ComboFix 13-03-28.01 - widem 29/03/2013 8:05.2.2 - x64 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.6143.4157 [GMT 1:00] Gestart vanuit: c:\users\widem\Desktop\ComboFix\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\EAD24449D8.sys c:\users\Public\sdelevURL.tmp c:\users\widem\AppData\Local\assembly\tmp c:\users\widem\AppData\Local\assembly\tmp\AICQ9UPZ\__AssemblyInfo__.ini c:\users\widem\AppData\Local\assembly\tmp\AICQ9UPZ\AddinExpress.MSO.2005.DLL c:\users\widem\AppData\Local\assembly\tmp\YDYYSYGL\__AssemblyInfo__.ini c:\users\widem\AppData\Local\assembly\tmp\YDYYSYGL\AddinExpress.OL.2005.DLL . . (((((((((((((((((((( Bestanden Gemaakt van 2013-02-28 to 2013-03-29 )))))))))))))))))))))))))))))) . . 2013-03-29 07:22 . 2013-03-29 07:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-03-29 07:22 . 2013-03-29 07:22 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-03-29 07:22 . 2013-03-29 07:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-03-29 07:22 . 2013-03-29 07:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-03-29 05:58 . 2013-03-15 06:28 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4084927A-0E5D-4241-AAE4-7267C7A22EB7}\mpengine.dll 2013-03-25 14:36 . 2013-03-25 14:36 -------- d-----w- C:\_OTL 2013-03-23 11:16 . 2013-03-29 05:54 -------- d-----w- c:\windows\system32\wbem\repository 2013-03-23 11:14 . 2013-03-23 11:14 24064 ----a-w- c:\windows\zoek-delete.exe 2013-03-17 07:16 . 2013-03-17 07:16 -------- d-----w- c:\program files (x86)\NirSoft 2013-03-16 11:02 . 2013-03-16 11:02 -------- d-----w- c:\program files (x86)\Common Files\Skype 2013-03-16 08:26 . 2013-03-16 08:26 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2013-03-16 08:26 . 2013-03-16 08:26 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite 2013-03-13 06:09 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-12 14:10 . 2011-05-30 13:42 240640 ----a-w- c:\windows\SysWow64\xvidvfw.dll 2013-03-12 14:10 . 2011-05-30 13:42 255488 ----a-w- c:\windows\system32\xvidvfw.dll 2013-03-12 14:10 . 2011-05-23 09:52 153088 ----a-w- c:\windows\SysWow64\xvid.ax 2013-03-12 14:10 . 2011-05-23 07:49 173568 ----a-w- c:\windows\system32\xvid.ax 2013-03-12 14:10 . 2011-05-23 07:46 645632 ----a-w- c:\windows\SysWow64\xvidcore.dll 2013-03-12 14:10 . 2011-05-23 07:45 696832 ----a-w- c:\windows\system32\xvidcore.dll 2013-03-12 14:10 . 2013-03-12 14:11 -------- d-----w- c:\program files (x86)\Xvid 2013-03-12 13:17 . 2010-11-20 13:26 381440 ----a-w- c:\windows\system32\mfds.dll.bak 2013-03-12 13:16 . 2010-11-20 12:19 296448 ----a-w- c:\windows\SysWow64\mfds.dll.bak 2013-03-12 13:12 . 2013-03-12 13:12 -------- d-----w- c:\users\widem\AppData\Roaming\Shark007 2013-03-12 13:12 . 2013-03-12 13:12 -------- d-----w- c:\programdata\Shark007 2013-03-12 13:12 . 2013-02-27 06:53 4254720 ----a-w- c:\windows\system32\x264vfw.dll 2013-03-12 13:12 . 2011-12-07 18:37 148992 ----a-w- c:\windows\system32\lagarith.dll 2013-03-12 13:12 . 2013-01-07 09:00 1921024 ----a-w- c:\windows\system32\VSFilter.dll 2013-03-12 13:12 . 2012-12-13 21:59 127488 ----a-w- c:\windows\system32\ff_vfw.dll 2013-03-12 13:12 . 2012-07-21 10:55 180736 ----a-w- c:\windows\system32\ac3acm.acm 2013-03-12 13:12 . 2012-07-21 10:54 361472 ----a-w- c:\windows\system32\aacacm.acm 2013-03-12 13:12 . 2012-07-17 13:21 206336 ----a-w- c:\windows\system32\unrar64.dll 2013-03-12 13:12 . 2009-08-11 16:22 580096 ----a-w- c:\windows\system32\ac3filter.acm 2013-03-12 13:12 . 2009-01-22 20:51 124909 ----a-w- c:\windows\system32\pthreadGC2.dll 2013-03-12 13:12 . 2013-03-12 13:12 -------- d-----w- c:\program files\Shark007 2013-03-12 13:10 . 2013-03-12 13:11 -------- d-----w- c:\users\widem\AppData\Roaming\Win7codecs 2013-03-12 12:52 . 2013-03-12 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2013-03-12 12:52 . 2013-03-12 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2013-03-12 12:52 . 2013-03-12 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2013-03-12 12:52 . 2013-03-12 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2013-03-12 12:52 . 2013-03-12 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2013-03-12 12:52 . 2013-03-12 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2013-03-12 12:52 . 2013-03-12 12:52 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2013-03-12 12:29 . 2013-03-12 13:57 -------- d-----w- C:\FFOutput 2013-02-27 12:49 . 2009-08-19 21:50 24416 ----a-r- c:\windows\system32\AdobePDFUI.dll 2013-02-27 12:48 . 2012-12-18 12:14 114368 ----a-w- c:\windows\SysWow64\acaptuser32.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-13 09:45 . 2012-03-31 05:59 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 09:45 . 2011-03-16 08:45 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 06:14 . 2009-11-11 07:14 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-02-27 06:57 . 2013-02-27 06:57 4283392 ----a-w- c:\windows\SysWow64\x264vfw.dll 2013-02-27 06:33 . 2013-02-27 06:33 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-02-27 06:33 . 2013-02-27 06:33 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-02-27 06:33 . 2013-02-27 06:33 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-02-27 06:33 . 2013-02-27 06:33 523264 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-02-27 06:33 . 2013-02-27 06:33 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-02-27 06:33 . 2013-02-27 06:33 226304 ----a-w- c:\windows\system32\elshyph.dll 2013-02-27 06:33 . 2013-02-27 06:33 185344 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-02-27 06:33 . 2013-02-27 06:33 1766912 ----a-w- c:\windows\SysWow64\wininet.dll 2013-02-27 06:33 . 2013-02-27 06:33 158720 ----a-w- c:\windows\SysWow64\msls31.dll 2013-02-27 06:33 . 2013-02-27 06:33 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-02-27 06:33 . 2013-02-27 06:33 138752 ----a-w- c:\windows\SysWow64\wextract.exe 2013-02-27 06:33 . 2013-02-27 06:33 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-02-27 06:33 . 2013-02-27 06:33 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-02-27 06:33 . 2013-02-27 06:33 61952 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-02-27 06:33 . 2013-02-27 06:33 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-02-27 06:33 . 2013-02-27 06:33 38400 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-02-27 06:33 . 2013-02-27 06:33 361984 ----a-w- c:\windows\SysWow64\html.iec 2013-02-27 06:33 . 2013-02-27 06:33 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-02-27 06:33 . 2013-02-27 06:33 12800 ----a-w- c:\windows\SysWow64\mshta.exe 2013-02-27 06:33 . 2013-02-27 06:33 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-02-27 06:33 . 2013-02-27 06:33 109056 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-02-27 06:33 . 2013-02-27 06:33 89600 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-02-27 06:33 . 2013-02-27 06:33 61440 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-02-27 06:33 . 2013-02-27 06:33 2647552 ----a-w- c:\windows\system32\iertutil.dll 2013-02-27 06:33 . 2013-02-27 06:33 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-02-27 06:33 . 2013-02-27 06:33 216064 ----a-w- c:\windows\system32\msls31.dll 2013-02-27 06:33 . 2013-02-27 06:33 197120 ----a-w- c:\windows\system32\msrating.dll 2013-02-27 06:33 . 2013-02-27 06:33 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-02-27 06:33 . 2013-02-27 06:33 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-02-27 06:33 . 2013-02-27 06:33 2240512 ----a-w- c:\windows\system32\wininet.dll 2013-02-27 06:33 . 2013-02-27 06:33 97280 ----a-w- c:\windows\system32\mshtmled.dll 2013-02-27 06:33 . 2013-02-27 06:33 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-02-27 06:33 . 2013-02-27 06:33 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-02-27 06:33 . 2013-02-27 06:33 855552 ----a-w- c:\windows\system32\jscript.dll 2013-02-27 06:33 . 2013-02-27 06:33 81408 ----a-w- c:\windows\system32\icardie.dll 2013-02-27 06:33 . 2013-02-27 06:33 762368 ----a-w- c:\windows\system32\ieapfltr.dll 2013-02-27 06:33 . 2013-02-27 06:33 67072 ----a-w- c:\windows\system32\iesetup.dll 2013-02-27 06:33 . 2013-02-27 06:33 62976 ----a-w- c:\windows\system32\pngfilt.dll 2013-02-27 06:33 . 2013-02-27 06:33 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-02-27 06:33 . 2013-02-27 06:33 599552 ----a-w- c:\windows\system32\vbscript.dll 2013-02-27 06:33 . 2013-02-27 06:33 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-02-27 06:33 . 2013-02-27 06:33 526848 ----a-w- c:\windows\system32\ieui.dll 2013-02-27 06:33 . 2013-02-27 06:33 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-02-27 06:33 . 2013-02-27 06:33 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-02-27 06:33 . 2013-02-27 06:33 51200 ----a-w- c:\windows\system32\imgutil.dll 2013-02-27 06:33 . 2013-02-27 06:33 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-02-27 06:33 . 2013-02-27 06:33 452096 ----a-w- c:\windows\system32\dxtmsft.dll 2013-02-27 06:33 . 2013-02-27 06:33 441856 ----a-w- c:\windows\system32\html.iec 2013-02-27 06:33 . 2013-02-27 06:33 39936 ----a-w- c:\windows\system32\iernonce.dll 2013-02-27 06:33 . 2013-02-27 06:33 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-02-27 06:33 . 2013-02-27 06:33 281600 ----a-w- c:\windows\system32\dxtrans.dll 2013-02-27 06:33 . 2013-02-27 06:33 27648 ----a-w- c:\windows\system32\licmgr10.dll 2013-02-27 06:33 . 2013-02-27 06:33 270848 ----a-w- c:\windows\system32\iedkcs32.dll 2013-02-27 06:33 . 2013-02-27 06:33 2706432 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-27 06:33 . 2013-02-27 06:33 247296 ----a-w- c:\windows\system32\webcheck.dll 2013-02-27 06:33 . 2013-02-27 06:33 235008 ----a-w- c:\windows\system32\url.dll 2013-02-27 06:33 . 2013-02-27 06:33 19221504 ----a-w- c:\windows\system32\mshtml.dll 2013-02-27 06:33 . 2013-02-27 06:33 173568 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-27 06:33 . 2013-02-27 06:33 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-02-27 06:33 . 2013-02-27 06:33 1509376 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-27 06:33 . 2013-02-27 06:33 149504 ----a-w- c:\windows\system32\occache.dll 2013-02-27 06:33 . 2013-02-27 06:33 144896 ----a-w- c:\windows\system32\wextract.exe 2013-02-27 06:33 . 2013-02-27 06:33 13824 ----a-w- c:\windows\system32\mshta.exe 2013-02-27 06:33 . 2013-02-27 06:33 136704 ----a-w- c:\windows\system32\iesysprep.dll 2013-02-27 06:33 . 2013-02-27 06:33 136192 ----a-w- c:\windows\system32\iepeers.dll 2013-02-27 06:33 . 2013-02-27 06:33 135680 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-02-27 06:33 . 2013-02-27 06:33 12800 ----a-w- c:\windows\system32\msfeedssync.exe 2013-02-27 06:33 . 2013-02-27 06:33 102912 ----a-w- c:\windows\system32\inseng.dll 2013-02-27 06:33 . 2013-02-27 06:33 15407616 ----a-w- c:\windows\system32\ieframe.dll 2013-02-27 06:33 . 2013-02-27 06:33 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-02-16 17:17 . 2013-02-16 17:17 1573376 ----a-w- c:\windows\SysWow64\VSFilter.dll 2013-02-12 05:45 . 2013-03-13 06:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-13 06:09 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-13 06:09 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 05:45 . 2013-03-13 06:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 04:48 . 2013-03-13 06:09 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-13 06:09 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-02-10 03:25 . 2013-02-20 07:00 963776 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-02-10 03:25 . 2013-02-20 07:00 9422672 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-10 03:25 . 2013-02-20 07:00 7964680 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-02-10 03:25 . 2013-02-20 07:00 7569184 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-10 03:25 . 2013-02-20 07:00 6267240 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-02-10 03:25 . 2013-02-20 07:00 2911008 ----a-w- c:\windows\system32\nvcuvid.dll 2013-02-10 03:25 . 2013-02-20 07:00 2726176 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-02-10 03:25 . 2013-02-20 07:00 26947360 ----a-w- c:\windows\system32\nvoglv64.dll 2013-02-10 03:25 . 2013-02-20 07:00 250504 ----a-w- c:\windows\system32\nvinitx.dll 2013-02-10 03:25 . 2013-02-20 07:00 2350368 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-10 03:25 . 2013-02-20 07:00 20534560 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-02-10 03:25 . 2013-02-20 07:00 205184 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-02-10 03:25 . 2013-02-20 07:00 1990944 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-02-10 03:25 . 2013-02-20 07:00 1807136 ----a-w- c:\windows\system32\nvdispco6420294.dll 2013-02-10 03:25 . 2013-02-20 07:00 17987192 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-02-10 03:25 . 2013-02-20 07:00 1510176 ----a-w- c:\windows\system32\nvdispgenco6420162.dll 2013-02-10 03:25 . 2013-02-20 07:00 15038296 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-02-10 03:25 . 2013-02-20 07:00 12862400 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-02-10 03:25 . 2013-02-20 07:00 11040544 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-03-11 11:45 222712 ----a-w- c:\users\widem\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-03-11 11:45 222712 ----a-w- c:\users\widem\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-03-11 11:45 222712 ----a-w- c:\users\widem\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 129272 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-05 68856] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2011-08-19 126976] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\winpatrol.exe" [2013-03-05 418024] "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer9"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" "Nuance OmniPage 18-reminder"="c:\program files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\OmniPage 18\Ereg\Ereg.ini" "PPort14reminder"="c:\program files (x86)\Nuance\PaperPort\Ereg\Ereg.exe" -r "c:\programdata\ScanSoft\PaperPort\14\Config\Ereg\Ereg.ini" "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" -START "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ASUSGamerOSD"=c:\program files (x86)\ASUS\GamerOSD\GamerOSD.exe "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=c:\program files (x86)\Google\Gmail Notifier\gnotify.exe "OmniPage Preload"=c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload "ISUSPM"=c:\programdata\FLEXnet\Connect\11\\isuspm.exe -scheduler "IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" "PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" "PDFCreHook"=c:\program files (x86)\Nuance\PDFCreate\pdfcreate7hook.exe "PDFProHook"=c:\program files (x86)\Nuance\PDF Viewer Plus\pdfpro7hook.exe . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate1c9982a2cc1ab60;Google Update Service (gupdate1c9982a2cc1ab60);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-26 133104] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x] R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384] R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\DfSdkS64.exe [2009-08-24 544768] R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys [2012-12-03 13728] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-11-22 178776] R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2008-03-23 82816] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 UPnPService;UPnPService;c:\program files (x86)\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [2006-12-14 544768] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys [2012-12-03 81824] R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys [2012-11-15 15776] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-18 1255736] R3 WTabletServiceCon;Wacom Consumer Service;c:\program files\Tablet\Pen\WTabletServiceCon.exe [2012-12-11 619904] R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560] R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848] R4 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2011-10-28 219496] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-09 69152] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336] S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-16 283200] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528] S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [2012-04-14 16384] S2 Active@ Disk Monitor;Active@ Disk Monitor;c:\program files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2009-09-02 1127944] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;c:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-23 171600] S2 AHDDC2;Ashampoo HDD Control 2 Service;c:\program files (x86)\Ashampoo\Ashampoo HDD Control 2\AHDDC2_Service.exe [2012-07-30 1518504] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2007-08-06 66432] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files (x86)\McAfee\SiteAdvisor\McSACore.exe [2012-12-04 103472] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432] S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2012-03-28 66560] S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-16 14112] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-02-09 383264] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-31 2402080] S2 XobniService;XobniService;c:\program files (x86)\Xobni\XobniService.exe [2009-11-13 46824] S3 dvdfab;dvdfab;c:\windows\system32\drivers\dvdfab.sys [2011-08-15 79232] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-09-19 11880] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-09-28 402720] . . --- Andere Services/Drivers In Geheugen --- . *Deregistered* - eamon . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [BU] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-16 07:24 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-03-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:45] . 2013-02-27 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job - c:\program files (x86)\Advanced Driver Updater\adu.exe [2012-06-22 13:07] . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-26 15:52] . 2013-03-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-02-26 15:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-03-11 11:45 261624 ----a-w- c:\users\widem\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-03-11 11:45 261624 ----a-w- c:\users\widem\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-03-11 11:45 261624 ----a-w- c:\users\widem\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-11-13 23:32 162552 ----a-w- c:\users\widem\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008] "WinPatrol"="c:\program files (x86)\BillP Studios\WinPatrol\WinPatrol.exe" [2013-03-05 418024] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.zita.be mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1; uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 Trusted Zone: kbc.be TCP: DhcpNameServer = 195.130.131.133 195.130.130.5 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab DPF: {644A9C9B-AFE1-45AE-836E-5164999A9301} - hxxp://www.easycomputing.com/download/ecdmax.cab DPF: {C6B95BE9-4373-4BF8-9D18-9FCEAE5563F0} - hxxps://col0-sec.mail.live.com/mail/MailMigrationCabFileHolder.aspx?n=413683998 . . ------- Bestandsassociaties ------- . JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %* . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-_{A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0} - c:\program files (x86)\Corel\Corel Painter Essentials 4\MSILauncher {A3CF662F-5DEF-46C0-BAF5-0E00E1B4C5B0} . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-2877919674-1774776528-941881682-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Adobe\Color\Monitor] @DACL=(02 0000) "Primary Monitor"=dword:00000000 . [HKEY_USERS\S-1-5-21-2877919674-1774776528-941881682-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-2877919674-1774776528-941881682-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\RAS AutoDial\Default] @DACL=(02 0000) . [HKEY_USERS\S-1-5-21-2877919674-1774776528-941881682-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft Press\StartCD] @DACL=(02 0000) . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2013-03-29 08:26:23 ComboFix-quarantined-files.txt 2013-03-29 07:26 ComboFix2.txt 2012-11-21 08:35 . Pre-Run: 76.865.355.776 bytes beschikbaar Post-Run: 76.552.404.992 bytes beschikbaar . - - End Of File - - 165F20ED5C95131FBEA2A682C5D5159E