ComboFix 13-10-23.02 - Katia 23/10/2013 19:18:10.1.8 - x64 Microsoft Windows 8 6.2.9200.0.1252.32.1043.18.6036.3672 [GMT 2:00] Gestart vanuit: c:\users\Katia\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8OWTFM9P\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Katia\AppData\Local\assembly\tmp . . (((((((((((((((((((( Bestanden Gemaakt van 2013-09-23 to 2013-10-23 )))))))))))))))))))))))))))))) . . 2013-10-23 17:22 . 2013-10-23 17:22 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-10-23 17:22 . 2013-10-23 17:22 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2013-10-20 14:43 . 2013-10-20 14:54 -------- d-----w- c:\program files\trend micro 2013-10-20 14:43 . 2013-10-20 15:01 -------- d-----w- C:\rsit 2013-10-12 07:01 . 2013-10-20 13:19 -------- d-----w- c:\windows\system32\drivers\NISx64\1501000.012 2013-10-04 08:22 . 2012-10-12 06:13 109568 ----a-w- c:\windows\system32\dskquota.dll 2013-10-04 08:22 . 2012-10-12 05:39 82944 ----a-w- c:\windows\SysWow64\dskquota.dll 2013-10-04 08:22 . 2012-10-17 04:32 1172992 ----a-w- c:\windows\system32\mfnetsrc.dll 2013-10-04 08:22 . 2012-10-17 03:57 929792 ----a-w- c:\windows\SysWow64\mfnetsrc.dll 2013-10-04 08:22 . 2012-10-17 03:57 568832 ----a-w- c:\windows\SysWow64\mfnetcore.dll 2013-10-04 08:22 . 2012-10-17 04:32 677888 ----a-w- c:\windows\system32\mfnetcore.dll 2013-10-04 08:22 . 2012-10-17 04:32 673280 ----a-w- c:\windows\system32\mfmpeg2srcsnk.dll 2013-10-04 08:22 . 2012-10-17 03:57 513024 ----a-w- c:\windows\SysWow64\mfmpeg2srcsnk.dll 2013-10-04 08:20 . 2012-11-06 04:18 11459584 ----a-w- c:\windows\system32\glcndFilter.dll 2013-10-04 08:20 . 2012-11-06 04:19 8552448 ----a-w- c:\windows\SysWow64\glcndFilter.dll 2013-10-04 08:20 . 2012-11-06 04:19 710656 ----a-w- c:\windows\system32\winhttp.dll 2013-10-04 08:20 . 2012-11-06 04:18 976384 ----a-w- c:\windows\system32\KernelBase.dll 2013-10-04 08:18 . 2012-10-24 04:54 396008 ----a-w- c:\windows\system32\hal.dll 2013-10-04 08:16 . 2012-10-11 07:02 1636672 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll 2013-10-04 08:15 . 2012-11-27 04:19 3245568 ----a-w- c:\windows\system32\rdpcorets.dll 2013-10-04 08:14 . 2013-06-24 22:54 263680 ----a-w- c:\windows\system32\wcmsvc.dll 2013-10-03 19:44 . 2013-08-07 05:15 144896 ----a-w- c:\windows\system32\tssdisai.dll 2013-10-03 17:11 . 2013-06-21 05:04 19187712 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-10-03 17:11 . 2013-06-21 04:46 18523648 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll 2013-10-03 11:58 . 2013-10-03 12:11 -------- d-----r- c:\windows\BrowserChoice 2013-10-02 16:12 . 2013-10-02 16:13 -------- d-----w- c:\windows\system32\MRT 2013-10-02 15:25 . 2013-10-02 15:25 -------- d-----w- c:\program files (x86)\Browny02 2013-10-02 15:25 . 2013-10-02 15:25 -------- d-----w- c:\programdata\ControlCenter4 2013-10-02 15:25 . 2013-10-02 15:25 -------- d-----w- c:\program files (x86)\ControlCenter4 2013-10-02 15:24 . 2012-05-15 04:01 1441792 ----a-w- c:\windows\system32\BrWi211d.dll 2013-10-02 15:24 . 2011-11-08 05:50 50688 ----a-w- c:\windows\system32\BrUsi11e.dll 2013-10-02 15:24 . 2011-09-08 09:36 279040 ----a-w- c:\windows\system32\BrJDec.dll 2013-10-02 15:24 . 2011-03-04 04:21 12800 ----a-w- c:\windows\system32\BrCiImg.dll 2013-10-02 15:24 . 2010-03-15 16:20 50176 ----a-w- c:\windows\SysWow64\BRPRTINK.DLL 2013-10-02 15:24 . 2013-10-02 15:25 -------- d-----w- c:\program files (x86)\Brother 2013-10-02 15:24 . 2012-07-09 15:19 5120 ------w- c:\windows\SysWow64\BrDctF2S.dll 2013-10-02 15:24 . 2012-03-19 11:09 245760 ------w- c:\windows\SysWow64\NSSearch.dll 2013-10-02 15:24 . 2010-03-15 17:45 73728 ------w- c:\windows\SysWow64\BrDctF2.dll 2013-10-02 15:24 . 2007-12-13 20:16 5120 ------w- c:\windows\SysWow64\BrDctF2L.dll 2013-10-02 15:24 . 2010-09-29 15:07 180224 ------w- c:\windows\SysWow64\BroSNMP.dll 2013-10-02 15:23 . 2013-10-02 15:23 -------- d-----w- c:\programdata\Brother 2013-10-02 14:55 . 2013-10-10 08:58 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe 2013-10-02 14:52 . 2013-10-10 12:49 -------- d-----w- c:\program files\Microsoft Office 15 2013-10-02 14:22 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe 2013-10-02 14:22 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe 2013-10-02 14:22 . 2013-03-22 03:49 2382336 ----a-w- c:\windows\SysWow64\esent.dll 2013-10-02 14:22 . 2013-03-21 22:47 2851840 ----a-w- c:\windows\system32\esent.dll 2013-10-02 14:22 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll 2013-10-02 14:22 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll 2013-10-02 11:31 . 2012-08-31 00:52 17888 ----a-w- c:\windows\system32\msvcr100_clr0400.dll 2013-10-02 11:30 . 2012-08-31 00:53 17888 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll 2013-10-02 11:23 . 2013-05-23 23:02 1314816 ----a-w- c:\windows\system32\rpcrt4.dll 2013-10-02 11:23 . 2013-05-23 22:25 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll 2013-10-02 11:23 . 2013-04-09 04:51 14267904 ----a-w- c:\windows\system32\wmp.dll 2013-10-02 11:23 . 2013-04-09 04:51 3552768 ----a-w- c:\windows\system32\tquery.dll 2013-10-02 11:21 . 2013-04-10 22:35 2035200 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\InkObj.dll 2013-10-02 11:20 . 2013-05-04 07:58 120736 ----a-w- c:\windows\system32\AuthHost.exe 2013-10-02 11:19 . 2012-11-27 03:57 18432 ----a-w- c:\windows\system32\drivers\BtaMPM.sys 2013-10-02 11:18 . 2013-04-11 22:30 1421312 ----a-w- c:\windows\SysWow64\DWrite.dll 2013-10-02 11:17 . 2013-02-05 22:29 370688 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2013-10-02 11:16 . 2012-11-01 04:40 2361344 ----a-w- c:\windows\system32\msxml6.dll 2013-10-02 11:16 . 2012-11-01 04:41 1802240 ----a-w- c:\windows\SysWow64\msxml6.dll 2013-10-02 11:16 . 2012-11-01 04:41 1438720 ----a-w- c:\windows\SysWow64\msxml3.dll 2013-10-02 11:16 . 2012-11-01 04:40 1836032 ----a-w- c:\windows\system32\msxml3.dll 2013-10-02 11:16 . 2012-11-01 04:21 2048 ----a-w- c:\windows\system32\msxml6r.dll 2013-10-02 11:16 . 2012-11-01 04:21 2048 ----a-w- c:\windows\system32\msxml3r.dll 2013-10-02 11:16 . 2012-11-01 04:20 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll 2013-10-02 11:16 . 2012-11-01 04:20 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2013-10-01 20:58 . 2013-10-01 17:35 -------- d-----w- C:\Windows.old 2013-10-01 12:11 . 2012-08-21 11:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2013-10-01 12:10 . 2013-10-01 12:11 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-01 12:10 . 2013-10-01 12:11 -------- d-----w- c:\program files\iTunes 2013-10-01 12:10 . 2013-10-01 12:11 -------- d-----w- c:\program files (x86)\iTunes 2013-10-01 12:10 . 2013-10-01 12:10 -------- d-----w- c:\programdata\Apple Computer 2013-10-01 12:10 . 2013-10-01 12:10 -------- d-----w- c:\program files\iPod 2013-10-01 12:09 . 2013-10-01 12:09 -------- d-----w- c:\program files (x86)\Apple Software Update 2013-10-01 12:09 . 2013-10-01 12:09 -------- d-----w- c:\program files\Common Files\Apple 2013-10-01 12:09 . 2013-10-01 12:10 -------- d-----w- c:\program files (x86)\Common Files\Apple 2013-10-01 11:31 . 2013-10-02 14:52 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared 2013-10-01 11:21 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe 2013-10-01 11:21 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe 2013-10-01 11:21 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll 2013-10-01 11:21 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll 2013-10-01 11:21 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll 2013-10-01 11:19 . 2013-03-02 08:23 375808 ----a-w- c:\windows\SysWow64\ReAgent.dll 2013-10-01 11:19 . 2013-03-02 02:44 1011200 ----a-w- c:\windows\system32\reseteng.dll 2013-10-01 11:19 . 2012-12-15 04:55 443392 ----a-w- c:\windows\system32\ReAgent.dll 2013-10-01 11:19 . 2012-11-03 05:26 132096 ----a-w- c:\windows\system32\sysreset.exe 2013-10-01 11:19 . 2012-11-03 05:25 945152 ----a-w- c:\windows\system32\resetengmig.dll 2013-10-01 11:07 . 2013-10-17 17:06 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-10-01 11:04 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{68805518-C8CD-4363-9BF3-36013D623B55}\mpengine.dll 2013-10-01 11:04 . 2013-10-01 18:13 -------- d-----w- c:\users\Katia 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\programdata\Sjablonen 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\programdata\Menu Start 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\programdata\Documenten 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\programdata\Bureaublad 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\users\Default\Sjablonen 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\users\Default\Netwerkprinteromgeving 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\users\Default\Mijn documenten 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\users\Default\Menu Start 2013-10-01 11:03 . 2013-10-01 11:03 -------- d-sh--we c:\users\Default\AppData\Local\Geschiedenis 2013-10-01 10:31 . 2013-10-01 15:58 -------- d-----w- C:\$SysReset . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-02 11:45 . 2012-12-18 17:56 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS 2013-10-01 11:42 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-09-18 23:26 . 2012-07-26 08:14 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-09-18 23:26 . 2012-07-26 08:14 694232 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-10-04 21:26 222832 ----a-w- c:\users\Katia\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-10-04 21:26 222832 ----a-w- c:\users\Katia\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-10-04 21:26 222832 ----a-w- c:\users\Katia\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-18 642216] "BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2012-09-19 371976] "CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-09-10 491632] "RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-07-13 93296] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-09-14 1342008] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-09-17 152392] "ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-09-06 143360] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2012-06-06 3076096] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . R0 SymELAM;Symantec ELAM Driver;c:\windows\system32\drivers\NISx64\1501000.012\SymELAM.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SymELAM.sys [x] R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x] R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\System32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 WSDScan;Ondersteuning voor WSD-scan;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x] S2 HPConnectedRemote;HP Connected Remote Service;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe;c:\program files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [x] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe [x] S2 OfficeSvc;Microsoft Office-service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\BASHDefs\20131002.001\BHDrvx64.sys [x] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x] S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x] S3 BthLEEnum;Bluetooth Low Energy-stuurprogramma;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x] S3 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1501000.012\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\ccSetx64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131022.001\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.2.1\Definitions\IPSDefs\20131022.001\IDSvia64.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x] S3 rtbth;RTBTH Bluetooth Device Driver;c:\windows\System32\drivers\rtbth.sys;c:\windows\SYSNATIVE\drivers\rtbth.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] S3 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1501000.012\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMDS64.SYS [x] S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1501000.012\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\SYMEFA64.SYS [x] S3 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1501000.012\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1501000.012\Ironx64.SYS [x] S3 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1501000.012\SYMNETS.SYS [x] S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] apphost REG_MULTI_SZ apphostsvc iissvcs REG_MULTI_SZ w3svc was . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2013-10-04 21:26 261744 ----a-w- c:\users\Katia\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2013-10-04 21:26 261744 ----a-w- c:\users\Katia\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2013-10-04 21:26 261744 ----a-w- c:\users\Katia\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-10-10 09:00 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-10-10 09:00 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-10-10 09:00 2328264 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-09-04 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-09-04 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-09-04 441888] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-20 1664000] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 TCP: DhcpNameServer = 195.130.130.129 195.130.131.129 . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\NISx64\1501000.012\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.1.0.18;c:\program files (x86)\Norton Internet Security\Engine64\21.1.0.18" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Voltooingstijd: 2013-10-23 19:24:00 ComboFix-quarantined-files.txt 2013-10-23 17:24 . Pre-Run: 423 490 514 944 bytes free Post-Run: 423 496 814 592 bytes free . - - End Of File - - 140D738340BA80D4A37BAB531748EF0E