ComboFix 13-09-02.02 - Alleman 03/09/2013 22:09:03.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.2030.1078 [GMT 2:00] Gestart vanuit: c:\users\Alleman\Downloads\ComboFix.exe AV: Panda Global Protection 2013 *Disabled/Outdated* {86971480-9989-6750-B122-681A86518D59} FW: Panda Personal Firewall 2013 *Enabled* {BEAC95A5-D3E6-6608-9A7D-C12F7882CA22} SP: Panda Global Protection 2013 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Alleman\Documents\~WRL0001.tmp c:\users\Alleman\Documents\~WRL0196.tmp c:\users\Alleman\Documents\~WRL2685.tmp c:\users\Alleman\Documents\~WRL3585.tmp c:\windows\IsUn0413.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-08-03 to 2013-09-03 )))))))))))))))))))))))))))))) . . 2013-09-03 17:27 . 2013-08-06 07:28 7166848 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A2552136-8434-4B3C-AB3C-9C3580CAFD2F}\mpengine.dll 2013-08-30 19:50 . 2013-09-03 20:26 -------- d-----w- c:\users\Alleman\AppData\Local\Temp 2013-08-29 21:24 . 2013-08-29 21:26 -------- d-----w- c:\program files\trend micro 2013-08-29 21:24 . 2013-08-29 21:26 -------- d-----w- C:\rsit 2013-08-19 22:33 . 2013-08-19 22:33 -------- d-----w- c:\program files\iPod 2013-08-19 22:33 . 2013-08-19 22:33 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-08-19 22:33 . 2013-08-19 22:33 -------- d-----w- c:\program files\iTunes 2013-08-13 18:57 . 2013-07-09 04:50 652800 ----a-w- c:\windows\system32\rpcrt4.dll 2013-08-13 18:57 . 2013-07-09 04:52 175104 ----a-w- c:\windows\system32\wintrust.dll 2013-08-13 18:57 . 2013-07-09 04:46 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2013-08-13 18:57 . 2013-07-09 04:46 1166848 ----a-w- c:\windows\system32\crypt32.dll 2013-08-13 18:57 . 2013-07-09 04:46 103936 ----a-w- c:\windows\system32\cryptnet.dll 2013-08-13 18:57 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-08-13 18:57 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-08-13 18:57 . 2013-07-09 04:53 1289096 ----a-w- c:\windows\system32\ntdll.dll 2013-08-13 18:57 . 2013-07-06 05:05 1293760 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-08-13 18:57 . 2013-07-25 08:57 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-08-13 18:56 . 2013-07-19 01:41 2048 ----a-w- c:\windows\system32\tzres.dll 2013-08-13 18:56 . 2013-06-15 03:38 31232 ----a-w- c:\windows\system32\drivers\tssecsrv.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-20 18:10 . 2012-07-07 12:48 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-20 18:10 . 2012-07-07 12:48 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-07-12 17:33 . 2013-07-12 17:33 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-12 17:33 . 2012-07-30 20:36 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-12 17:33 . 2012-07-30 20:36 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-09 16:45 . 2013-07-09 16:45 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2013-07-03 22:36 . 2013-07-03 22:37 15352 ----a-w- c:\windows\system32\drivers\osaio.sys 2013-07-02 22:44 . 2012-02-09 20:43 13411896 ----a-w- c:\windows\system32\nvwgf2um.dll 2013-07-02 22:44 . 2013-07-02 22:44 6324360 ----a-w- c:\windows\system32\nvopencl.dll 2013-07-02 22:44 . 2013-07-02 22:44 21102368 ----a-w- c:\windows\system32\nvoglv32.dll 2013-07-02 22:44 . 2013-07-02 22:44 9069344 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-07-02 22:44 . 2013-07-02 22:44 893728 ----a-w- c:\windows\system32\nvdispgenco3232049.dll 2013-07-02 22:44 . 2013-07-02 22:44 467232 ----a-w- c:\windows\system32\NvIFR.dll 2013-07-02 22:44 . 2013-07-02 22:44 465184 ----a-w- c:\windows\system32\NvFBC.dll 2013-07-02 22:44 . 2013-07-02 22:44 1024288 ----a-w- c:\windows\system32\nvdispco3232049.dll 2013-07-02 22:44 . 2013-07-02 22:44 12427240 ----a-w- c:\windows\system32\nvd3dum.dll 2013-07-02 22:44 . 2013-07-02 22:44 7687592 ----a-w- c:\windows\system32\nvcuda.dll 2013-07-02 22:44 . 2013-07-02 22:44 2777888 ----a-w- c:\windows\system32\nvcuvid.dll 2013-07-02 22:44 . 2013-07-02 22:44 2002720 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-07-02 22:44 . 2013-07-02 22:44 17560352 ----a-w- c:\windows\system32\nvcompiler.dll 2013-07-02 22:44 . 2013-07-02 22:44 2597856 ----a-w- c:\windows\system32\nvapi.dll 2013-07-02 22:29 . 2013-07-02 22:29 609384 ----a-w- c:\windows\system32\LCCoin425.dll 2013-06-21 09:52 . 2012-07-21 16:21 4192544 ----a-w- c:\windows\system32\nvcpl.dll 2013-06-21 09:52 . 2012-07-21 16:21 3045664 ----a-w- c:\windows\system32\nvsvc.dll 2013-06-21 09:52 . 2012-07-21 16:21 62752 ----a-w- c:\windows\system32\nvshext.dll 2013-06-21 09:52 . 2012-07-21 16:21 640288 ----a-w- c:\windows\system32\nvvsvc.exe 2013-06-21 09:52 . 2012-07-21 16:21 223008 ----a-w- c:\windows\system32\nvmctray.dll 2012-07-13 19:10 . 2012-07-13 19:10 158720 ----a-w- c:\program files\internet explorer\plugins\LV2011ActiveXControl.dll 2012-10-04 16:13 . 2012-10-04 16:13 158720 ----a-w- c:\program files\internet explorer\plugins\LV2012ActiveXControl.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168] "Spotify Web Helper"="c:\users\Alleman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-07-12 1104384] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288] "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-05-29 404248] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2013\APVXDWIN.EXE" [2012-12-12 1038192] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2013\Inicio.exe" [2012-11-08 70432] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-05-12 300472] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392] . c:\users\Alleman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Printkey2000.lnk - c:\program files\PrintKey2000\Printkey2000.exe [2012-7-7 869376] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2010-03-24 09:55 55552 ----a-w- c:\windows\System32\avldr.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sasnative32 . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^NI Error Reporting.lnk] backupExtension=.CommonStartup path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk backup=c:\windows\pss\NI Error Reporting.lnk.CommonStartup . [HKLM\~\startupfolder\C:^Users^Alleman^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk] backup=c:\windows\pss\Dropbox.lnk.Startup backupExtension=.Startup path=c:\users\Alleman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager] 2013-04-25 01:50 1075296 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint] 2012-07-21 16:23 167936 ----a-w- c:\program files\Apoint\Apoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-21 19:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx] 2011-08-04 12:41 1637496 ----a-w- c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter] 2010-05-12 16:03 300472 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IJNetworkScannerSelectorEX] 2011-09-27 09:44 439440 ----a-w- c:\program files\Canon\IJ Network Scanner Selector EX\CNMNSST.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR] 2013-05-23 13:17 1106288 ----a-w- c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload] 2013-05-23 13:16 1561968 ----a-w- c:\program files\Samsung\Kies\Kies.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent] 2013-05-23 13:16 311152 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI Update Service] 2012-08-02 13:17 851592 ----a-w- c:\program files\National Instruments\Shared\Update Service\NIUpdateService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2013-07-12 17:41 4640768 ----a-w- c:\users\Alleman\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-07-12 17:41 1104384 ----a-w- c:\users\Alleman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] 2013-08-22 21:48 5703920 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE . R0 amdkmafd;AMD Audio Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmafd.sys [2013-06-02 15968] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-11-09 160944] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2013-06-02 38528] R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2013-02-22 32064] R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216] R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl.sys [2012-03-26 18432] R3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848] R3 RTL8192cu;%RTL8192cu.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192cu.sys [2011-06-01 728064] R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [2012-07-21 136784] R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2013-02-22 136904] R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2013-02-22 17864] R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2013-02-22 153672] R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2013-02-22 130248] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TIACXLN;Skyr@cer 22M WLAN Adapter;c:\windows\system32\DRIVERS\tiacxln.sys [2003-03-06 155392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-08 1343400] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [2012-11-12 23720] S0 mv61xx;mv61xx;c:\windows\system32\DRIVERS\mv61xx.sys [2009-09-15 155688] S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 65584] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2012-07-11 116608] S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2012-03-26 59656] S2 APPFLT;App Filter Plugin;c:\windows\system32\Drivers\APPFLT.SYS [2011-01-31 83528] S2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\DRIVERS\COMFiltr.sys [2013-07-09 13880] S2 DSAFLT;DSA Filter Plugin;c:\windows\system32\Drivers\DSAFLT.SYS [2009-09-25 53256] S2 FNETMON;NetMon Filter Plugin;c:\windows\system32\Drivers\fnetmon.SYS [2009-09-25 22024] S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2013-03-20 233472] S2 IDSFLT;Ids Filter Plugin;c:\windows\system32\Drivers\IDSFLT.SYS [2010-09-09 193864] S2 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\Drivers\NETFLTDI.SYS [2009-09-25 11:54 159112] S2 NIApplicationWebServer;NI Application Web Server;c:\program files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [2012-05-22 53960] S2 nimDNSResponder;NI mDNS Responder Service;c:\program files\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [2012-05-31 258776] S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2012-05-08 164488] S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2013\PskSvc.exe [2010-08-16 28992] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2010-12-23 5120] S2 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\Drivers\WNMFLT.SYS [2009-09-25 46856] S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2013-03-20 37344] S3 NETIMFLT01060044;PANDA NDIS IM Filter Miniport v1.6.0.44;c:\windows\system32\DRIVERS\neti1644.sys [2010-09-01 201032] S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x] S3 pmserenum;PenMount Serial Device Enumeration Service;c:\windows\system32\DRIVERS\pmserenum.sys [2012-11-12 26624] S3 RtlWlanu;Realtek Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [2013-06-02 1807072] S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-10-13 7424] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - FSUSBEXDISK *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-08-30 18:57 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-07 18:10] . 2013-08-22 c:\windows\Tasks\Basis-opruiming.job - c:\program files\Panda Security\Panda Global Protection 2013\PlaTasks.exe [2013-07-09 08:36] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-08 12:18] . 2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-08 12:18] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.hln.be/ uInternet Settings,ProxyOverride = Trusted Zone: samsungsetup.com\www TCP: DhcpNameServer = 195.130.130.4 195.130.131.4 FF - ProfilePath - c:\users\Alleman\AppData\Roaming\Mozilla\Firefox\Profiles\xhgh768f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.hln.be/ FF - ExtSQL: 2013-07-06 19:22; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be . - - - - ORPHANS VERWIJDERD - - - - . MSConfigStartUp-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe MSConfigStartUp-LifeCam - c:\program files\Microsoft LifeCam\LifeExp.exe MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe MSConfigStartUp-Sweetpacks Communicator - c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{F37C7F06-0B23-4AD1-9160-1CC285A5E9EC}"=hex:51,66,7a,6c,4c,1d,38,12,68,7c,6f, f7,11,45,bf,0f,ee,76,5f,82,80,fb,ad,f8 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:91,3d,fe,d4,bf,5e,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,15,8b,c6,12,c7,72,4d,97,8a,63,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d4,15,8b,c6,12,c7,72,4d,97,8a,63,\ . [HKEY_USERS\S-1-5-21-1928870758-2907081458-2726709488-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:de,42,ac,75,40,a5,f7,32,75,55,61,89,e5,0b,dc,69,82,c5,e5,7b,7d,36,23, 5b,f9,97,4b,01,39,c4,bf,df,44,3f,2d,56,9b,86,56,65,d1,ce,13,2b,e0,28,8f,d2,\ "??"=hex:4c,08,e8,3c,d5,fc,a1,9a,66,8f,5a,54,c9,ed,e7,fe . [HKEY_USERS\S-1-5-21-1928870758-2907081458-2726709488-1000\Software\SecuROM\License information*] "datasecu"=hex:97,67,b9,8d,a8,b9,26,25,5a,73,2c,fb,cd,eb,8f,86,43,3f,0a,3c,01, 20,b0,23,0f,73,77,25,5e,29,50,6d,ca,f0,c0,9b,52,35,4b,ca,c8,0f,3c,88,e1,05,\ "rkeysecu"=hex:0d,a8,f3,a7,fe,13,3a,85,92,0e,63,fa,9c,ef,fd,b1 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Panda Security\Panda Global Protection 2013\TPSrv.exe c:\program files\PANDA SECURITY\PANDA GLOBAL PROTECTION 2013\WebProxy.exe c:\windows\system32\brsvc01a.exe c:\windows\system32\brss01a.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Panda USB Vaccine\USBVaccine.exe c:\program files\Intel\AMT\atchksrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Canon\IJPLM\IJPLMSVC.EXE c:\windows\system32\lkads.exe c:\program files\Intel\AMT\LMS.exe c:\program files\National Instruments\MAX\nimxs.exe c:\program files\National Instruments\Shared\Security\nidmsrv.exe c:\program files\National Instruments\Shared\NI WebServer\SystemWebServer.exe c:\program files\Panda Security\Panda Global Protection 2013\PsCtrls.exe c:\program files\Panda Security\Panda Global Protection 2013\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe c:\program files\Panda Security\Panda Global Protection 2013\pavsrvx86.exe c:\program files\Panda Security\Panda Global Protection 2013\AVENGINE.EXE c:\program files\panda security\panda global protection 2013\firewall\PSHOST.EXE c:\program files\Panda Security\Panda Global Protection 2013\PsImSvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\windows\system32\lkcitdl.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\lktsrv.exe c:\program files\National Instruments\Shared\Tagger\tagsrv.exe c:\windows\System32\WUDFHost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe . ************************************************************************** . Voltooingstijd: 2013-09-03 22:32:04 - machine werd herstart ComboFix-quarantined-files.txt 2013-09-03 20:32 . Pre-Run: 82.586.230.784 bytes beschikbaar Post-Run: 82.505.883.648 bytes beschikbaar . - - End Of File - - 789B6641702C07E023F1AEB40C8B59F3 A36C5E4F47E84449FF07ED3517B43A31