ComboFix 13-02-13.01 - H-E 13/02/2013 18:29:53.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4087.2743 [GMT 1:00] Gestart vanuit: c:\users\H-E\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\H-E\Desktop\CFScript.txt SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\ExpressFiles c:\program files (x86)\ExpressFiles\uninstall.exe c:\program files (x86)\SweetIM c:\program files (x86)\SweetIM\Communicator\mgcommon.dll c:\program files (x86)\SweetIM\Communicator\mgcommunication.dll c:\program files (x86)\SweetIM\Communicator\mgsimcommon.dll c:\program files (x86)\SweetIM\Communicator\mgxml_wrapper.dll c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcm90.dll c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcp90.dll c:\program files (x86)\SweetIM\Communicator\Microsoft.VC90.CRT\msvcr90.dll c:\program files (x86)\SweetIM\Communicator\resources\sqlite\mgSqlite3.dll c:\program files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe c:\program files (x86)\SweetIM\Messenger\ContentPackagesActivationHandler.exe c:\program files (x86)\SweetIM\Messenger\default.xml c:\program files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll c:\program files (x86)\SweetIM\Messenger\mgArchive.dll c:\program files (x86)\SweetIM\Messenger\mgcommon.dll c:\program files (x86)\SweetIM\Messenger\mgcommunication.dll c:\program files (x86)\SweetIM\Messenger\mgconfig.dll c:\program files (x86)\SweetIM\Messenger\mgFlashPlayer.dll c:\program files (x86)\SweetIM\Messenger\mghooking.dll c:\program files (x86)\SweetIM\Messenger\mgICQAuto.dll c:\program files (x86)\SweetIM\Messenger\mgICQMessengerAdapter.dll c:\program files (x86)\SweetIM\Messenger\mglogger.dll c:\program files (x86)\SweetIM\Messenger\mgMediaPlayer.dll c:\program files (x86)\SweetIM\Messenger\mgMsnAuto.dll c:\program files (x86)\SweetIM\Messenger\mgMsnMessengerAdapter.dll c:\program files (x86)\SweetIM\Messenger\mgsimcommon.dll c:\program files (x86)\SweetIM\Messenger\mgSweetIM.dll c:\program files (x86)\SweetIM\Messenger\mgUpdateSupport.dll c:\program files (x86)\SweetIM\Messenger\mgxml_wrapper.dll c:\program files (x86)\SweetIM\Messenger\mgYahooAuto.dll c:\program files (x86)\SweetIM\Messenger\mgYahooMessengerAdapter.dll c:\program files (x86)\SweetIM\Messenger\msvcp71.dll c:\program files (x86)\SweetIM\Messenger\msvcr71.dll c:\program files (x86)\SweetIM\Messenger\resources\images\AudibleButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\DisplayPicturesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\EmoticonButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\GamesButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\KeyboardButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\NudgeButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\SoundFxButton.png c:\program files (x86)\SweetIM\Messenger\resources\images\WinksButton.png c:\program files (x86)\SweetIM\Messenger\resources\sqlite\mgSqlite3.dll c:\program files (x86)\SweetIM\Messenger\SweetIM.exe c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png c:\program files (x86)\sweetpacks bundle uninstaller c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe c:\program files (x86)\Yontoo c:\program files (x86)\Yontoo\OptChrome.exe c:\program files (x86)\Yontoo\YontooIEClient.dll c:\program files (x86)\Yontoo\YontooLayers.crx c:\programdata\1360701673.bdinstall.bin c:\programdata\1360702112.bdinstall.bin c:\programdata\1360776390.bdinstall.bin c:\programdata\SweetIM c:\programdata\SweetIM\Communicator\conf\communicator.xml c:\programdata\SweetIM\Messenger\conf\adapter.xml c:\programdata\SweetIM\Messenger\conf\autoupdate.xml c:\programdata\SweetIM\Messenger\conf\contentpackages.xml c:\programdata\SweetIM\Messenger\conf\logger.xml c:\programdata\SweetIM\Messenger\conf\messages.xml c:\programdata\SweetIM\Messenger\conf\sweetim.xml c:\programdata\SweetIM\Messenger\conf\sweetimapp.xml c:\programdata\SweetIM\Messenger\conf\users\main_user_config.xml c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.js c:\programdata\SweetIM\Messenger\data\Bars\Default\100\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.js c:\programdata\SweetIM\Messenger\data\Bars\Default\200\bar.swf c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.html c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.js c:\programdata\SweetIM\Messenger\data\Bars\Default\400\bar.swf c:\programdata\SweetIM\Messenger\data\contentdb\cache_indx.dat c:\programdata\SweetIM\Messenger\data\contentdb\installcontentvalidation.xml c:\programdata\SweetIM\Messenger\data\packages\FailDialog\activationFail.htm c:\programdata\SweetIM\Messenger\data\packages\FailDialog\close_but.gif c:\programdata\SweetIM\Messenger\data\packages\FailDialog\failure_dialog_BG.jpg c:\programdata\SweetIM\Messenger\update\sweetimsetup.exe c:\programdata\Tarma Installer c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico c:\users\H-E\AppData\Roaming\ExpressFiles c:\users\H-E\AppData\Roaming\ExpressFiles\blacklist.dat c:\users\H-E\Tracing c:\users\H-E\Tracing\WindowsLiveMessenger-uccapi-0.uccapilog . . (((((((((((((((((((( Bestanden Gemaakt van 2013-01-13 to 2013-02-13 )))))))))))))))))))))))))))))) . . 2013-02-13 17:33 . 2013-02-13 17:33 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-02-13 17:33 . 2013-02-13 17:33 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-02-13 17:33 . 2013-02-13 17:33 -------- d-----w- c:\users\Gebruiker\AppData\Local\temp 2013-02-13 17:33 . 2013-02-13 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-08 17:58 . 2013-02-08 17:58 388096 ----a-r- c:\users\H-E\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-02-08 17:58 . 2013-02-08 17:58 -------- d-----w- c:\program files (x86)\Trend Micro 2013-01-28 11:26 . 2013-01-15 01:45 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D3168BF-3F34-4F81-92B2-067EA43451CB}\mpengine.dll 2013-01-20 22:31 . 2013-01-20 22:31 -------- d-----w- c:\users\H-E\AppData\Local\Programs 2013-01-18 05:37 . 2013-01-18 05:37 -------- d-----w- c:\programdata\bdch . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-11 19:09 . 2012-04-24 18:53 697712 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-11 19:09 . 2012-03-02 09:30 74096 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 11:59 . 2012-05-17 09:25 67599240 ----a-w- c:\windows\system32\MRT.exe 2012-12-16 17:11 . 2012-12-21 12:02 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:45 . 2012-12-21 12:02 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 12:02 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:13 . 2012-12-21 12:02 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 13:20 . 2013-01-09 04:48 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 13:15 . 2013-01-09 04:48 2746368 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 12:26 . 2013-01-09 04:48 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 12:20 . 2013-01-09 04:48 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 11:20 . 2013-01-09 04:48 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 11:20 . 2013-01-09 04:48 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 11:20 . 2013-01-09 04:48 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 11:20 . 2013-01-09 04:48 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 11:20 . 2013-01-09 04:48 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 11:20 . 2013-01-09 04:48 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 11:20 . 2013-01-09 04:48 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 11:19 . 2013-01-09 04:48 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 11:19 . 2013-01-09 04:48 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 11:19 . 2013-01-09 04:48 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 11:19 . 2013-01-09 04:48 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 11:19 . 2013-01-09 04:48 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 11:19 . 2013-01-09 04:48 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 11:19 . 2013-01-09 04:48 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 10:46 . 2013-01-09 04:48 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 10:46 . 2013-01-09 04:48 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 10:46 . 2013-01-09 04:48 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 04:48 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 04:48 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 04:48 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 10:46 . 2013-01-09 04:48 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 04:48 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 10:46 . 2013-01-09 04:48 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 10:46 . 2013-01-09 04:48 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 10:46 . 2013-01-09 04:48 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 10:46 . 2013-01-09 04:48 15360 ----a-w- c:\windows\SysWow64\djctq.rs 2012-12-07 10:46 . 2013-01-09 04:48 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-12-07 10:46 . 2013-01-09 04:48 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-11-30 05:45 . 2013-01-09 04:47 362496 ----a-w- c:\windows\system32\wow64win.dll 2012-11-30 05:45 . 2013-01-09 04:47 243200 ----a-w- c:\windows\system32\wow64.dll 2012-11-30 05:45 . 2013-01-09 04:47 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2012-11-30 05:45 . 2013-01-09 04:47 215040 ----a-w- c:\windows\system32\winsrv.dll 2012-11-30 05:43 . 2013-01-09 04:47 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2012-11-30 05:41 . 2013-01-09 04:47 424448 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 05:41 . 2013-01-09 04:47 1161216 ----a-w- c:\windows\system32\kernel32.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 05:38 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 04:54 . 2013-01-09 04:47 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2012-11-30 04:53 . 2013-01-09 04:47 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 04:47 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:47 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-03-08 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304] "D-Link D-Link Wireless G DWL-G122_DWA-110"="c:\program files (x86)\D-Link\DWL-G122_DWA-110\AirGCFG.exe" [2009-09-18 1708032] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Wireless Connection Manager.lnk - c:\program files (x86)\D-Link\DWA-131 revA\wirelesscm.exe [2012-2-29 505152] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer3"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560] R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-08-20 664576] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys [2009-03-06 15872] S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 WlanWpsSvc;WlanWpsSvc;c:\program files (x86)\D-Link\DWA-131 revA\WlanWpsSvc.exe [2008-06-26 167936] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-27 295424] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-02-02 15:55 1607120 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-02-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 19:09] . 2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 23:29] . 2013-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-08 23:29] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-24 2726728] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.be/ mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10009&barid={AD12DB6E-68C3-11E2-B471-406186C3C388} mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 195.130.131.132 195.130.130.4 . - - - - ORPHANS VERWIJDERD - - - - . BHO-{EEE6C35C-6118-11DC-9C72-001320C79847} - c:\program files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll BHO-{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files (x86)\Yontoo\YontooIEClient.dll AddRemove-Sweetpacks Bundle Uninstaller - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\SysWOW64\ANIWConnService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Voltooingstijd: 2013-02-13 18:38:24 - machine werd herstart ComboFix-quarantined-files.txt 2013-02-13 17:38 ComboFix2.txt 2013-02-12 19:15 ComboFix3.txt 2013-01-28 11:33 ComboFix4.txt 2012-08-02 19:09 . Pre-Run: 107.575.828.480 bytes beschikbaar Post-Run: 107.909.783.552 bytes beschikbaar . - - End Of File - - 2F487813B1D438F0BE91C3C24BA9CA57