ComboFix 12-09-23.02 - Brian 23-09-2012 18:52:46.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3959.2586 [GMT 2:00] Gestart vanuit: c:\users\Brian\Desktop\ComboFix.exe AV: McAfee Antivirus en antispyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} SP: McAfee Antivirus en antispyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))) . . 2012-09-23 00:15 . 2012-09-23 00:15 -------- d-----w- c:\programdata\F-Secure 2012-09-22 23:53 . 2012-09-22 23:53 56016 ----a-w- c:\windows\system32\drivers\fsbts.sys 2012-09-22 22:50 . 2012-09-22 22:50 -------- d-----w- c:\windows\SysWow64\wbem\Logs 2012-09-22 02:00 . 2012-09-22 02:00 -------- d-----w- c:\program files\VideoLAN 2012-09-21 21:20 . 2012-09-21 21:21 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-09-20 22:47 . 2012-09-13 19:03 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys 2012-09-20 22:47 . 2012-09-20 22:47 -------- d-----w- c:\program files\Soluto 2012-09-19 01:14 . 2012-09-19 01:14 -------- d-----w- c:\programdata\WD_SmartWareCommon 2012-09-18 22:14 . 2012-09-18 22:14 -------- d-----w- c:\program files\Macrium 2012-09-15 19:20 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-09-15 19:20 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-09-15 19:10 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-09-15 19:10 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys 2012-09-15 19:09 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-09-15 19:09 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-09-15 19:09 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-09-15 18:46 . 2012-06-22 05:35 76736 ----a-w- c:\windows\system32\drivers\mfenlfk.sys 2012-09-15 18:15 . 2012-09-15 18:15 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2 2012-09-15 18:04 . 2012-09-15 18:04 -------- d-----w- c:\windows\system32\SPReview 2012-09-15 18:02 . 2012-09-15 18:02 -------- d-----w- c:\windows\system32\EventProviders 2012-09-15 17:25 . 2010-11-20 13:27 680960 ----a-w- c:\windows\system32\termsrv.dll 2012-09-15 17:24 . 2010-11-20 13:33 31104 ----a-w- c:\windows\system32\drivers\msahci.sys 2012-09-15 17:23 . 2010-11-20 13:25 109568 ----a-w- c:\windows\system32\nslookup.exe 2012-09-15 17:22 . 2010-11-20 13:27 37376 ----a-w- c:\windows\system32\shimgvw.dll 2012-09-15 17:21 . 2010-11-20 13:02 6656 ----a-w- c:\windows\system32\KBDGEO.DLL 2012-09-15 17:20 . 2010-11-20 13:27 3072 ----a-w- c:\windows\system32\drivers\nl-NL\Dot4usb.sys.mui 2012-09-15 17:20 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll 2012-09-15 17:20 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\wdscore.dll 2012-09-15 17:20 . 2010-11-20 12:21 189952 ----a-w- c:\windows\SysWow64\sqmapi.dll 2012-09-15 17:20 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll 2012-09-15 17:20 . 2010-11-20 12:21 189952 ----a-w- c:\program files (x86)\Windows Portable Devices\sqmapi.dll 2012-09-15 17:20 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll 2012-09-15 17:19 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll 2012-09-15 17:19 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll 2012-09-15 17:19 . 2010-11-20 13:27 244736 ----a-w- c:\windows\system32\sqmapi.dll 2012-09-14 22:27 . 2012-04-20 14:40 196440 ----a-w- c:\windows\system32\drivers\HipShieldK.sys 2012-09-14 22:26 . 2012-06-22 05:37 10288 ----a-w- c:\windows\system32\drivers\mfeclnk.sys 2012-09-14 22:26 . 2012-09-14 22:26 -------- d-----w- c:\program files (x86)\Common Files\McAfee 2012-09-14 22:26 . 2012-06-22 05:40 69672 ----a-w- c:\windows\system32\drivers\cfwids.sys 2012-09-14 22:26 . 2012-06-22 05:36 106112 ----a-w- c:\windows\system32\drivers\mferkdet.sys 2012-09-14 22:26 . 2012-06-22 05:35 513456 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2012-09-14 22:26 . 2012-06-22 05:34 300392 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2012-09-14 22:26 . 2012-09-14 22:26 -------- d-----w- c:\program files\Common Files\McAfee 2012-09-14 22:26 . 2012-09-14 22:27 -------- d-----w- c:\program files\McAfee 2012-09-14 22:26 . 2012-09-14 22:38 -------- d-----w- c:\program files (x86)\McAfee 2012-09-14 21:00 . 2012-09-14 21:00 -------- d-----w- c:\program files (x86)\uTorrent 2012-09-14 17:29 . 2012-09-14 17:29 -------- d-----r- c:\program files (x86)\Skype 2012-09-14 17:29 . 2012-09-14 17:29 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-09-14 17:24 . 2012-09-14 17:29 -------- d-----w- c:\programdata\Skype 2012-09-14 16:54 . 2012-09-14 16:54 -------- d-----w- c:\program files\Microsoft Silverlight 2012-09-14 16:54 . 2012-09-14 16:54 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2012-09-14 16:53 . 2012-09-14 16:53 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-09-14 16:53 . 2012-09-14 16:52 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-14 16:53 . 2012-09-14 16:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 16:53 . 2012-09-14 16:52 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-14 16:52 . 2012-09-14 16:52 -------- d-----w- c:\program files (x86)\Java 2012-09-14 16:51 . 2012-09-14 16:51 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-14 16:51 . 2012-09-14 16:51 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-14 16:51 . 2012-09-14 16:51 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-14 16:51 . 2012-09-14 16:51 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-14 16:51 . 2012-09-14 16:51 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-14 16:51 . 2012-09-14 16:51 188904 ----a-w- c:\windows\system32\java.exe 2012-09-14 16:51 . 2012-09-14 16:51 -------- d-----w- c:\program files\Java 2012-09-14 16:50 . 2012-09-18 22:10 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-14 16:50 . 2012-09-18 22:10 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-14 16:50 . 2012-09-14 16:50 -------- d-----w- c:\windows\system32\Macromed 2012-09-14 16:44 . 2012-09-14 16:44 -------- d-----w- c:\programdata\LogiShrd 2012-09-14 16:40 . 2012-09-14 16:40 -------- d-----w- c:\windows\SysWow64\logishrd 2012-09-14 16:40 . 2012-09-14 16:40 -------- d-----w- c:\windows\system32\logishrd 2012-09-14 16:40 . 2012-09-14 16:40 -------- d-----w- c:\programdata\Logitech 2012-09-14 16:40 . 2012-09-14 16:40 -------- d-----w- c:\program files (x86)\Common Files\LWS 2012-09-14 16:40 . 2012-09-14 16:57 -------- d-----w- c:\program files (x86)\Logitech 2012-09-14 16:39 . 2012-09-14 16:47 -------- d-----w- c:\program files (x86)\Common Files\logishrd 2012-09-14 16:39 . 2012-09-14 16:47 -------- d-----w- c:\program files\Common Files\logishrd 2012-09-14 16:36 . 2012-09-14 16:36 -------- d-----w- c:\programdata\Western Digital 2012-09-14 16:36 . 2012-09-14 16:36 -------- d-----w- c:\program files\Western Digital 2012-09-14 16:36 . 2012-09-14 16:36 -------- d-----w- c:\program files (x86)\Western Digital 2012-09-14 16:27 . 2012-09-20 22:47 -------- dc----w- c:\windows\system32\DRVSTORE 2012-09-14 16:21 . 2012-09-14 16:21 -------- d-----w- c:\windows\nl 2012-09-14 16:21 . 2012-09-14 16:21 -------- d-----w- c:\program files (x86)\Vuze 2012-09-14 16:20 . 2012-09-14 16:20 -------- d-----w- c:\windows\en 2012-09-14 16:19 . 2012-09-14 16:19 -------- d-----w- c:\program files\Windows Live 2012-09-14 16:17 . 2010-06-02 02:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-09-14 16:17 . 2010-06-02 02:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll 2012-09-14 16:17 . 2010-06-02 02:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll 2012-09-14 16:17 . 2010-06-02 02:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-09-14 16:17 . 2010-05-26 09:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-09-14 16:17 . 2010-05-26 09:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-09-14 16:17 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll 2012-09-14 16:17 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll 2012-09-14 16:13 . 2012-09-14 16:13 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d2f02b761cd929306\DSETUP.dll 2012-09-14 16:13 . 2012-09-14 16:13 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d2f02b761cd929306\DXSETUP.exe 2012-09-14 16:13 . 2012-09-14 16:13 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d2f02b761cd929306\dsetup32.dll 2012-09-14 16:13 . 2012-09-14 16:13 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d18b1d0d1cd929304\DSETUP.dll 2012-09-14 16:13 . 2012-09-14 16:13 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d18b1d0d1cd929304\DXSETUP.exe 2012-09-14 16:13 . 2012-09-14 16:13 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\d18b1d0d1cd929304\dsetup32.dll 2012-09-14 16:12 . 2012-09-14 16:12 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd9512d81cd929301\DSETUP.dll 2012-09-14 16:12 . 2012-09-14 16:12 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd9512d81cd929301\DXSETUP.exe 2012-09-14 16:12 . 2012-09-14 16:12 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\cd9512d81cd929301\dsetup32.dll 2012-09-14 16:12 . 2012-09-20 22:52 -------- d-----w- c:\programdata\Soluto 2012-09-14 16:05 . 2012-09-14 16:05 -------- d-----w- c:\program files (x86)\Microsoft.NET 2012-09-14 16:00 . 2012-09-14 16:01 -------- d-----w- c:\windows\SysWow64\Wat 2012-09-14 16:00 . 2012-09-14 16:00 -------- d-----w- c:\windows\system32\Wat 2012-09-14 16:00 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-09-14 16:00 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-09-14 16:00 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-09-14 16:00 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-09-14 16:00 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-09-14 16:00 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-09-14 16:00 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-09-14 15:59 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-09-14 15:59 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-09-14 15:59 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-09-14 15:59 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-09-14 15:59 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-09-14 15:57 . 2012-09-14 22:16 -------- d-----w- c:\programdata\AVAST Software 2012-09-14 15:48 . 2012-06-22 05:38 177144 ----a-w- c:\windows\system32\mfevtps.exe 2012-09-14 15:48 . 2012-09-15 01:28 -------- d-----w- c:\programdata\McAfee 2012-09-14 15:37 . 2012-09-14 15:37 -------- d-----w- c:\program files\WinRAR 2012-09-14 15:37 . 2012-09-14 15:37 -------- d-----w- c:\program files (x86)\VirusTotalUploader2 2012-09-14 15:36 . 2012-09-22 02:00 -------- d-----w- c:\program files (x86)\VideoLAN 2012-09-14 15:35 . 2012-09-14 15:35 -------- d-----w- c:\program files (x86)\TeamViewer 2012-09-14 15:33 . 2012-09-14 15:34 -------- d-----w- c:\program files (x86)\LibreOffice 3.6 2012-09-14 15:32 . 2012-09-14 16:31 -------- d-----w- c:\program files (x86)\Google 2012-09-14 15:32 . 2012-09-18 22:49 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-15 18:36 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-09-15 18:36 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-09-14 16:18 . 2010-06-24 19:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-07-28 01:09 . 2012-07-28 01:09 57792 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-07-28 00:54 . 2012-07-28 00:54 321472 ----a-w- c:\windows\WLXPGSS.SCR 2012-07-26 17:08 . 2012-07-26 17:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll 2012-07-26 17:08 . 2012-07-26 17:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll 2012-07-26 17:08 . 2012-07-26 17:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll 2012-07-26 17:08 . 2012-07-26 17:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll 2012-07-26 17:08 . 2012-07-26 17:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll 2012-07-26 13:22 . 2012-07-26 13:22 828872 ----a-w- c:\windows\system32\msvcr110.dll 2012-07-26 13:22 . 2012-07-26 13:22 661448 ----a-w- c:\windows\system32\msvcp110.dll 2012-07-26 13:22 . 2012-07-26 13:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll 2012-07-26 13:22 . 2012-07-26 13:22 177096 ----a-w- c:\windows\system32\atl110.dll 2012-07-26 13:22 . 2012-07-26 13:22 124360 ----a-w- c:\windows\system32\vcomp110.dll 2012-07-17 13:14 . 2012-07-17 13:14 253184 ----a-w- c:\windows\system32\LIVESSP.DLL 2012-07-17 12:49 . 2012-07-17 12:49 209648 ----a-w- c:\windows\SysWow64\LIVESSP.DLL . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FileHippo.com"="c:\program files (x86)\FileHippo.com\UpdateChecker.exe" [2012-03-26 306688] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-11-23 98304] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-06-21 1527896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WDDMStatus.lnk - c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe [2010-1-21 2119488] WDSmartWare.lnk - c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe [2010-1-21 9136960] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "HideFastUserSwitching"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] R3 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] R3 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 116648] R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [2012-04-20 196440] R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2010-08-06 681528] R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2010-05-14 271712] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2012-06-22 106112] R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-14 1255736] R4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-18 250288] R4 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 116648] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-09-22 56016] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2012-06-22 335784] S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-09-13 54728] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\users\Brian\Desktop\virus scanner\virus scanners\emsisoft\Run\a2ddax64.sys [2012-06-12 23208] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-23 203264] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-05-11 200728] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-06-22 218320] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2012-06-22 177144] S2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2012-09-12 301760] S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-09-13 603704] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-08-31 2754984] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 WDDMService;WD SmartWare Drive Manager Service;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-01-21 130048] S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [2009-06-16 20480] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-23 7886848] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-23 285696] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2012-06-22 69672] S3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2012-06-22 513456] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800] S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2009-02-13 14464] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - mfeavfk01 . Inhoud van de 'Gedeelde Taken' map . 2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-14 22:10] . 2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29] . 2012-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-14 16:29] . 2012-09-21 c:\windows\Tasks\HPCeeScheduleForBRIAN-PC$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-09-21 c:\windows\Tasks\HPCeeScheduleForBrian.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-07-26 2782096] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Bijkomende Scan ------- . uStart Page = hxxp://google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Free YouTube Download - c:\users\Brian\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm TCP: DhcpNameServer = 192.168.1.1 . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-4085980671-1877415730-1580475011-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*] "v5Licence0"="15-BDQC-7UK5-EXJX-PX69-4H1M-NKYDU2H" "Activated"="N" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\TeamViewer\Version7\TeamViewer.exe c:\program files (x86)\TeamViewer\Version7\tv_w32.exe . ************************************************************************** . Voltooingstijd: 2012-09-23 19:03:43 - machine werd herstart ComboFix-quarantined-files.txt 2012-09-23 17:03 . Pre-Run: 1.448.443.752.448 bytes beschikbaar Post-Run: 1.448.804.872.192 bytes beschikbaar . - - End Of File - - 492938BB1AA353F9C22802BE6D39FA08