ComboFix 12-04-03.02 - mizo 04/04/2012 0:14.2.2 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.32.1033.18.4091.2939 [GMT 2:00] Gestart vanuit: c:\users\mizo\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\mizo\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\mizo\AppData\Local\Temp\0059735.tmp" "c:\users\mizo\AppData\Local\Temp\006DE19.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\mshtml.dll . . . is geïnfecteerd!! . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_X6VA005 -------\Legacy_X6VA006 -------\Service_X6va005 -------\Service_X6va006 . . (((((((((((((((((((( Bestanden Gemaakt van 2012-03-03 to 2012-04-03 )))))))))))))))))))))))))))))) . . 2012-04-03 22:26 . 2012-04-03 22:26 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-03 15:48 . 2012-04-03 15:48 388096 ----a-r- c:\users\mizo\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-03 15:48 . 2012-04-03 15:48 -------- d-----w- c:\program files (x86)\Trend Micro 2012-04-03 10:57 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{51FFD034-D065-4D6D-8B02-7DE0F2DCBFF5}\mpengine.dll 2012-04-02 21:00 . 2012-04-02 21:00 -------- d-----w- c:\program files\Synaptics 2012-04-02 21:00 . 2009-07-14 13:16 273456 ----a-w- c:\windows\system32\drivers\SynTP.sys 2012-04-02 21:00 . 2009-07-14 13:13 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll 2012-04-02 21:00 . 2009-07-14 13:13 203560 ----a-w- c:\windows\system32\SynTPAPI.dll 2012-04-02 21:00 . 2009-07-14 13:13 147752 ----a-w- c:\windows\system32\SynTPCo4.dll 2012-04-02 21:00 . 2009-07-14 13:13 206120 ----a-w- c:\windows\SysWow64\SynCtrl.dll 2012-04-02 21:00 . 2009-07-14 13:13 260904 ----a-w- c:\windows\system32\SynCtrl.dll 2012-04-02 21:00 . 2009-07-14 13:13 169256 ----a-w- c:\windows\SysWow64\SynCOM.dll 2012-04-02 21:00 . 2009-07-14 13:13 395048 ----a-w- c:\windows\system32\SynCOM.dll 2012-04-02 20:59 . 2012-04-02 20:59 -------- d-----w- c:\program files (x86)\Nuvoton Technology Corporation 2012-04-02 20:58 . 2009-07-08 14:34 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2012-04-02 20:56 . 2012-04-02 20:56 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll 2012-04-02 20:55 . 2012-04-02 20:55 -------- d-----w- C:\Intel 2012-04-02 20:55 . 2009-06-04 16:54 408600 ----a-w- c:\windows\system32\drivers\iaStor.sys 2012-04-02 20:55 . 2012-04-02 20:58 -------- d-----w- c:\program files (x86)\Intel 2012-04-02 20:54 . 2009-06-09 11:28 64000 ------w- c:\windows\SysWow64\agrsmdel.exe 2012-04-02 20:54 . 2009-03-27 16:12 14848 ------w- c:\windows\SysWow64\agrsco64.dll 2012-04-02 20:54 . 2012-04-02 20:54 -------- d-----w- c:\program files\LSI SoftModem 2012-04-02 20:54 . 2012-04-02 20:54 -------- d-----w- c:\windows\Options 2012-04-02 20:53 . 2009-07-21 12:03 1208320 ----a-w- c:\windows\system32\drivers\agrsm64.sys 2012-04-02 20:53 . 2009-06-09 11:28 64000 ----a-w- c:\windows\agrsmdel.exe 2012-04-02 20:53 . 2009-06-09 11:34 42496 ----a-w- c:\windows\agrdel64.exe 2012-04-02 20:53 . 2009-03-27 16:12 14848 ----a-w- c:\windows\system32\agrsco64.dll 2012-04-02 19:39 . 2012-04-02 19:39 -------- d-----w- c:\users\mizo\AppData\Roaming\Malwarebytes 2012-04-02 19:39 . 2012-04-02 19:39 -------- d-----w- c:\programdata\Malwarebytes 2012-04-02 19:39 . 2012-04-02 19:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-02 19:39 . 2011-12-10 13:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-02 16:47 . 2012-04-02 16:55 -------- d-----w- c:\program files (x86)\Wise Registry Cleaner 2012-04-02 16:28 . 2012-04-02 17:43 -------- d-----w- c:\program files (x86)\Runes of Magic 2012-03-30 22:21 . 2012-03-30 22:43 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner 2012-03-25 16:35 . 2012-03-25 16:48 -------- d-----w- c:\program files (x86)\raidcall 2012-03-22 10:17 . 2012-03-22 10:17 -------- d-----w- c:\program files (x86)\exe4j 2012-03-22 10:06 . 2012-03-22 10:06 -------- d-----w- c:\users\mizo\.exe4j4 2012-03-18 12:53 . 2012-03-18 12:53 -------- d-----w- c:\windows\Sun 2012-03-17 16:22 . 2012-03-17 16:23 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-03-17 16:22 . 2012-03-17 16:22 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-03-15 07:29 . 2011-11-19 18:30 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 07:29 . 2011-11-19 14:25 3957616 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 07:29 . 2011-11-19 14:25 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-12 12:18 . 2012-03-12 12:18 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-03-12 12:18 . 2012-03-12 12:18 -------- d-----w- c:\program files (x86)\Overwolf 2012-03-12 12:18 . 2012-03-12 12:18 -------- d-----w- c:\program files (x86)\Common Files\Overwolf 2012-03-12 11:34 . 2012-03-12 17:39 -------- d-----w- c:\users\mizo\AppData\Local\Overwolf 2012-03-10 14:18 . 2012-03-10 14:18 -------- d-----w- c:\program files\Alex Feinman . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-10 09:41 . 2011-05-17 16:20 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-04 04:23 . 2012-03-04 04:23 827728 ----a-w- c:\windows\system32\msvcr100.dll 2012-03-04 04:23 . 2012-03-04 04:23 607568 ----a-w- c:\windows\system32\msvcp100.dll 2012-03-02 14:47 . 2012-03-02 14:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-03-02 14:47 . 2012-03-02 14:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-03-02 14:47 . 2012-03-02 14:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-03-02 14:47 . 2012-03-02 14:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-03-02 14:47 . 2012-03-02 14:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-03-02 14:47 . 2012-03-02 14:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-03-02 14:47 . 2012-03-02 14:47 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-03-02 14:47 . 2012-03-02 14:47 1798656 ----a-w- c:\windows\SysWow64\jscript9.dll 2012-03-02 14:47 . 2012-03-02 14:47 1127424 ----a-w- c:\windows\SysWow64\wininet.dll 2012-03-02 14:47 . 2012-03-02 14:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-03-02 14:47 . 2012-03-02 14:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-02 14:47 . 2012-03-02 14:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-03-02 14:47 . 2012-03-02 14:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-03-02 14:47 . 2012-03-02 14:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-03-02 14:47 . 2012-03-02 14:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-03-02 14:47 . 2012-03-02 14:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-03-02 14:47 . 2012-03-02 14:47 222208 ----a-w- c:\windows\system32\msls31.dll 2012-03-02 14:47 . 2012-03-02 14:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-03-02 14:47 . 2012-03-02 14:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-03-02 14:47 . 2012-03-02 14:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-03-02 14:47 . 2012-03-02 14:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2012-03-02 14:47 . 2012-03-02 14:47 1390080 ----a-w- c:\windows\system32\wininet.dll 2012-03-02 14:47 . 2012-03-02 14:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-03-02 14:47 . 2012-03-02 14:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-03-02 14:47 . 2012-03-02 14:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-02 14:47 . 2012-03-02 14:47 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-03-02 14:47 . 2012-03-02 14:47 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-02 14:47 . 2012-03-02 14:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-03-02 14:47 . 2012-03-02 14:47 2308096 ----a-w- c:\windows\system32\jscript9.dll 2012-03-02 14:47 . 2012-03-02 14:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-02 14:47 . 2012-03-02 14:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-02 14:47 . 2012-03-02 14:47 12288 ----a-w- c:\windows\system32\mshta.exe 2012-03-02 14:47 . 2012-03-02 14:47 114176 ----a-w- c:\windows\system32\admparse.dll 2012-03-02 14:47 . 2012-03-02 14:47 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-02 14:47 . 2012-03-02 14:47 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-03-02 14:47 . 2012-03-02 14:47 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-03-02 14:47 . 2012-03-02 14:47 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-03-02 14:47 . 2012-03-02 14:47 448512 ----a-w- c:\windows\system32\html.iec 2012-03-02 14:47 . 2012-03-02 14:47 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-02 14:47 . 2012-03-02 14:47 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-03-02 14:47 . 2012-03-02 14:47 160256 ----a-w- c:\windows\system32\wextract.exe 2012-03-02 14:47 . 2012-03-02 14:47 1493504 ----a-w- c:\windows\system32\inetcpl.cpl 2012-03-01 06:53 . 2011-05-31 13:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-02-23 08:18 . 2011-05-17 13:22 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-22 16:32 . 2012-02-22 16:32 31744 ----a-w- c:\windows\SysWow64\maplec.dll 2012-02-22 16:32 . 2012-02-22 16:32 212992 ----a-w- c:\windows\SysWow64\WMIMPLEX.dll 2012-02-22 16:32 . 2012-02-22 16:32 20480 ----a-w- c:\windows\SysWow64\maplecompat.dll 2012-02-10 04:13 . 2012-02-21 20:46 68928 ----a-w- c:\windows\system32\OpenCL.dll 2012-02-10 04:13 . 2012-02-21 20:46 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll 2012-02-10 04:13 . 2012-02-21 20:46 2872640 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-02-10 04:13 . 2012-02-21 20:46 25222976 ----a-w- c:\windows\system32\nvcompiler.dll 2012-02-10 04:13 . 2012-02-21 20:46 17543488 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-02-10 04:13 . 2012-02-21 20:46 1737536 ----a-w- c:\windows\system32\nvdispco64.dll 2012-02-10 04:13 . 2012-02-21 20:46 1466176 ----a-w- c:\windows\system32\nvgenco64.dll 2012-02-10 03:07 . 2012-02-21 20:52 63296 ----a-w- c:\windows\system32\nvshext.dll 2012-02-09 10:06 . 2012-02-07 22:11 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll 2012-01-17 12:45 . 2012-02-21 20:46 1451840 ----a-w- c:\windows\system32\nvhdagenco6420103.dll 2012-01-05 22:35 . 2012-01-05 22:35 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2012-03-02 . E79176F37F619657B0AF3AFF91C66F66 . 12282368 . . [9.00.8112.16421] .. c:\windows\SysWOW64\mshtml.dll [-] 2012-03-02 . E79176F37F619657B0AF3AFF91C66F66 . 12282368 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16441_none_92205b58293e37a4\mshtml.dll [7] 2011-12-16 . D829890A3CE83EE4332D2BE11755E590 . 5998080 . . [8.00.7601.21878] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21878_none_96c4cbcbfd7666ef\mshtml.dll [7] 2011-12-16 . 65631F456004E4DF6ADD6F8C2550FEA2 . 5999104 . . [8.00.7600.16930] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16930_none_94780f5ae71920bd\mshtml.dll [7] 2011-12-16 . BDB0402589BDD0D47D0CE9B2A0187D94 . 5997568 . . [8.00.7601.17744] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17744_none_96579d9ce4440df6\mshtml.dll [7] 2011-12-16 . 41ADBC5327BBDD802266B965B9DC9C9B . 6000640 . . [8.00.7600.21108] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21108_none_9529f65c00176aae\mshtml.dll [7] 2011-11-05 . 9B2203A026436B0CE445819356619C06 . 5997568 . . [8.00.7600.16912] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16912_none_948fafc6e7071b89\mshtml.dll [7] 2011-11-05 . 1F0D01939CADBFE8945E788F39662E8E . 5999616 . . [8.00.7600.21085] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21085_none_94d07438005b010a\mshtml.dll [7] 2011-11-05 . 61C09B5AD2932538659D133C875DBB0F . 5997056 . . [8.00.7601.17720] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17720_none_96693c4ce43770b8\mshtml.dll [7] 2011-11-05 . 3E218028099F62CA630E2AFE936F1F0D . 5997568 . . [8.00.7601.21855] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21855_none_96d76ac5fd68e308\mshtml.dll [7] 2011-10-01 . E16F0A71B984E06FE0A90A2E2E227B23 . 5991936 . . [8.00.7601.21830] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21830_none_96e8092bfd5d2c73\mshtml.dll [7] 2011-10-01 . BE58B60C0FFCD769DB77BB072DDBCDA7 . 5990912 . . [8.00.7600.16891] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16891_none_94382e36e748e493\mshtml.dll [7] 2011-10-01 . 146D5F5CEB1A89369B6D559ED5182B07 . 5991936 . . [8.00.7600.21062] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21062_none_94e31332004d7d23\mshtml.dll [7] 2011-10-01 . 009751094A5A9041723D635AF249DC6F . 5990400 . . [8.00.7601.17699] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17699_none_96268d8ce4681b37\mshtml.dll [7] 2011-07-22 . CF3C3365DC28AB97636BF11E9BB67927 . 5988864 . . [8.00.7601.21776] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21776_none_96c2c951fd78371a\mshtml.dll [7] 2011-07-22 . A56EBB1297F12728CF8EE028B7964E06 . 5989376 . . [8.00.7600.16853] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16853_none_94656e7ae726a77d\mshtml.dll [7] 2011-07-22 . DD64818174A695E8EC766E50297AB854 . 5988864 . . [8.00.7601.17655] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17655_none_964dcc14e44b4617\mshtml.dll [7] 2011-07-22 . A3EF4E2490DD7CD6C4601FE3FDE34535 . 5990912 . . [8.00.7600.21013] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.21013_none_951a231800240ac5\mshtml.dll [7] 2011-05-28 . 0C32D9FF0FC163239C4B052FE6EFA8E7 . 5984768 . . [8.00.7601.21735] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21735_none_96ed08b7fd58adff\mshtml.dll [7] 2011-05-28 . C57C1B54D6038C0B5AC031C8E920BAF4 . 5984768 . . [8.00.7600.20975] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20975_none_94db6c020052b1d7\mshtml.dll [7] 2011-05-28 . 1816D4CF1A7CBB72298AB120059226D4 . 5984256 . . [8.00.7600.16821] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16821_none_9483ddaae71020fc\mshtml.dll [7] 2011-05-28 . F5B7C30075207A165FF2EED1FF89AB8D . 5984768 . . [8.00.7601.17622] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17622_none_966b3afae435a63f\mshtml.dll [7] 2011-03-07 . 3D2F69861D7B24A3C5B0473583FE3D9D . 5981696 . . [8.00.7601.17573] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17573_none_963629c2e45d4e24\mshtml.dll [7] 2011-03-07 . 5E87C06B924495F6FA381391FDE0C9D4 . 5981696 . . [8.00.7601.21676] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.21676_none_96c2c76bfd7839f3\mshtml.dll [7] 2011-02-24 . F861A76F208BD31031A91412AA77BD4F . 5982720 . . [8.00.7600.20908] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.20908_none_952a1c5400173a45\mshtml.dll [7] 2011-02-24 . C75417DD80FE9D56A906DD9DA791ED6F . 5981696 . . [8.00.7600.16766] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7600.16766_none_945d9d86e72c124c\mshtml.dll [7] 2010-11-20 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514] .. c:\windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll . ((((((((((((((((((((((((((((( SnapShot@2012-04-03_16.46.41 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-04-03 16:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-03 22:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-04-03 22:28 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-03 16:46 65536 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-03 16:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-04-03 22:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 05:10 . 2012-04-03 16:49 40130 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-17 13:03 . 2012-04-03 16:49 14058 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-384726606-739662325-2792835686-1000_UserData.bin - 2012-04-03 16:46 . 2012-04-03 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-04-03 22:28 . 2012-04-03 22:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-04-03 16:46 . 2012-04-03 16:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-04-03 22:28 . 2012-04-03 22:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2012-04-03 16:52 826382 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-04-03 16:45 483032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-04-03 22:27 483032 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 02:36 . 2012-04-03 16:52 1430948 c:\windows\system32\perfh009.dat + 2011-05-17 19:45 . 2012-04-03 22:27 9350848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-384726606-739662325-2792835686-1000-12288.dat - 2011-05-17 19:45 . 2012-04-03 16:45 9350848 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-384726606-739662325-2792835686-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Razer Naga Driver"="c:\program files (x86)\Razer\Naga\RazerNagaSysTray.exe" [2011-04-12 953232] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLUA"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x] R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files (x86)\Overwolf\\OverwolfUpdater.exe [2012-03-07 18360] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [x] R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976] R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x] R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x] S2 hshld;Hotspot Shield Service;c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-11-22 330072] S2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2011-11-15 329544] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-09-22 645048] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x] S3 nuvotoncir;Nuvoton IR Transceiver;c:\windows\system32\DRIVERS\nuvotoncir.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] S3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 15:37] . 2012-04-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-14 15:37] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-31 8095776] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880] "combofix"="c:\combofix\CF16159.3XE" [2009-07-14 344576] . ------- Bijkomende Scan ------- . mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\mizo\AppData\Roaming\Mozilla\Firefox\Profiles\4ozoo2f2.default\ . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}"=hex:51,66,7a,6c,4c,1d,38,12,3a,a3,f7, fd,83,a7,ad,0e,fc,b5,35,e1,ab,2d,25,64 "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:58,89,02,bb,c8,fe,cc,01 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe . ************************************************************************** . Voltooingstijd: 2012-04-04 00:35:21 - machine werd herstart ComboFix-quarantined-files.txt 2012-04-03 22:35 ComboFix2.txt 2012-04-03 16:54 . Pre-Run: 78,288,588,800 bytes free Post-Run: 77,970,472,960 bytes free . - - End Of File - - 9EEFA8207E4C14FEE0F1FCE17E2D2F87