Ga naar inhoud

Verwijderen van Text Enhancer


Aanbevolen berichten

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:06:35, on 20-7-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe

C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe

C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_222_ActiveX.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Acer | MSN

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: CrossriderApp0005060 - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120719121932.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel PhotoDownloader.exe" -startup

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Intel® Turbo Boost Technology Monitor 2.5 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

--

End of file - 14095 bytes

Link naar reactie
Delen op andere sites

  • Reacties 20
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Vreemd ... er komen terug zaakjes opduiken die je eerder al verwijderd (zou) moet(en) hebben ???

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: CrossriderApp0005060 - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll

O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Het spijt me, maar het lukt me voor geen meter, combofix geeft ook een foutmelding dat hij een of ander bestand niet kan vinde en aan gezien ik een leek ben, stop ik er even mee, want misschien komt er nog meer schade aan mijn nieuwe pc, maar die text enhance is er nog steeds. Kan wel een nieuwe hyjackhuppeldepup plaatsen.

Heel erg bedankt voor de hulp, maar ik word hier helemaal gestresst van, zet liever de pc terug op de fabrieksinstelling, alsiemand mij dat kan vertellen, ben ik van al die ellende af.

Bedankt voor de hulp, hoor misschien nog van je.

PROBLEEM NIET OPGELOST!

Groetjes Nel

aangepast door Nel47
Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 18:39:07, on 22-7-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16447)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\AVG Secure Search\vprot.exe

C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe

C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe

C:\Program Files (x86)\Font Xplorer\FXplorer.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_222_ActiveX.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer | MSN

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Acer | MSN

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.8010003&st=12

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120719121932.dll

O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"

O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe

O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k

O4 - HKLM\..\Run: [Dolby Home Theater v4] "C:\Dolby PCEE4\pcee4.exe" -autostart

O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: DCDhcpService - Atheros Communication Inc. - C:\Program Files (x86)\Acer\WDAgent\DCDhcpService.exe

O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe

O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\mcafee\msc\mcawfwk.exe

O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe

O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\SysWOW64\PSIService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe

O23 - Service: Intel® Turbo Boost Technology Monitor 2.5 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: vToolbarUpdater12.1.3 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe

--

End of file - 15292 bytes

aangepast door Nel47
Link naar reactie
Delen op andere sites

ComboFix 12-07-24.01 - Nel 23-07-2012 21:42:55.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3934.2708 [GMT 2:00]

Gestart vanuit: c:\users\Nel\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-23 to 2012-07-23 ))))))))))))))))))))))))))))))

.

.

2012-07-23 19:49 . 2012-07-23 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-23 17:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-23 17:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-22 16:55 . 2012-07-22 16:55 1522 ----a-w- C:\user.js

2012-07-22 16:54 . 2012-07-22 16:54 -------- d-----w- c:\programdata\Babylon

2012-07-22 15:02 . 2012-07-22 15:02 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c01fd6e1cd681b02\MeshBetaRemover.exe

2012-07-22 15:02 . 2012-07-22 15:02 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\235130d1cd681b01\DSETUP.dll

2012-07-22 15:02 . 2012-07-22 15:02 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\235130d1cd681b01\DXSETUP.exe

2012-07-22 15:02 . 2012-07-22 15:02 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\235130d1cd681b01\dsetup32.dll

2012-07-22 11:03 . 2012-07-22 11:03 8 --sh--r- c:\windows\SysWow64\B5478B3571.sys

2012-07-22 09:06 . 2012-07-22 09:06 -------- d-----w- c:\program files (x86)\iColorFolder

2012-07-22 09:04 . 2012-07-22 09:04 160745 ----a-w- c:\windows\Sqirlz Water Reflections Uninstaller.exe

2012-07-22 09:04 . 2012-07-22 09:04 -------- d-----w- c:\program files (x86)\Sqirlz Water Reflections

2012-07-22 09:01 . 2012-07-22 09:01 -------- d-----w- c:\program files (x86)\PSP Thumbnail Handler

2012-07-22 09:00 . 2012-07-22 09:00 -------- d-----w- c:\program files (x86)\FMPatcher

2012-07-22 06:39 . 2012-07-22 06:39 -------- d-----w- c:\programdata\InstallShield

2012-07-22 06:38 . 2012-07-22 06:39 -------- d-----w- c:\program files (x86)\Common Files\Jasc Software Inc

2012-07-21 14:00 . 2012-07-22 06:38 -------- d-----w- c:\program files (x86)\Jasc Software Inc

2012-07-21 13:16 . 2012-07-21 13:16 -------- d-----w- c:\program files (x86)\Font Xplorer

2012-07-21 07:56 . 2012-07-21 07:56 -------- d-----r- C:\MSOCache

2012-07-20 15:57 . 2012-07-20 15:57 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-07-20 15:57 . 2012-07-20 15:57 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-07-20 15:56 . 2012-07-20 15:56 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-07-20 15:55 . 2012-07-23 11:41 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-20 15:55 . 2012-07-20 15:55 -------- d-----w- C:\$AVG

2012-07-20 15:35 . 2011-12-19 16:55 34624 ----a-w- c:\windows\system32\TURegOpt.exe

2012-07-20 15:35 . 2011-12-19 16:50 25920 ----a-w- c:\windows\system32\authuitu.dll

2012-07-20 15:35 . 2011-12-19 16:50 36160 ----a-w- c:\windows\system32\uxtuneup.dll

2012-07-20 15:35 . 2011-12-19 16:50 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2012-07-20 15:35 . 2011-12-19 16:50 21312 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-07-20 15:35 . 2012-07-20 15:35 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011

2012-07-20 15:34 . 2012-07-20 15:34 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

2012-07-20 15:03 . 2012-07-20 15:22 -------- d-----w- c:\programdata\VirtualizedApplications

2012-07-20 11:38 . 2012-07-20 11:38 0 ----a-w- c:\windows\SysWow64\shoFEA.tmp

2012-07-20 11:34 . 2012-07-20 11:34 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-07-20 11:26 . 2012-07-20 11:26 -------- d-----w- c:\program files (x86)\Yontoo

2012-07-20 11:24 . 2012-07-20 11:24 -------- d-----w- c:\programdata\Microsoft Help

2012-07-20 11:22 . 2012-07-21 19:04 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-07-20 11:22 . 2012-07-20 11:22 -------- d-----w- c:\program files\Microsoft Office

2012-07-20 11:17 . 2012-07-20 11:26 -------- d-----w- c:\programdata\Tarma Installer

2012-07-20 10:57 . 2012-07-20 10:57 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-20 10:31 . 2012-07-03 01:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-20 10:22 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-20 10:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-20 09:47 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-07-20 09:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-20 09:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-20 09:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-20 09:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-20 09:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-07-20 09:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-20 09:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-07-20 09:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-20 09:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-07-20 09:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-07-20 09:43 . 2012-07-22 12:19 88 --sh--r- c:\windows\SysWow64\C4954754C7.sys

2012-07-20 09:39 . 2012-07-20 09:39 -------- d-----w- c:\windows\SysWow64\Spool

2012-07-20 09:38 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-20 08:58 . 2012-07-20 10:25 -------- d-----w- c:\windows\SysWow64\Wat

2012-07-20 08:58 . 2012-07-20 10:25 -------- d-----w- c:\windows\system32\Wat

2012-07-20 08:51 . 2012-07-20 08:51 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-07-20 08:34 . 2012-07-21 08:49 -------- d-----w- c:\programdata\AVG2012

2012-07-20 08:33 . 2012-07-20 08:33 -------- d-----w- c:\program files (x86)\AVG

2012-07-20 08:31 . 2012-07-23 17:08 -------- d-----w- c:\programdata\MFAData

2012-07-20 08:23 . 2012-07-20 08:35 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-20 08:22 . 2012-07-20 15:57 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-07-20 08:21 . 2012-07-20 15:35 -------- d-----w- c:\programdata\TuneUp Software

2012-07-20 08:21 . 2012-07-20 08:21 -------- d--h--w- c:\programdata\Common Files

2012-07-19 18:46 . 2012-07-19 18:46 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 18:46 . 2012-07-20 09:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-19 14:00 . 2012-07-19 14:13 -------- d-----w- c:\programdata\Corel

2012-07-19 13:59 . 2012-07-22 13:28 -------- d-----w- c:\program files (x86)\Common Files\Corel

2012-07-19 13:22 . 2012-07-23 13:50 5120 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys

2012-07-19 13:21 . 2012-07-22 13:24 -------- d-----w- c:\program files (x86)\Corel

2012-07-19 12:48 . 2012-07-19 12:48 -------- d-----w- c:\programdata\Photo Notifier and Animation Creator

2012-07-19 12:48 . 2012-07-19 12:48 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator

2012-07-19 12:47 . 2012-07-19 12:47 -------- d-----w- c:\program files (x86)\IncrediMail

2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-07-19 11:43 . 2012-07-19 11:43 -------- d-----w- c:\programdata\IBUpdaterService

2012-07-19 11:43 . 2012-07-19 11:41 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_539\uninstall.exe

2012-07-19 11:43 . 2012-07-19 11:41 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe

2012-07-19 11:43 . 2012-07-19 11:43 -------- d-----w- c:\program files (x86)\Conduit

2012-07-19 11:43 . 2012-07-20 09:27 -------- d-----w- c:\program files (x86)\Savings Sidekick

2012-07-19 11:42 . 2012-07-19 11:42 -------- d-----w- c:\programdata\IM

2012-07-19 11:42 . 2012-07-19 11:42 -------- d-----w- c:\programdata\IncrediMail

2012-07-19 11:23 . 2012-07-19 11:23 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-07-19 10:15 . 2012-07-19 10:15 -------- d---a-w- C:\book

2012-07-19 10:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-19 10:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-19 10:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-19 10:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-19 10:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-19 10:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-19 10:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-19 10:11 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-19 10:11 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-19 10:09 . 2012-07-19 10:09 -------- d-----w- c:\program files (x86)\OEM

2012-07-19 10:08 . 2012-07-19 10:09 -------- d-----w- c:\program files (x86)\Kobo

2012-07-19 10:08 . 2012-07-19 10:08 -------- d-----w- c:\program files\Accessory Store

2012-07-19 10:07 . 2012-07-19 10:07 -------- d-----w- c:\program files\Preload

2012-07-19 10:07 . 2012-07-22 16:58 -------- d-----w- c:\users\Nel

2012-07-19 10:05 . 2012-07-19 10:05 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-19 10:18 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-28 20:11 . 2012-04-28 20:11 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 5632 ----a-w- c:\windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 50688 ----a-w- c:\windows\SysWow64\drivers\nl-NL\tcpip.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 26624 ----a-w- c:\windows\SysWow64\drivers\nl-NL\bfe.dll.mui

2012-04-28 20:10 . 2012-04-28 20:10 16896 ----a-w- c:\windows\SysWow64\drivers\nl-NL\pacer.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\scfilter.sys.mui

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-20 15:57 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-20 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-09 36480]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-09 340096]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-09 111232]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-09 168064]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-09 68736]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-09 281472]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-09 551552]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]

R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Acer\WDAgent\DCDhcpService.exe [2012-02-10 111776]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-01-20 149504]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-20 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-20 30568]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-04-10 22648]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-04-10 20520]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-04-10 62776]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-03-09 107648]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-03-23 355920]

S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-19 2028864]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-01-20 16128]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-07-20 830048]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [2012-02-20 72864]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-09 30848]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-10-14 108656]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-07 11856]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-23 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-14 12448872]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://home.sweetim.com/?crg=3.8010003&st=12

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

URLSearchHooks-{87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

WebBrowser-{474DCBF4-0DB1-4C6A-A014-1C2544E82698} - (no file)

WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-07-23 21:51:21

ComboFix-quarantined-files.txt 2012-07-23 19:51

.

Pre-Run: 429.759.766.528 bytes beschikbaar

Post-Run: 429.731.688.448 bytes beschikbaar

.

- - End Of File - - 6EBEF0EBF7858A7CFCDE908E52F919F3

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

C:\user.js

c:\windows\SysWow64\B5478B3571.sys

Folder::

c:\programdata\Babylon

c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

c:\program files (x86)\Yontoo

c:\programdata\Tarma Installer

c:\program files (x86)\Conduit

c:\program files (x86)\Savings Sidekick

Driver::

B5478B3571.sys

C4954754C7.sys

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

aangepast door kape
Link naar reactie
Delen op andere sites

ComboFix 12-07-25.04 - Nel 24-07-2012 12:52:01.3.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3934.2534 [GMT 2:00]

Gestart vanuit: c:\users\Nel\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Nel\Desktop\CFScript.txt

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

"c:\windows\SysWow64\"

"c:\windows\SysWow64\B5478B3571.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Conduit

c:\program files (x86)\Conduit\Community Alerts\Alert.dll

c:\program files (x86)\Savings Sidekick

c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll

c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe

c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico

c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini

c:\program files (x86)\Savings Sidekick\Savings SidekickGui.exe

c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log

c:\program files (x86)\Savings Sidekick\Uninstall.exe

c:\program files (x86)\Yontoo

c:\program files (x86)\Yontoo\YontooIEClient.dll

c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi

c:\programdata\Babylon

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

C:\user.js

c:\users\Nel\AppData\Local\Temp\{F4ECA342-6BC0-40D0-AA1B-A1D28C9450D1}\fpb.tmp

c:\windows\SysWow64\B5478B3571.sys

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-24 to 2012-07-24 ))))))))))))))))))))))))))))))

.

.

2012-07-24 10:55 . 2012-07-24 10:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-24 10:13 . 2009-04-16 16:04 385100 ----a-w- c:\windows\system32\MSVCRTD.DLL

2012-07-24 10:13 . 2009-04-16 16:03 61440 ----a-w- c:\windows\system32\msvcrt40.dll

2012-07-24 10:13 . 2009-04-16 16:03 210944 ----a-w- c:\windows\system32\MSVCRT10.DLX

2012-07-24 10:13 . 2009-04-16 16:03 57344 ----a-w- c:\windows\system32\icmfilter.dll

2012-07-24 10:13 . 2009-04-16 16:03 32768 ----a-w- c:\windows\system32\plugin.dll

2012-07-24 10:13 . 2009-04-16 16:03 253952 ----a-w- c:\windows\system32\msvcrt20.dll

2012-07-24 10:13 . 2009-04-16 16:02 253952 ----a-w- c:\windows\system32\at.asp

2012-07-24 10:13 . 2009-04-16 16:02 210944 ----a-w- c:\windows\system32\MSVCRT10.DLL

2012-07-24 10:13 . 2009-04-16 16:02 33792 ----a-w- c:\windows\system32\_ISREG32.DLL

2012-07-24 10:12 . 2009-04-16 16:04 385100 ----a-w- c:\windows\system\MSVCRTD.DLL

2012-07-24 10:12 . 2009-04-16 16:03 61440 ----a-w- c:\windows\system\msvcrt40.dll

2012-07-24 10:12 . 2009-04-16 16:03 57344 ----a-w- c:\windows\system\icmfilter.dll

2012-07-24 10:12 . 2009-04-16 16:03 32768 ----a-w- c:\windows\system\plugin.dll

2012-07-24 10:12 . 2009-04-16 16:03 343040 ----a-w- c:\windows\system\msvcrt.dll

2012-07-24 10:12 . 2009-04-16 16:03 253952 ----a-w- c:\windows\system\msvcrt20.dll

2012-07-24 10:12 . 2009-04-16 16:02 210944 ----a-w- c:\windows\system\MSVCRT10.DLL

2012-07-24 10:12 . 2009-04-16 16:02 33792 ----a-w- c:\windows\system\_ISREG32.DLL

2012-07-23 17:48 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-23 17:48 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-07-22 15:02 . 2012-07-22 15:02 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\c01fd6e1cd681b02\MeshBetaRemover.exe

2012-07-22 15:02 . 2012-07-22 15:02 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\235130d1cd681b01\DSETUP.dll

2012-07-22 15:02 . 2012-07-22 15:02 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\235130d1cd681b01\DXSETUP.exe

2012-07-22 15:02 . 2012-07-22 15:02 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\235130d1cd681b01\dsetup32.dll

2012-07-22 09:06 . 2012-07-22 09:06 -------- d-----w- c:\program files (x86)\iColorFolder

2012-07-22 09:04 . 2012-07-22 09:04 160745 ----a-w- c:\windows\Sqirlz Water Reflections Uninstaller.exe

2012-07-22 09:04 . 2012-07-22 09:04 -------- d-----w- c:\program files (x86)\Sqirlz Water Reflections

2012-07-22 09:01 . 2012-07-22 09:01 -------- d-----w- c:\program files (x86)\PSP Thumbnail Handler

2012-07-22 09:00 . 2012-07-22 09:00 -------- d-----w- c:\program files (x86)\FMPatcher

2012-07-22 06:39 . 2012-07-22 06:39 -------- d-----w- c:\programdata\InstallShield

2012-07-22 06:38 . 2012-07-22 06:39 -------- d-----w- c:\program files (x86)\Common Files\Jasc Software Inc

2012-07-21 14:00 . 2012-07-22 06:38 -------- d-----w- c:\program files (x86)\Jasc Software Inc

2012-07-21 13:16 . 2012-07-21 13:16 -------- d-----w- c:\program files (x86)\Font Xplorer

2012-07-21 07:56 . 2012-07-21 07:56 -------- d-----r- C:\MSOCache

2012-07-20 15:57 . 2012-07-20 15:57 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2012-07-20 15:57 . 2012-07-20 15:57 -------- d-----w- c:\program files (x86)\AVG Secure Search

2012-07-20 15:56 . 2012-07-20 15:56 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-07-20 15:55 . 2012-07-24 10:07 -------- d-----w- c:\windows\system32\drivers\AVG

2012-07-20 15:55 . 2012-07-20 15:55 -------- d-----w- C:\$AVG

2012-07-20 15:35 . 2011-12-19 16:55 34624 ----a-w- c:\windows\system32\TURegOpt.exe

2012-07-20 15:35 . 2011-12-19 16:50 25920 ----a-w- c:\windows\system32\authuitu.dll

2012-07-20 15:35 . 2011-12-19 16:50 36160 ----a-w- c:\windows\system32\uxtuneup.dll

2012-07-20 15:35 . 2011-12-19 16:50 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll

2012-07-20 15:35 . 2011-12-19 16:50 21312 ----a-w- c:\windows\SysWow64\authuitu.dll

2012-07-20 15:35 . 2012-07-20 15:35 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011

2012-07-20 15:03 . 2012-07-20 15:22 -------- d-----w- c:\programdata\VirtualizedApplications

2012-07-20 11:38 . 2012-07-20 11:38 0 ----a-w- c:\windows\SysWow64\shoFEA.tmp

2012-07-20 11:34 . 2012-07-20 11:34 -------- d-----w- c:\program files (x86)\Microsoft.NET

2012-07-20 11:24 . 2012-07-20 11:24 -------- d-----w- c:\programdata\Microsoft Help

2012-07-20 11:22 . 2012-07-21 19:04 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client

2012-07-20 11:22 . 2012-07-20 11:22 -------- d-----w- c:\program files\Microsoft Office

2012-07-20 10:57 . 2012-07-20 10:57 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-20 10:31 . 2012-07-03 01:19 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-20 10:22 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-20 10:17 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe

2012-07-20 09:47 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe

2012-07-20 09:46 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-20 09:46 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-07-20 09:46 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-07-20 09:46 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-07-20 09:46 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-07-20 09:46 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-07-20 09:46 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-07-20 09:46 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2012-07-20 09:44 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll

2012-07-20 09:44 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll

2012-07-20 09:43 . 2012-07-22 12:19 88 --sh--r- c:\windows\SysWow64\C4954754C7.sys

2012-07-20 09:39 . 2012-07-20 09:39 -------- d-----w- c:\windows\SysWow64\Spool

2012-07-20 09:38 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-07-20 08:58 . 2012-07-20 10:25 -------- d-----w- c:\windows\SysWow64\Wat

2012-07-20 08:58 . 2012-07-20 10:25 -------- d-----w- c:\windows\system32\Wat

2012-07-20 08:51 . 2012-07-20 08:51 -------- d-----w- c:\program files (x86)\MSXML 4.0

2012-07-20 08:34 . 2012-07-21 08:49 -------- d-----w- c:\programdata\AVG2012

2012-07-20 08:33 . 2012-07-20 08:33 -------- d-----w- c:\program files (x86)\AVG

2012-07-20 08:31 . 2012-07-24 10:07 -------- d-----w- c:\programdata\MFAData

2012-07-20 08:23 . 2012-07-20 08:35 -------- d-----w- c:\programdata\AVG Secure Search

2012-07-20 08:22 . 2012-07-20 15:57 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2012-07-20 08:21 . 2012-07-20 15:35 -------- d-----w- c:\programdata\TuneUp Software

2012-07-20 08:21 . 2012-07-20 08:21 -------- d--h--w- c:\programdata\Common Files

2012-07-19 18:46 . 2012-07-19 18:46 -------- d-----w- c:\programdata\Malwarebytes

2012-07-19 18:46 . 2012-07-20 09:29 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-19 14:00 . 2012-07-19 14:13 -------- d-----w- c:\programdata\Corel

2012-07-19 13:59 . 2012-07-22 13:28 -------- d-----w- c:\program files (x86)\Common Files\Corel

2012-07-19 13:22 . 2012-07-24 10:15 5120 --sha-w- c:\windows\SysWow64\KGyGaAvL.sys

2012-07-19 13:21 . 2012-07-22 13:24 -------- d-----w- c:\program files (x86)\Corel

2012-07-19 12:48 . 2012-07-19 12:48 -------- d-----w- c:\programdata\Photo Notifier and Animation Creator

2012-07-19 12:48 . 2012-07-19 12:48 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator

2012-07-19 12:47 . 2012-07-19 12:47 -------- d-----w- c:\program files (x86)\IncrediMail

2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\program files (x86)\Common Files\Skype

2012-07-19 11:43 . 2012-07-19 11:43 -------- d-----w- c:\programdata\IBUpdaterService

2012-07-19 11:43 . 2012-07-19 11:41 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_539\uninstall.exe

2012-07-19 11:43 . 2012-07-19 11:41 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe

2012-07-19 11:42 . 2012-07-19 11:42 -------- d-----w- c:\programdata\IM

2012-07-19 11:42 . 2012-07-19 11:42 -------- d-----w- c:\programdata\IncrediMail

2012-07-19 11:23 . 2012-07-19 11:23 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-07-19 10:15 . 2012-07-19 10:15 -------- d---a-w- C:\book

2012-07-19 10:11 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-07-19 10:11 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-07-19 10:11 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-07-19 10:11 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-07-19 10:11 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-07-19 10:11 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-07-19 10:11 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-07-19 10:11 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-07-19 10:11 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-07-19 10:09 . 2012-07-19 10:09 -------- d-----w- c:\program files (x86)\OEM

2012-07-19 10:08 . 2012-07-19 10:09 -------- d-----w- c:\program files (x86)\Kobo

2012-07-19 10:08 . 2012-07-19 10:08 -------- d-----w- c:\program files\Accessory Store

2012-07-19 10:07 . 2012-07-19 10:07 -------- d-----w- c:\program files\Preload

2012-07-19 10:07 . 2012-07-22 16:58 -------- d-----w- c:\users\Nel

2012-07-19 10:05 . 2012-07-19 10:05 -------- d-----w- C:\Recovery

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-19 10:18 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2012-04-28 20:11 . 2012-04-28 20:11 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\qwavedrv.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 5632 ----a-w- c:\windows\SysWow64\drivers\nl-NL\ndiscap.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 50688 ----a-w- c:\windows\SysWow64\drivers\nl-NL\tcpip.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 26624 ----a-w- c:\windows\SysWow64\drivers\nl-NL\bfe.dll.mui

2012-04-28 20:10 . 2012-04-28 20:10 16896 ----a-w- c:\windows\SysWow64\drivers\nl-NL\pacer.sys.mui

2012-04-28 20:10 . 2012-04-28 20:10 2560 ----a-w- c:\windows\SysWow64\drivers\nl-NL\scfilter.sys.mui

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-23_19.49.44 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-24 10:10 . 2009-04-16 16:03 32768 c:\windows\SysWOW64\com\plugin.dll

+ 2012-07-24 10:10 . 2009-04-16 16:03 61440 c:\windows\SysWOW64\com\msvcrt40.dll

+ 2012-07-24 10:10 . 2009-04-16 16:03 57344 c:\windows\SysWOW64\com\icmfilter.dll

+ 2012-07-24 10:10 . 2009-04-16 16:02 33792 c:\windows\SysWOW64\com\_ISREG32.DLL

+ 2010-11-21 03:09 . 2012-07-24 06:40 59226 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-24 10:16 36612 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2012-07-19 10:08 . 2012-07-24 07:05 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2012-07-19 10:08 . 2012-07-23 19:16 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-07-19 10:08 . 2012-07-24 07:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-07-19 10:08 . 2012-07-23 19:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-23 19:16 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-07-24 07:05 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-07-24 10:13 . 2009-04-16 16:02 33792 c:\windows\system32\_ISREG32.DLL

+ 2012-07-24 10:12 . 2009-04-16 16:02 33792 c:\windows\system\_ISREG32.DLL

+ 2009-07-14 04:46 . 2012-07-24 06:46 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-07-19 10:09 . 2012-07-24 10:16 8170 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2088802119-1191371545-69361678-1001_UserData.bin

- 2012-07-23 19:39 . 2012-07-23 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-24 10:56 . 2012-07-24 10:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-23 19:39 . 2012-07-23 19:39 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-24 10:56 . 2012-07-24 10:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-24 10:10 . 2009-04-16 16:04 385100 c:\windows\SysWOW64\com\MSVCRTD.DLL

+ 2012-07-24 10:10 . 2009-04-16 16:03 253952 c:\windows\SysWOW64\com\msvcrt20.dll

+ 2012-07-24 10:10 . 2009-04-16 16:02 210944 c:\windows\SysWOW64\com\MSVCRT10.DLL

+ 2012-07-24 10:10 . 2009-04-16 16:03 343040 c:\windows\SysWOW64\com\msvcrt.dll

+ 2012-07-19 11:15 . 2012-07-24 10:03 176928 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2012-04-28 20:11 . 2012-07-24 10:19 702008 c:\windows\system32\perfh013.dat

- 2012-04-28 20:11 . 2012-07-21 19:17 702008 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-07-21 19:17 616452 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-07-24 10:19 616452 c:\windows\system32\perfh009.dat

- 2012-04-28 20:11 . 2012-07-21 19:17 133750 c:\windows\system32\perfc013.dat

+ 2012-04-28 20:11 . 2012-07-24 10:19 133750 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-07-24 10:19 106574 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-07-21 19:17 106574 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-07-24 10:55 243280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-07-23 19:38 243280 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-07-19 10:21 . 2012-07-24 10:55 2398052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2088802119-1191371545-69361678-1001-8192.dat

- 2012-07-19 10:21 . 2012-07-23 19:38 2398052 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2088802119-1191371545-69361678-1001-8192.dat

+ 2012-07-19 10:21 . 2012-07-24 10:55 11033384 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2088802119-1191371545-69361678-1001-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]

2012-07-20 15:57 2086496 ----a-w- c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll" [2012-07-20 2086496]

.

[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]

[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"midi2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 253600]

R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2012-03-09 36480]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2012-03-09 340096]

R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2012-03-09 111232]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2012-03-09 168064]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2012-03-09 68736]

R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2012-03-09 281472]

R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2012-03-09 551552]

R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-04-02 276248]

R3 DCDhcpService;DCDhcpService;c:\program files (x86)\Acer\WDAgent\DCDhcpService.exe [2012-02-10 111776]

R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-09-02 339048]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.5;c:\program files\Intel\TurboBoost\TurboBoost.exe [2012-01-20 149504]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-20 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]

S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-22 48992]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-07-20 30568]

S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2012-04-10 22648]

S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2012-04-10 20520]

S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2012-04-10 62776]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2012-03-09 107648]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2012-03-23 355920]

S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2012-02-08 871296]

S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2012-02-29 28264]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-30 13592]

S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-08-31 2425960]

S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2011-12-08 607456]

S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2011-12-16 161560]

S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-02-07 255376]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2012-01-05 256536]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-19 2028864]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2012-01-20 16128]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-12-16 363800]

S2 vToolbarUpdater12.1.3;vToolbarUpdater12.1.3;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe [2012-07-20 830048]

S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Atheros\Ath_WlanAgent.exe [2012-02-20 72864]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2012-03-09 30848]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]

S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]

S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-10-14 108656]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-07-07 11856]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-02-14 12448872]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://home.sweetim.com/?crg=3.8010003&st=12

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{474DCBF4-0DB1-4C6A-A014-1C2544E82698} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_222_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_222.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Launch Manager\LMutilps32.exe

c:\windows\SysWOW64\PSIService.exe

c:\program files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-24 13:01:01 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-24 11:01

ComboFix2.txt 2012-07-23 19:51

.

Pre-Run: 429.666.918.400 bytes beschikbaar

Post-Run: 429.328.912.384 bytes beschikbaar

.

- - End Of File - - BFC1BB09BFB02F3F59866DADEF327538

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.