ComboFix 12-11-03.02 - Everts 04-11-2012   8:23.2.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.2924.1724 [GMT 1:00]
Gestart vanuit: c:\users\Everts\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Everts\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Partner
c:\programdata\Partner\debug.log
c:\programdata\Partner\Partner.dll
c:\programdata\Partner\Partner.exe
c:\programdata\Partner\Partner64.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Partner Service
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-10-04 to 2012-11-04  ))))))))))))))))))))))))))))))
.
.
2012-11-04 07:28 . 2012-11-04 07:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-11-03 22:10 . 2012-10-17 00:31	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5384812-7659-44F3-A76C-F83846C004B2}\mpengine.dll
2012-11-03 18:03 . 2012-11-03 18:03	--------	d-----w-	c:\program files (x86)\Trend Micro
2012-11-03 15:57 . 2012-11-03 15:57	--------	d-----w-	c:\programdata\Malwarebytes
2012-11-03 15:57 . 2012-11-03 15:57	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-03 15:57 . 2012-09-29 18:54	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-11-02 13:35 . 2012-10-17 00:31	9291768	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-31 13:36 . 2012-10-31 13:36	--------	d-----w-	c:\program files (x86)\BankingTools
2012-10-31 10:44 . 2012-10-31 12:38	--------	d-----w-	c:\program files (x86)\Mozilla Thunderbird
2012-10-28 09:02 . 2012-10-31 13:36	--------	d-----w-	c:\programdata\BankingTools
2012-10-25 13:41 . 2012-10-25 13:41	--------	d-----w-	c:\program files (x86)\Common Files\Adobe
2012-10-22 14:53 . 2012-10-22 14:53	--------	d-----w-	c:\programdata\ASUS
2012-10-21 15:29 . 2012-10-21 15:29	--------	d-----w-	c:\programdata\McAfee
2012-10-21 15:29 . 2012-10-21 15:32	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-21 15:29 . 2012-10-21 15:32	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-21 15:29 . 2012-10-21 15:29	--------	d-----w-	c:\windows\system32\Macromed
2012-10-21 14:46 . 2012-08-22 18:12	1913200	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-10-21 14:46 . 2012-08-22 18:12	376688	----a-w-	c:\windows\system32\drivers\netio.sys
2012-10-21 14:46 . 2012-08-22 18:12	288624	----a-w-	c:\windows\system32\drivers\FWPKCLNT.SYS
2012-10-21 14:46 . 2011-01-17 11:09	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-10-21 14:46 . 2011-01-17 05:47	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-10-21 14:46 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-10-21 14:46 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-10-21 14:46 . 2012-08-21 21:01	245760	----a-w-	c:\windows\system32\OxpsConverter.exe
2012-10-21 14:46 . 2012-08-22 18:12	950128	----a-w-	c:\windows\system32\drivers\ndis.sys
2012-10-21 14:46 . 2012-07-04 20:26	41472	----a-w-	c:\windows\system32\drivers\RNDISMP.sys
2012-10-21 14:09 . 2012-10-21 14:09	--------	d-----w-	c:\windows\SysWow64\Adobe
2012-10-21 12:37 . 2012-08-07 14:18	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-21 12:37 . 2012-08-07 14:18	972192	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F5AC4828-76A4-46CA-B4DD-763B4B4CB082}\gapaengine.dll
2012-10-21 12:36 . 2012-01-31 12:44	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-10-21 09:04 . 2012-10-21 09:07	--------	d-----w-	c:\program files (x86)\IZArc
2012-10-20 22:51 . 2012-10-20 22:51	--------	d-----w-	c:\program files (x86)\Streamripper
2012-10-20 22:43 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\SysWow64\D3DX9_42.dll
2012-10-20 22:43 . 2006-09-28 14:05	2414360	----a-w-	c:\windows\SysWow64\d3dx9_31.dll
2012-10-20 22:42 . 2012-10-20 22:42	--------	d-----w-	c:\program files (x86)\Winamp Detect
2012-10-20 22:42 . 2012-10-20 22:42	--------	d-----w-	c:\program files (x86)\Common Files\PX Storage Engine
2012-10-20 22:42 . 2012-10-20 22:44	--------	d-----w-	c:\program files (x86)\Winamp
2012-10-20 22:21 . 2012-10-20 22:21	--------	d-----w-	c:\program files\CCleaner
2012-10-20 22:10 . 2012-11-01 05:35	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service
2012-10-20 05:44 . 2012-10-20 05:44	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-10-20 05:30 . 2012-10-20 05:30	--------	d-----w-	c:\windows\system32\SPReview
2012-10-20 05:29 . 2012-10-20 05:29	--------	d-----w-	c:\windows\system32\EventProviders
2012-10-20 05:22 . 2010-11-20 13:27	1888256	----a-w-	c:\windows\system32\WMVDECOD.DLL
2012-10-20 05:21 . 2010-11-20 13:27	475136	----a-w-	c:\windows\system32\wlangpui.dll
2012-10-20 05:20 . 2010-11-20 13:27	182784	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-10-20 05:18 . 2010-11-20 13:34	2560	----a-w-	c:\windows\system32\drivers\nl-NL\rdpwd.sys.mui
2012-10-20 05:18 . 2010-11-20 13:33	3584	----a-w-	c:\windows\system32\drivers\nl-NL\tsusbflt.sys.mui
2012-10-20 05:18 . 2010-11-20 13:27	3072	----a-w-	c:\windows\system32\drivers\nl-NL\Dot4usb.sys.mui
2012-10-20 05:18 . 2010-11-20 13:26	399872	----a-w-	c:\windows\system32\dpx.dll
2012-10-20 05:18 . 2010-11-20 12:21	189952	----a-w-	c:\windows\SysWow64\wdscore.dll
2012-10-20 05:18 . 2010-11-20 12:21	189952	----a-w-	c:\windows\SysWow64\sqmapi.dll
2012-10-20 05:18 . 2010-11-20 12:21	189952	----a-w-	c:\program files (x86)\Windows Portable Devices\sqmapi.dll
2012-10-20 05:18 . 2010-11-20 12:21	363008	----a-w-	c:\windows\SysWow64\wbemcomn.dll
2012-10-20 05:18 . 2010-11-20 12:19	606208	----a-w-	c:\windows\SysWow64\wbem\fastprox.dll
2012-10-20 05:15 . 2010-11-20 13:27	529408	----a-w-	c:\windows\system32\wbemcomn.dll
2012-10-20 05:15 . 2010-11-20 13:27	244736	----a-w-	c:\program files\Windows Portable Devices\sqmapi.dll
2012-10-20 05:15 . 2010-11-20 13:27	244736	----a-w-	c:\windows\system32\sqmapi.dll
2012-10-19 21:23 . 2012-10-19 21:23	--------	d-----w-	c:\windows\system32\log
2012-10-19 14:32 . 2012-08-11 00:56	715776	----a-w-	c:\windows\system32\kerberos.dll
2012-10-19 14:32 . 2012-08-10 23:56	542208	----a-w-	c:\windows\SysWow64\kerberos.dll
2012-10-19 14:32 . 2012-09-14 19:19	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-19 14:32 . 2012-09-14 18:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-19 14:32 . 2012-06-09 05:43	14172672	----a-w-	c:\windows\system32\shell32.dll
2012-10-19 14:32 . 2012-04-28 03:55	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-10-19 14:27 . 2012-06-02 05:41	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-19 14:27 . 2012-06-02 05:41	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-19 14:27 . 2012-06-02 05:41	1464320	----a-w-	c:\windows\system32\crypt32.dll
2012-10-19 14:27 . 2012-06-02 04:36	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-19 14:27 . 2012-06-02 04:36	1159680	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-19 14:27 . 2012-06-02 04:36	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-19 14:26 . 2011-12-16 08:46	634880	----a-w-	c:\windows\system32\msvcrt.dll
2012-10-19 14:26 . 2011-12-16 07:52	690688	----a-w-	c:\windows\SysWow64\msvcrt.dll
2012-10-19 14:26 . 2012-05-14 05:26	956928	----a-w-	c:\windows\system32\localspl.dll
2012-10-19 14:26 . 2010-11-20 13:27	39424	----a-w-	c:\windows\system32\Spool\prtprocs\x64\winprint.dll
2012-10-19 14:26 . 2010-11-20 13:24	2164224	----a-w-	c:\program files\Windows Journal\Journal.exe
2012-10-19 14:26 . 2012-03-31 05:42	1732096	----a-w-	c:\program files\Windows Journal\NBDoc.DLL
2012-10-19 14:26 . 2012-03-31 05:40	1367552	----a-w-	c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-10-19 14:26 . 2012-03-31 04:29	936960	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-10-19 14:26 . 2012-03-31 05:40	1402880	----a-w-	c:\program files\Windows Journal\JNWDRV.dll
2012-10-19 14:26 . 2012-03-31 05:40	1393664	----a-w-	c:\program files\Windows Journal\JNTFiltr.dll
2012-10-19 13:56 . 2012-03-01 06:46	23408	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-10-19 13:56 . 2012-03-01 06:33	81408	----a-w-	c:\windows\system32\imagehlp.dll
2012-10-19 13:56 . 2012-03-01 06:28	5120	----a-w-	c:\windows\system32\wmi.dll
2012-10-19 13:56 . 2012-03-01 05:33	159232	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-10-19 13:56 . 2012-03-01 05:29	5120	----a-w-	c:\windows\SysWow64\wmi.dll
2012-10-19 13:54 . 2011-10-26 05:21	43520	----a-w-	c:\windows\system32\csrsrv.dll
2012-10-19 13:54 . 2011-08-27 05:37	861696	----a-w-	c:\windows\system32\oleaut32.dll
2012-10-19 13:54 . 2011-08-27 05:37	331776	----a-w-	c:\windows\system32\oleacc.dll
2012-10-19 13:54 . 2011-08-27 04:26	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2012-10-19 13:54 . 2011-08-27 04:26	233472	----a-w-	c:\windows\SysWow64\oleacc.dll
2012-10-19 13:54 . 2011-02-23 04:55	90624	----a-w-	c:\windows\system32\drivers\bowser.sys
2012-10-19 13:54 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-10-19 13:54 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-10-19 13:49 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-10-19 13:49 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-10-19 13:24 . 2012-02-17 06:38	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-10-19 13:24 . 2012-02-17 05:34	826880	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-10-19 13:24 . 2012-02-17 04:57	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-10-19 13:23 . 2012-10-19 13:23	--------	d-----w-	c:\programdata\Intel
2012-10-19 13:20 . 2012-10-19 13:33	--------	d-----w-	c:\program files\Recuva
2012-10-19 13:17 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-10-19 13:17 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-10-19 13:17 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-10-19 13:17 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-10-19 13:16 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-10-19 13:16 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-10-19 13:16 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-10-19 13:14 . 2012-01-04 10:44	509952	----a-w-	c:\windows\system32\ntshrui.dll
2012-10-19 13:14 . 2012-01-04 08:58	442880	----a-w-	c:\windows\SysWow64\ntshrui.dll
2012-10-19 13:12 . 2012-05-05 08:36	503808	----a-w-	c:\windows\system32\srcore.dll
2012-10-19 13:12 . 2012-05-05 07:46	43008	----a-w-	c:\windows\SysWow64\srclient.dll
2012-10-19 13:12 . 2010-11-20 13:25	296960	----a-w-	c:\windows\system32\rstrui.exe
2012-10-19 13:12 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-10-19 13:12 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-10-19 13:12 . 2012-10-19 13:12	--------	d-----w-	c:\program files (x86)\Microsoft Security Client
2012-10-19 13:11 . 2012-10-19 13:12	--------	d-----w-	c:\program files\Microsoft Security Client
2012-10-19 13:06 . 2011-02-18 10:51	31232	----a-w-	c:\windows\system32\prevhost.exe
2012-10-19 13:06 . 2011-02-18 05:39	31232	----a-w-	c:\windows\SysWow64\prevhost.exe
2012-10-19 13:05 . 2012-02-11 06:43	751104	----a-w-	c:\windows\system32\win32spl.dll
2012-10-19 13:05 . 2012-02-11 06:36	559104	----a-w-	c:\windows\system32\spoolsv.exe
2012-10-19 13:05 . 2012-02-11 06:36	67072	----a-w-	c:\windows\splwow64.exe
2012-10-19 13:05 . 2012-02-11 05:43	492032	----a-w-	c:\windows\SysWow64\win32spl.dll
2012-10-19 12:58 . 2012-10-19 12:58	--------	d-----w-	c:\program files (x86)\Microsoft Synchronization Services
2012-10-19 12:55 . 2012-10-19 12:55	--------	d-----w-	c:\program files (x86)\Microsoft Visual Studio 8
2012-10-19 12:55 . 2012-10-19 12:55	--------	d-----w-	c:\program files\Microsoft Office
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 06:20 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2012-10-20 06:20 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2012-08-30 20:03 . 2012-08-30 20:03	228768	----a-w-	c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2012-08-30 20:03	128456	----a-w-	c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-20 17:38 . 2012-10-19 13:13	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2009-04-08 18:31 . 2009-04-08 18:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Boingo Wi-Fi"="c:\program files (x86)\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-11-17 2429]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-05-03 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-08-12 1597440]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 128456]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-12 368896]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-10-19 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-06-22 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-07-21 129024]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2009-08-18 143472]
S3 JME;JMicron Ethernet Adapter NDIS6.20 Driver (Amd64 Bits);c:\windows\system32\DRIVERS\JME.sys [2010-02-25 115312]
.
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-21 15:32]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 03:13]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-17 03:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 1289704]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-01-10 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-01-10 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-01-10 417560]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
AddRemove-K_Series_ScreenSaver_EN - c:\windows\system32\K_Series_ScreenSaver_EN.scr
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\windows\SysWOW64\ACEngSvr.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeck.exe
.
**************************************************************************
.
Voltooingstijd: 2012-11-04  08:34:47 - machine werd herstart
ComboFix-quarantined-files.txt  2012-11-04 07:34
ComboFix2.txt  2012-11-03 22:04
.
Pre-Run: 44.733.890.560 bytes beschikbaar
Post-Run: 44.337.094.656 bytes beschikbaar
.
- - End Of File - - B6DD7B324D8157E27A492C10C98BF0E8