3350 --sha-w- c:\programdata\KGyGaAvL.sys

2012-10-11 08:10 . 2011-05-20 21:28 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 12:38 . 2012-04-10 12:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 12:38 . 2011-05-20 22:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-02 07:38 . 2012-07-01 09:31 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-02 07:38 . 2012-01-20 12:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-22 18:12 . 2012-09-12 09:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 09:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 09:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 09:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-11 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 09:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 09:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-07-30 12:16 . 2012-02-07 19:30 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-07-30 12:16 . 2012-07-30 12:16 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-07-30 12:16 . 2012-07-30 12:16 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-07-30 12:16 . 2012-07-30 12:16 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-07-30 12:16 . 2012-07-30 12:16 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-07-30 12:16 . 2012-08-15 11:59 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudobex.sys

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-30 11:32 . 2012-07-30 11:32 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]

.

c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

NovaBACKUP Tray Control.lnk - c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe [2011-11-11 222352]

Password.lnk - c:\users\Jan\AppData\Local\Temp\Password.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe"

"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe"

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]

R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

R2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2011-11-11 371856]

R2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2012-03-31 900480]

R3 AtiIrRcvr;Cinergy T Stick Video HID Service;c:\windows\system32\DRIVERS\cinergy_t_stick_video_hid.sys [2011-01-11 32760]

R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2011-11-08 217600]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]

R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]

R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

R3 iComp;Grabster AV 400 service;c:\windows\system32\DRIVERS\p2usbhum.sys [2009-12-09 1794112]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-07-30 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1255736]

R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-31 254528]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-05-17 25496]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-13 87552]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-13 207872]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:38]

.

2012-10-23 c:\windows\Tasks\AutoKMS.job

- c:\autokms_dylan\AutoKMS.exe [2012-10-22 13:22]

.

2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.mypip.nl/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

FF - ProfilePath - c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\

FF - ExtSQL: 2012-09-19 10:46; crossriderapp4479@crossrider.com; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\extensions\crossriderapp4479@crossrider.com

FF - ExtSQL: 2012-09-19 10:46; ffxtlbr@funmoods.com; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\extensions\ffxtlbr@funmoods.com

FF - ExtSQL: 2012-09-19 10:53; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension

FF - ExtSQL: 2012-09-19 10:53; ffxtlbr@babylon.com; c:\users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\flc0vgk4.default\extensions\ffxtlbr@babylon.com

FF - ExtSQL: !HIDDEN! 2011-08-27 14:19; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3

FF - user.js: extensions.BabylonToolbar_i.id - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.BabylonToolbar_i.hardId - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15541

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.funmoods.hmpg - true

FF - user.js: extensions.funmoods.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBzy0FtCtDyDzy0DtB0BtBtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1445743144

FF - user.js: extensions.funmoods.dfltSrch - true

FF - user.js: extensions.funmoods.srchPrvdr - Search

FF - user.js: extensions.funmoods.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBzy0FtCtDyDzy0DtB0BtBtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1445743144

FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/?f=3&a=test312&chnl=test312&cd=2XzuyEtN2Y1L1Qzu0B0CyByBtAyBzy0FtCtDyDzy0DtB0BtBtN0D0Tzu0CtByCtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1445743144&q=

FF - user.js: extensions.funmoods.id - BC77379F1059D2B2

FF - user.js: extensions.funmoods.instlDay - 15602

FF - user.js: extensions.funmoods.vrsn - 1.5.23.22

FF - user.js: extensions.funmoods.vrsni - 1.5.23.22

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2210:46

FF - user.js: extensions.funmoods.prtnrId - funmoods

FF - user.js: extensions.funmoods.prdct - funmoods

FF - user.js: extensions.funmoods.aflt - test312

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods.tlbrId - base

FF - user.js: extensions.funmoods.instlRef - test312

FF - user.js: extensions.funmoods.dfltLng -

FF - user.js: extensions.funmoods.excTlbr - false

FF - user.js: extensions.funmoods.autoRvrt - false

FF - user.js: extensions.funmoods.envrmnt - production

FF - user.js: extensions.funmoods.isdcmntcmplt - true

FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=b0b0d2b2000000000000bc77379f1059&q=

FF - user.js: extensions.BabylonToolbar.id - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15602

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:21

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115300&tt=120912_pcp_3812_5

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.newTab - false

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00001/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - b0b0d2b2000000000000bc77379f1059

FF - user.js: extensions.Softonic.instlDay - 15615

FF - user.js: extensions.Softonic.vrsn - 1.6.7.4

FF - user.js: extensions.Softonic.vrsni - 1.6.7.4

FF - user.js: extensions.Softonic_i.vrsnTs - 1.6.7.411:54

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - orgnl

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00001

FF - user.js: extensions.Softonic.dfltLng -

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

AddRemove-DealPly - c:\program files (x86)\DealPly\uninst.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-10-23 18:58:12

ComboFix-quarantined-files.txt 2012-10-23 16:58

ComboFix2.txt 2012-10-22 15:04

ComboFix3.txt 2012-10-22 12:33

.

Pre-Run: 225.926.238.208 bytes beschikbaar

Post-Run: 225.788.035.072 bytes beschikbaar

.

- - End Of File - - 19F1D121350C06C285C59CD9A56407E7

Link naar reactie
Delen op andere sites

Je kan firefox verwijderen via configuratiescherm - programma's.

Na het verwijderen van software doe je best een registeropruiming met CCleaner.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (Als je niet wil dat Google Chrome op je pc als standaard webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”.

Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”.

Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Laat daarna combofix nogmaals gewoon scannen en plaats het logje.

Link naar reactie
Delen op andere sites

Ik heb uw aanbevelingen opgevolgd. Onderstaand het combofixlog:

ComboFix 12-10-25.01 - Jan 25-10-2012 11:07:27.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.2238 [GMT 2:00]

Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\584359DE25.sys

c:\users\Jan\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-25 to 2012-10-25 ))))))))))))))))))))))))))))))

.

.

2012-10-25 09:21 . 2012-10-25 09:21 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-25 08:53 . 2012-10-25 08:53 -------- d-----w- c:\program files\CCleaner

2012-10-23 07:39 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71D062E0-CFEC-4777-B561-52B1C16F9F52}\mpengine.dll

2012-10-22 17:11 . 2012-10-22 17:11 -------- d-----w- C:\AutoKMS_Dylan

2012-10-22 11:51 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-20 09:03 . 2012-10-20 09:03 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\programdata\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-20 09:02 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-19 11:40 . 2012-10-20 12:34 -------- d-----w- c:\users\Jan\AppData\Roaming\Ulead Systems

2012-10-19 11:38 . 2012-10-19 11:38 -------- d-----w- c:\programdata\InterVideo

2012-10-19 11:24 . 2012-10-19 11:37 -------- d-----w- c:\programdata\Ulead Systems

2012-10-19 11:24 . 2012-10-19 11:24 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems

2012-10-19 10:47 . 2012-10-19 10:47 388096 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-19 10:47 . 2012-10-19 10:47 -------- d-----w- c:\program files (x86)\Trend Micro

2012-10-17 08:27 . 2012-10-17 08:27 -------- d-----w- c:\users\Jan\AppData\Roaming\Visan

2012-10-17 08:26 . 2012-10-17 08:27 -------- d-----w- c:\programdata\Visan

2012-10-16 09:30 . 2012-10-16 09:30 -------- d-----w- c:\programdata\HP Product Assistant

2012-10-16 09:03 . 2012-10-16 09:03 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-10-11 07:51 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-11 07:51 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-11 07:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-11 07:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-11 07:51 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-11 07:51 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-11 07:51 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-11 07:51 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-11 07:51 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-11 07:51 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-02 09:50 . 2012-10-02 09:50 -------- d-----w- c:\program files (x86)\Softonic

2012-09-26 12:35 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\windows\PCHEALTH

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-09-25 11:51 . 2012-09-25 11:51 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-24 10:58 . 2012-02-28 12:53 3350 --sha-w- c:\programdata\KGyGaAvL.sys

2012-10-11 08:10 . 2011-05-20 21:28 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 12:38 . 2012-04-10 12:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 12:38 . 2011-05-20 22:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-02 07:38 . 2012-07-01 09:31 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-02 07:38 . 2012-01-20 12:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-24 11:15 . 2012-09-24 09:57 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-24 09:57 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-24 09:57 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-24 09:57 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-24 09:57 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-24 09:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-24 09:57 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-24 09:57 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-24 09:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-24 09:57 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-24 09:57 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-24 09:57 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-24 09:57 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-24 09:58 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-24 09:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-24 09:57 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-24 09:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-24 09:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-24 09:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-24 09:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-24 09:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-24 09:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 09:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 09:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 09:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 09:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-11 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 09:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 09:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-07-30 12:16 . 2012-02-07 19:30 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-07-30 12:16 . 2012-07-30 12:16 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-07-30 12:16 . 2012-07-30 12:16 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-07-30 12:16 . 2012-07-30 12:16 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-07-30 12:16 . 2012-07-30 12:16 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-07-30 12:16 . 2012-08-15 11:59 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudobex.sys

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-30 11:32 . 2012-07-30 11:32 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]

.

c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

NovaBACKUP Tray Control.lnk - c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe [2011-11-11 222352]

Password.lnk - c:\users\Jan\AppData\Local\Temp\Password.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe"

"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe"

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2012-03-31 900480]

R3 AtiIrRcvr;Cinergy T Stick Video HID Service;c:\windows\system32\DRIVERS\cinergy_t_stick_video_hid.sys [2011-01-11 32760]

R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2011-11-08 217600]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]

R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 iComp;Grabster AV 400 service;c:\windows\system32\DRIVERS\p2usbhum.sys [2009-12-09 1794112]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-07-30 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1255736]

R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-31 254528]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2011-11-11 371856]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-05-17 25496]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-13 87552]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-13 207872]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:38]

.

2012-10-25 c:\windows\Tasks\AutoKMS.job

- c:\autokms_dylan\AutoKMS.exe [2012-10-22 13:22]

.

2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.mypip.nl/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

.

.

------- Bestandsassociaties -------

.

JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\PSIService.exe

c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Voltooingstijd: 2012-10-25 11:42:08 - machine werd herstart

ComboFix-quarantined-files.txt 2012-10-25 09:42

ComboFix2.txt 2012-10-23 16:58

ComboFix3.txt 2012-10-22 15:04

ComboFix4.txt 2012-10-22 12:33

.

Pre-Run: 225.901.494.272 bytes beschikbaar

Post-Run: 226.294.059.008 bytes beschikbaar

.

- - End Of File - - 9E0111C98023E3ABF71DD32D816FB4F6

Link naar reactie
Delen op andere sites

Open het bestandje CFScript.txt

Vervang de inhoud door de onderstaande vetgedrukte tekst.

File::

c:\windows\Tasks\AutoKMS.job

Sla de wijzigingen op en sluit het bestandje.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht

Link naar reactie
Delen op andere sites

Het combofix logje:

ComboFix 12-10-25.01 - Jan 25-10-2012 13:08:33.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4003.1440 [GMT 2:00]

Gestart vanuit: c:\users\Jan\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Jan\Desktop\cfscript.txt

AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\Tasks\AutoKMS.job"

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-09-25 to 2012-10-25 ))))))))))))))))))))))))))))))

.

.

2012-10-25 11:25 . 2012-10-25 11:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-10-25 08:53 . 2012-10-25 08:53 -------- d-----w- c:\program files\CCleaner

2012-10-23 07:39 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71D062E0-CFEC-4777-B561-52B1C16F9F52}\mpengine.dll

2012-10-22 17:11 . 2012-10-22 17:11 -------- d-----w- C:\AutoKMS_Dylan

2012-10-22 11:51 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-20 09:03 . 2012-10-20 09:03 -------- d-----w- c:\users\Jan\AppData\Roaming\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\programdata\Malwarebytes

2012-10-20 09:02 . 2012-10-20 09:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-10-20 09:02 . 2012-09-29 17:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-19 11:40 . 2012-10-20 12:34 -------- d-----w- c:\users\Jan\AppData\Roaming\Ulead Systems

2012-10-19 11:38 . 2012-10-19 11:38 -------- d-----w- c:\programdata\InterVideo

2012-10-19 11:24 . 2012-10-19 11:37 -------- d-----w- c:\programdata\Ulead Systems

2012-10-19 11:24 . 2012-10-19 11:24 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems

2012-10-19 10:47 . 2012-10-19 10:47 388096 ----a-r- c:\users\Jan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-10-19 10:47 . 2012-10-19 10:47 -------- d-----w- c:\program files (x86)\Trend Micro

2012-10-17 08:27 . 2012-10-17 08:27 -------- d-----w- c:\users\Jan\AppData\Roaming\Visan

2012-10-17 08:26 . 2012-10-17 08:27 -------- d-----w- c:\programdata\Visan

2012-10-16 09:30 . 2012-10-16 09:30 -------- d-----w- c:\programdata\HP Product Assistant

2012-10-16 09:03 . 2012-10-16 09:03 -------- d-----w- c:\program files (x86)\Common Files\HP

2012-10-11 07:51 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll

2012-10-11 07:51 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-10-11 07:51 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-11 07:51 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-10-11 07:51 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll

2012-10-11 07:51 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll

2012-10-11 07:51 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll

2012-10-11 07:51 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-11 07:51 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-10-11 07:51 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-10-11 07:51 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-10-02 09:50 . 2012-10-02 09:50 -------- d-----w- c:\program files (x86)\Softonic

2012-09-26 12:35 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\windows\PCHEALTH

2012-09-25 12:08 . 2012-09-25 12:08 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework

2012-09-25 11:51 . 2012-09-25 11:51 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-10-24 10:58 . 2012-02-28 12:53 3350 --sha-w- c:\programdata\KGyGaAvL.sys

2012-10-11 08:10 . 2011-05-20 21:28 65309168 ----a-w- c:\windows\system32\MRT.exe

2012-10-09 12:38 . 2012-04-10 12:06 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-10-09 12:38 . 2011-05-20 22:42 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-02 07:38 . 2012-07-01 09:31 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-09-02 07:38 . 2012-01-20 12:40 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-08-24 11:15 . 2012-09-24 09:57 17810944 ----a-w- c:\windows\system32\mshtml.dll

2012-08-24 10:39 . 2012-09-24 09:57 10925568 ----a-w- c:\windows\system32\ieframe.dll

2012-08-24 10:31 . 2012-09-24 09:57 2312704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 10:22 . 2012-09-24 09:57 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-08-24 10:21 . 2012-09-24 09:57 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 10:20 . 2012-09-24 09:57 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 10:18 . 2012-09-24 09:57 237056 ----a-w- c:\windows\system32\url.dll

2012-08-24 10:17 . 2012-09-24 09:57 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-08-24 10:14 . 2012-09-24 09:57 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 10:14 . 2012-09-24 09:57 816640 ----a-w- c:\windows\system32\jscript.dll

2012-08-24 10:13 . 2012-09-24 09:57 599040 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 10:12 . 2012-09-24 09:57 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-08-24 10:11 . 2012-09-24 09:57 729088 ----a-w- c:\windows\system32\msfeeds.dll

2012-08-24 10:10 . 2012-09-24 09:58 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-08-24 10:09 . 2012-09-24 09:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-24 10:04 . 2012-09-24 09:57 248320 ----a-w- c:\windows\system32\ieui.dll

2012-08-24 06:59 . 2012-09-24 09:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-08-24 06:51 . 2012-09-24 09:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-08-24 06:51 . 2012-09-24 09:57 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-08-24 06:47 . 2012-09-24 09:57 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-08-24 06:47 . 2012-09-24 09:57 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-08-24 06:43 . 2012-09-24 09:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-08-22 18:12 . 2012-09-12 09:42 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 18:12 . 2012-09-12 09:42 950128 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 18:12 . 2012-09-12 09:42 376688 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 18:12 . 2012-09-12 09:42 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:38 . 2012-10-11 07:52 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-08-02 17:58 . 2012-09-12 09:42 574464 ----a-w- c:\windows\system32\d3d10level9.dll

2012-08-02 16:57 . 2012-09-12 09:42 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2012-07-30 12:16 . 2012-02-07 19:30 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-07-30 12:16 . 2012-07-30 12:16 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-07-30 12:16 . 2012-07-30 12:16 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-07-30 12:16 . 2012-07-30 12:16 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-07-30 12:16 . 2012-07-30 12:16 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-07-30 12:16 . 2012-08-15 11:59 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudobex.sys

2012-07-30 11:32 . 2012-07-30 11:32 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-07-30 11:32 . 2012-07-30 11:32 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]

"Remote Control Editor"="c:\program files (x86)\Common Files\TerraTec\Remote\TTTvRc.exe" [2011-11-09 1844296]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-14 113288]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2009-12-17 105632]

.

c:\users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Jan\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2010 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

NovaBACKUP Tray Control.lnk - c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe [2011-11-11 222352]

Password.lnk - c:\users\Jan\AppData\Local\Temp\Password.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 1 (0x1)

"SynchronousUserGroupPolicy"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"LMgrVolOSD"="c:\program files (x86)\Launch Manager\OSD.exe"

"Wbutton"="c:\program files (x86)\Launch Manager\Wbutton.exe"

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]

R3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys [2012-03-31 900480]

R3 AtiIrRcvr;Cinergy T Stick Video HID Service;c:\windows\system32\DRIVERS\cinergy_t_stick_video_hid.sys [2011-01-11 32760]

R3 Backup Client Agent Service;Backup Client Agent Service;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe [2011-11-08 217600]

R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-02-11 1304912]

R3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-01-24 53008]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-30 102240]

R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 136176]

R3 iComp;Grabster AV 400 service;c:\windows\system32\DRIVERS\p2usbhum.sys [2009-12-09 1794112]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-05-01 8593920]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys [2011-03-15 311400]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 203104]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys [2012-07-30 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-01 1255736]

R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe [2009-10-23 118560]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-08-31 254528]

S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11864]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-02-11 907600]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-02-11 997712]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]

S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe [2011-11-11 371856]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-14 327168]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2011-04-14 31088]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys [2011-05-17 25496]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-01-25 77424]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2010-10-20 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-04-13 87552]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2011-04-13 207872]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Inhoud van de 'Gedeelde Taken' map

.

2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:38]

.

2012-10-25 c:\windows\Tasks\AutoKMS.job

- c:\autokms_dylan\AutoKMS.exe [2012-10-22 13:22]

.

2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

2012-10-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-26 16:59]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ------w- c:\users\Jan\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.mypip.nl/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\system32\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Toevoegen aan Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm

Trusted Zone: cleverreach.com\novastor

Trusted Zone: google-analytics.com

Trusted Zone: novastor.com

TCP: DhcpNameServer = 62.179.104.196 213.46.228.196

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ChromeHTML"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-10-25 13:29:50

ComboFix-quarantined-files.txt 2012-10-25 11:29

ComboFix2.txt 2012-10-25 09:42

ComboFix3.txt 2012-10-23 16:58

ComboFix4.txt 2012-10-22 15:04

ComboFix5.txt 2012-10-25 11:05

.

Pre-Run: 226.167.099.392 bytes beschikbaar

Post-Run: 226.086.309.888 bytes beschikbaar

.

- - End Of File - - 5565EDBA9B8024297008EDA791131F92

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.