Ga naar inhoud

Malware???


Aanbevolen berichten

ComboFix 12-07-31.03 - snowy 02-08-2012 11:32:19.4.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1050 [GMT 2:00]

Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\boost_interprocess\20120802104653.500000

c:\programdata\boost_interprocess\20120802104653.500000\Nobu64AgentService

c:\programdata\boost_interprocess\20120802104653.500000\Nobu64TrayIcon

c:\programdata\JbC4WEbL0uhiwo

c:\users\snowy\AppData\Roaming\log.txt

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\install.rdf

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\update.css

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))

.

.

2012-08-02 10:26 . 2012-08-02 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-02 08:48 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-08-01 18:22 . 2012-08-01 18:22 -------- d-----w- c:\users\snowy\AppData\Roaming\Panda Security

2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\programdata\Panda Security

2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\program files (x86)\Panda Security

2012-08-01 12:15 . 2012-08-01 12:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-01 12:15 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-01 11:26 . 2012-08-01 11:26 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-31 17:16 . 2012-07-31 17:16 -------- d-----w- c:\windows\SysWow64\Extensions

2012-07-31 00:38 . 2012-07-31 00:38 -------- d-----w- c:\programdata\Great Secrets

2012-07-28 20:18 . 2012-07-28 20:18 -------- d-----w- c:\users\snowy\AppData\Roaming\Mystery of Mortlake Mansion

2012-07-28 09:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\mpengine.dll

2012-07-28 09:37 . 2012-07-28 15:05 -------- d-----w- c:\programdata\HitmanPro

2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Yontoo

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\IBUpdaterService

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\program files (x86)\Conduit

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\users\snowy\AppData\Local\Conduit

2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\appbario8

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_555\uninstall.exe

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\windows\SysWow64\searchplugins

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\Sidekick Manager

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_540\uninstall.exe

2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\users\snowy\AppData\Local\Savings Sidekick

2012-07-28 09:21 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Savings Sidekick

2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\programdata\Hitman Pro

2012-07-23 22:01 . 2012-07-23 22:01 -------- d-----w- c:\users\snowy\AppData\Roaming\iMaxGen

2012-07-23 21:47 . 2012-07-23 21:47 -------- d-----w- c:\users\snowy\AppData\Roaming\HdO Adventure

2012-07-23 21:46 . 2012-07-23 21:46 -------- d-----w- c:\program files (x86)\MyPlayCity.com

2012-07-23 21:43 . 2012-07-28 20:15 -------- d-----w- c:\program files (x86)\GameTop.com

2012-07-13 19:09 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\Photo Notifier and Animation Creator

2012-07-13 19:09 . 2012-07-13 19:09 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator

2012-07-13 19:08 . 2012-07-17 12:50 -------- d-----w- c:\users\snowy\AppData\Local\IM

2012-07-13 19:08 . 2012-07-17 12:44 -------- d-----w- c:\programdata\IncrediMail

2012-07-13 19:08 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\IM

2012-07-13 05:02 . 2012-07-13 05:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-07-13 05:02 . 2012-07-13 05:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-07-13 05:02 . 2012-07-13 05:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-07-13 05:02 . 2012-07-13 05:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-07-13 05:02 . 2012-07-13 05:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-07-12 09:18 . 2012-07-12 09:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-07-12 00:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 05:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 05:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 05:18 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 05:18 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 05:18 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 05:18 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 05:18 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 05:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 05:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 05:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 05:18 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-11 05:18 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 05:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 05:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-10 13:44 . 2012-07-10 13:44 -------- d-----w- C:\Games

2012-07-10 13:43 . 2012-07-10 13:43 -------- d-----w- c:\program files (x86)\RealArcade

2012-07-10 13:23 . 2012-07-10 13:25 -------- d-----w- c:\program files (x86)\Echoes of the Past - De Citadels der Tijd

2012-07-10 13:14 . 2012-07-22 23:01 -------- d-----w- c:\program files (x86)\Hidden Identity - Chicago Blackout

2012-07-10 11:55 . 2012-07-10 11:55 -------- d--h--w- c:\users\snowy\AppData\Roaming\TikisLab

2012-07-09 20:11 . 2012-07-17 12:51 -------- d-----w- c:\users\snowy\AppData\Local\TheCursedIsland

2012-07-09 15:07 . 2012-07-09 15:07 -------- d--h--w- c:\users\snowy\AppData\Roaming\Amulet_of_time

2012-07-09 14:28 . 2012-07-09 14:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-09 14:28 . 2012-07-09 14:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-09 14:28 . 2012-07-09 14:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-07-09 14:28 . 2012-07-09 14:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-07-09 14:28 . 2012-07-09 14:28 -------- d-----w- c:\program files (x86)\OpenAL

2012-07-09 00:02 . 2012-07-09 00:02 -------- d--h--w- c:\users\snowy\AppData\Roaming\tabagames

2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-26 20:25 . 2012-04-03 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-26 20:25 . 2011-09-28 21:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 00:35 . 2011-09-30 22:44 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-27 13:51 . 2012-06-27 13:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-06-27 13:51 . 2012-06-27 13:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-06-27 13:51 . 2012-06-27 13:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-06-27 13:51 . 2012-06-27 13:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys

2012-06-27 13:51 . 2012-06-27 13:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-06-27 13:51 . 2012-06-27 13:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-06-27 13:51 . 2012-06-27 13:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys

2012-06-27 13:51 . 2012-06-27 13:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-06-27 13:51 . 2012-06-27 13:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-06-02 22:19 . 2012-06-19 02:02 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 02:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 02:02 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 02:02 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 02:02 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 02:02 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 02:02 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-19 02:01 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-19 02:01 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2011-11-25 21:14 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 11:06 . 2012-06-14 00:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-06-22 5283680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]

"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\SIDEKI~1\22513~1.159\{6F06C~1\sskmngr.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]

R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544]

S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128]

S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776]

S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192]

S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224]

S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776]

S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680]

S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096]

S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680]

S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688]

S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088]

S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Sidekick Manager;Sidekick Manager;c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe [2012-07-28 1691680]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - PSKMAD

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:25]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://packardbell.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.hmpg - true

FF - user.js: extensions.Softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc=

FF - user.js: extensions.Softonic.hpOld -

FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc=

FF - user.js: extensions.Softonic_i.dfltSrch - true

FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)

FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=2&cc=&q=

FF - user.js: extensions.Softonic.dspOld - Google (Language: nl)

FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)

FF - user.js: extensions.Softonic_i.dnsErr - true

FF - user.js: extensions.Softonic_i.newTab - true

FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=15&cc=

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - d8f481be00000000000006659d69f6f9

FF - user.js: extensions.Softonic.instlDay - 15429

FF - user.js: extensions.Softonic.vrsn - 1.5.21.0

FF - user.js: extensions.Softonic.vrsni - 1.5.21.0

FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.015:49

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00086

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

FF - user.js: extentions.y2layers.installId - 85906e91-797c-4adc-b844-be8b54271663

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-02 13:01:13

ComboFix-quarantined-files.txt 2012-08-02 11:01

.

Pre-Run: 234.996.920.320 bytes beschikbaar

Post-Run: 234.605.531.136 bytes beschikbaar

.

- - End Of File - - 6DF95F99941D3F24661279A3E79D542F

annacht werd het h'm dus niet i.v.m. het onweer, maar heb het vanochtend laten lopen. Er staat in je vorige bericht; Belangrijk maak een shortcut van combofix heb echter nergens gezien hoe ik dit kon doen. hier de scan van combofix die uren gedraaid heeft.

ComboFix 12-07-31.03 - snowy 02-08-2012 11:32:19.4.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1050 [GMT 2:00]

Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\boost_interprocess\20120802104653.500000

c:\programdata\boost_interprocess\20120802104653.500000\Nobu64AgentService

c:\programdata\boost_interprocess\20120802104653.500000\Nobu64TrayIcon

c:\programdata\JbC4WEbL0uhiwo

c:\users\snowy\AppData\Roaming\log.txt

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome.manifest

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\background.html

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\browser.xul

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossrider.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\crossriderapi.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\dialog.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\options.xul

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\search_dialog.xul

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\chrome\content\update.html

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\defaults\preferences\prefs.js

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\install.rdf

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\locale\en-US\translations.dtd

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button1.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button2.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button3.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button4.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\button5.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\crossrider_statusbar.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon128.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon16.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon24.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\icon48.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\panelarrow-up.png

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.css

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup.html

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\popup_binding.xml

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\skin.css

c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\extensions\crossriderapp5060@crossrider.com\skin\update.css

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))

.

.

2012-08-02 10:26 . 2012-08-02 10:26 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-02 08:48 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-08-01 18:22 . 2012-08-01 18:22 -------- d-----w- c:\users\snowy\AppData\Roaming\Panda Security

2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\programdata\Panda Security

2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\program files (x86)\Panda Security

2012-08-01 12:15 . 2012-08-01 12:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-01 12:15 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-01 11:26 . 2012-08-01 11:26 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-31 17:16 . 2012-07-31 17:16 -------- d-----w- c:\windows\SysWow64\Extensions

2012-07-31 00:38 . 2012-07-31 00:38 -------- d-----w- c:\programdata\Great Secrets

2012-07-28 20:18 . 2012-07-28 20:18 -------- d-----w- c:\users\snowy\AppData\Roaming\Mystery of Mortlake Mansion

2012-07-28 09:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\mpengine.dll

2012-07-28 09:37 . 2012-07-28 15:05 -------- d-----w- c:\programdata\HitmanPro

2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Yontoo

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\IBUpdaterService

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\program files (x86)\Conduit

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\users\snowy\AppData\Local\Conduit

2012-07-28 09:22 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\appbario8

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_555\uninstall.exe

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\windows\SysWow64\searchplugins

2012-07-28 09:22 . 2012-07-28 09:22 -------- d-----w- c:\programdata\Sidekick Manager

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_540\uninstall.exe

2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\users\snowy\AppData\Local\Savings Sidekick

2012-07-28 09:21 . 2012-08-01 12:13 -------- d-----w- c:\program files (x86)\Savings Sidekick

2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\programdata\Hitman Pro

2012-07-23 22:01 . 2012-07-23 22:01 -------- d-----w- c:\users\snowy\AppData\Roaming\iMaxGen

2012-07-23 21:47 . 2012-07-23 21:47 -------- d-----w- c:\users\snowy\AppData\Roaming\HdO Adventure

2012-07-23 21:46 . 2012-07-23 21:46 -------- d-----w- c:\program files (x86)\MyPlayCity.com

2012-07-23 21:43 . 2012-07-28 20:15 -------- d-----w- c:\program files (x86)\GameTop.com

2012-07-13 19:09 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\Photo Notifier and Animation Creator

2012-07-13 19:09 . 2012-07-13 19:09 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator

2012-07-13 19:08 . 2012-07-17 12:50 -------- d-----w- c:\users\snowy\AppData\Local\IM

2012-07-13 19:08 . 2012-07-17 12:44 -------- d-----w- c:\programdata\IncrediMail

2012-07-13 19:08 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\IM

2012-07-13 05:02 . 2012-07-13 05:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-07-13 05:02 . 2012-07-13 05:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-07-13 05:02 . 2012-07-13 05:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-07-13 05:02 . 2012-07-13 05:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-07-13 05:02 . 2012-07-13 05:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-07-12 09:18 . 2012-07-12 09:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-07-12 00:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 05:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 05:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 05:18 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 05:18 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 05:18 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 05:18 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 05:18 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 05:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 05:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 05:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 05:18 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-11 05:18 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 05:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 05:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-10 13:44 . 2012-07-10 13:44 -------- d-----w- C:\Games

2012-07-10 13:43 . 2012-07-10 13:43 -------- d-----w- c:\program files (x86)\RealArcade

2012-07-10 13:23 . 2012-07-10 13:25 -------- d-----w- c:\program files (x86)\Echoes of the Past - De Citadels der Tijd

2012-07-10 13:14 . 2012-07-22 23:01 -------- d-----w- c:\program files (x86)\Hidden Identity - Chicago Blackout

2012-07-10 11:55 . 2012-07-10 11:55 -------- d--h--w- c:\users\snowy\AppData\Roaming\TikisLab

2012-07-09 20:11 . 2012-07-17 12:51 -------- d-----w- c:\users\snowy\AppData\Local\TheCursedIsland

2012-07-09 15:07 . 2012-07-09 15:07 -------- d--h--w- c:\users\snowy\AppData\Roaming\Amulet_of_time

2012-07-09 14:28 . 2012-07-09 14:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-09 14:28 . 2012-07-09 14:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-09 14:28 . 2012-07-09 14:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-07-09 14:28 . 2012-07-09 14:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-07-09 14:28 . 2012-07-09 14:28 -------- d-----w- c:\program files (x86)\OpenAL

2012-07-09 00:02 . 2012-07-09 00:02 -------- d--h--w- c:\users\snowy\AppData\Roaming\tabagames

2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-26 20:25 . 2012-04-03 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-26 20:25 . 2011-09-28 21:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 00:35 . 2011-09-30 22:44 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-27 13:51 . 2012-06-27 13:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-06-27 13:51 . 2012-06-27 13:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-06-27 13:51 . 2012-06-27 13:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-06-27 13:51 . 2012-06-27 13:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys

2012-06-27 13:51 . 2012-06-27 13:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-06-27 13:51 . 2012-06-27 13:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-06-27 13:51 . 2012-06-27 13:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys

2012-06-27 13:51 . 2012-06-27 13:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-06-27 13:51 . 2012-06-27 13:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-06-02 22:19 . 2012-06-19 02:02 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 02:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 02:02 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 02:02 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 02:02 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 02:02 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 02:02 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-19 02:01 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-19 02:01 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2011-11-25 21:14 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 11:06 . 2012-06-14 00:01 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-06-22 5283680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]

"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\SIDEKI~1\22513~1.159\{6F06C~1\sskmngr.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]

R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544]

S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128]

S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776]

S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192]

S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224]

S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776]

S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680]

S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096]

S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680]

S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688]

S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088]

S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Sidekick Manager;Sidekick Manager;c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe [2012-07-28 1691680]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - PSKMAD

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:25]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://packardbell.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3227982&SearchSource=13

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3227982&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.hmpg - true

FF - user.js: extensions.Softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc=

FF - user.js: extensions.Softonic.hpOld -

FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc=

FF - user.js: extensions.Softonic_i.dfltSrch - true

FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)

FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=2&cc=&q=

FF - user.js: extensions.Softonic.dspOld - Google (Language: nl)

FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)

FF - user.js: extensions.Softonic_i.dnsErr - true

FF - user.js: extensions.Softonic_i.newTab - true

FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=15&cc=

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - d8f481be00000000000006659d69f6f9

FF - user.js: extensions.Softonic.instlDay - 15429

FF - user.js: extensions.Softonic.vrsn - 1.5.21.0

FF - user.js: extensions.Softonic.vrsni - 1.5.21.0

FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.015:49

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00086

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

FF - user.js: extentions.y2layers.installId - 85906e91-797c-4adc-b844-be8b54271663

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

WebBrowser-{0CC09160-108C-4759-BAB1-5C12C216E005} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-PokerStars - c:\program files (x86)\PokerStars\PokerStarsUninstall.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-08-02 13:01:13

ComboFix-quarantined-files.txt 2012-08-02 11:01

.

Pre-Run: 234.996.920.320 bytes beschikbaar

Post-Run: 234.605.531.136 bytes beschikbaar

.

- - End Of File - - 6DF95F99941D3F24661279A3E79D542F

Link naar reactie
Delen op andere sites

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files (x86)\Yontoo

c:\programdata\IBUpdaterService

c:\program files (x86)\Conduit

c:\users\snowy\AppData\Local\Conduit

c:\program files (x86)\appbario8

c:\windows\SysWow64\searchplugins

c:\programdata\Sidekick Manager

c:\users\snowy\AppData\Local\Savings Sidekick

c:\program files (x86)\Savings Sidekick

Firefox::

FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -

FF - user.js: extensions.Softonic.rvrtMsg - Click Yes to keep current home page and default search settings, Click No to restore original settings

FF - user.js: extensions.Softonic.autoRvrt - false

FF - user.js: extensions.Softonic_i.hmpg - true

FF - user.js: extensions.Softonic_i.hmpgUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc=

FF - user.js: extensions.Softonic.hpOld -

FF - user.js: extensions.Softonic.hpNew - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=13&cc=

FF - user.js: extensions.Softonic_i.dfltSrch - true

FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)

FF - user.js: extensions.Softonic.keyWordUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=2&cc=&q=

FF - user.js: extensions.Softonic.dspOld - Google (Language: nl)

FF - user.js: extensions.Softonic.dspNew - Search the web (Softonic)

FF - user.js: extensions.Softonic_i.dnsErr - true

FF - user.js: extensions.Softonic_i.newTab - true

FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=15&cc=

FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MON00086/tb_v1?SearchSource=1&cc=&q=

FF - user.js: extensions.Softonic.id - d8f481be00000000000006659d69f6f9

FF - user.js: extensions.Softonic.instlDay - 15429

FF - user.js: extensions.Softonic.vrsn - 1.5.21.0

FF - user.js: extensions.Softonic.vrsni - 1.5.21.0

FF - user.js: extensions.Softonic_i.vrsnTs - 1.5.21.015:49

FF - user.js: extensions.Softonic.prtnrId - softonic

FF - user.js: extensions.Softonic.prdct - Softonic

FF - user.js: extensions.Softonic.aflt - SD

FF - user.js: extensions.Softonic_i.smplGrp - none

FF - user.js: extensions.Softonic.tlbrId - base

FF - user.js: extensions.Softonic.instlRef - MON00086

FF - user.js: extensions.Softonic.dfltLng - nl

FF - user.js: extensions.Softonic.excTlbr - false

FF - user.js: extensions.Softonic.admin - false

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-07-31.03 - snowy 02-08-2012 14:09:45.5.1 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.1978.1020 [GMT 2:00]

Gestart vanuit: c:\users\snowy\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\snowy\Desktop\CFScript..txt

AV: Panda Cloud Antivirus *Disabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}

FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

SP: Panda Cloud Antivirus *Disabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\appbario8

c:\program files (x86)\appbario8\appbario8ToolbarHelper.exe

c:\program files (x86)\appbario8\GottenAppsContextMenu.xml

c:\program files (x86)\appbario8\ldrtbappb.dll

c:\program files (x86)\appbario8\OtherAppsContextMenu.xml

c:\program files (x86)\appbario8\SharedAppsContextMenu.xml

c:\program files (x86)\appbario8\tbappb.dll

c:\program files (x86)\appbario8\toolbar.cfg

c:\program files (x86)\appbario8\ToolbarContextMenu.xml

c:\program files (x86)\appbario8\uninstall.exe

c:\program files (x86)\Conduit

c:\program files (x86)\Conduit\Community Alerts\Alert.dll

c:\program files (x86)\Savings Sidekick

c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe

c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico

c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini

c:\program files (x86)\Savings Sidekick\Savings SidekickGui.exe

c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log

c:\program files (x86)\Savings Sidekick\Uninstall.exe

c:\program files (x86)\Yontoo

c:\programdata\IBUpdaterService

c:\programdata\IBUpdaterService\repository.xml

c:\programdata\Sidekick Manager

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\bProtect.settings

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501415fc0_202019f.dmp

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501415fc0_202019f.gz

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501522250_202019f.dmp

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501522250_202019f.gz

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501661e50_202019f.dmp

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501661e50_202019f.gz

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5017c95d0_202019f.dmp

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5017c95d0_202019f.gz

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5018ff610_202019f.dmp

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5018ff610_202019f.gz

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5019475b0_202019f.dmp

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\5019475b0_202019f.gz

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501a431a0_202019f.dmp

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\crashReports\501a431a0_202019f.gz

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\chrome.manifest

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-10.0.2.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-11.0.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-12.0.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-13.0.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-14.0.1.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-3.6.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-3.6.xpt

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-5.0.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-6.0.2.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-7.0.1.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-8.0.1.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\components\bprotector-9.0.1.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\content\bprotector.js

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\content\overlay.xul

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\FirefoxExtension\install.rdf

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.dll

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\sskmngr.exe

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\00

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\01

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\02

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\10

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\11

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\12

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\20

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\21

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\traking_settings\22

c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\Uninstall Manager.exe

c:\users\snowy\AppData\Local\Conduit

c:\users\snowy\AppData\Local\Conduit\CT3227982\appbario8AutoUpdateHelper.exe

c:\users\snowy\AppData\Local\Savings Sidekick

c:\users\snowy\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx

c:\windows\SysWow64\searchplugins

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_Sidekick Manager

-------\Service_Sidekick Manager

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-07-02 to 2012-08-02 ))))))))))))))))))))))))))))))

.

.

2012-08-02 13:19 . 2011-03-10 16:05 57928 ----a-w- c:\windows\system32\drivers\PSKMAD.sys

2012-08-02 13:16 . 2012-08-02 13:16 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-01 18:22 . 2012-08-01 18:22 -------- d-----w- c:\users\snowy\AppData\Roaming\Panda Security

2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\programdata\Panda Security

2012-08-01 18:20 . 2012-08-01 18:20 -------- d-----w- c:\program files (x86)\Panda Security

2012-08-01 12:15 . 2012-08-01 12:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-01 12:15 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-01 11:26 . 2012-08-01 11:26 -------- d-----w- c:\program files (x86)\Trend Micro

2012-07-31 17:16 . 2012-07-31 17:16 -------- d-----w- c:\windows\SysWow64\Extensions

2012-07-31 00:38 . 2012-07-31 00:38 -------- d-----w- c:\programdata\Great Secrets

2012-07-28 20:18 . 2012-07-28 20:18 -------- d-----w- c:\users\snowy\AppData\Roaming\Mystery of Mortlake Mansion

2012-07-28 09:44 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D8A0D0C-B639-45DE-ABB3-9B69587BF13F}\mpengine.dll

2012-07-28 09:37 . 2012-07-28 15:05 -------- d-----w- c:\programdata\HitmanPro

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_514\uninstall.exe

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_555\uninstall.exe

2012-07-28 09:22 . 2012-07-28 09:21 666272 ----a-w- c:\program files (x86)\Uninstall Information\ib_uninst_540\uninstall.exe

2012-07-28 09:21 . 2012-07-28 09:21 -------- d-----w- c:\programdata\Hitman Pro

2012-07-23 22:01 . 2012-07-23 22:01 -------- d-----w- c:\users\snowy\AppData\Roaming\iMaxGen

2012-07-23 21:47 . 2012-07-23 21:47 -------- d-----w- c:\users\snowy\AppData\Roaming\HdO Adventure

2012-07-23 21:46 . 2012-07-23 21:46 -------- d-----w- c:\program files (x86)\MyPlayCity.com

2012-07-23 21:43 . 2012-07-28 20:15 -------- d-----w- c:\program files (x86)\GameTop.com

2012-07-13 19:09 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\Photo Notifier and Animation Creator

2012-07-13 19:09 . 2012-07-13 19:09 -------- d-----w- c:\program files (x86)\Photo Notifier and Animation Creator

2012-07-13 19:08 . 2012-07-17 12:50 -------- d-----w- c:\users\snowy\AppData\Local\IM

2012-07-13 19:08 . 2012-07-17 12:44 -------- d-----w- c:\programdata\IncrediMail

2012-07-13 19:08 . 2012-07-13 19:09 -------- d--h--w- c:\programdata\IM

2012-07-13 05:02 . 2012-07-13 05:02 130088 ----a-w- c:\windows\system32\drivers\PSINProt.sys

2012-07-13 05:02 . 2012-07-13 05:02 205352 ----a-w- c:\windows\system32\drivers\PSINKNC.sys

2012-07-13 05:02 . 2012-07-13 05:02 123944 ----a-w- c:\windows\system32\drivers\PSINProc.sys

2012-07-13 05:02 . 2012-07-13 05:02 167464 ----a-w- c:\windows\system32\drivers\PSINAflt.sys

2012-07-13 05:02 . 2012-07-13 05:02 119336 ----a-w- c:\windows\system32\drivers\PSINFile.sys

2012-07-12 09:18 . 2012-07-12 09:18 219688 ----a-w- c:\windows\system32\drivers\NNSStrm.sys

2012-07-12 00:41 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 05:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 05:18 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-11 05:18 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-11 05:18 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2012-07-11 05:18 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll

2012-07-11 05:18 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2012-07-11 05:18 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2012-07-11 05:18 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll

2012-07-11 05:18 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll

2012-07-11 05:18 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll

2012-07-11 05:18 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-07-11 05:18 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-07-11 05:18 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll

2012-07-11 05:18 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll

2012-07-10 13:44 . 2012-07-10 13:44 -------- d-----w- C:\Games

2012-07-10 13:43 . 2012-07-10 13:43 -------- d-----w- c:\program files (x86)\RealArcade

2012-07-10 13:23 . 2012-07-10 13:25 -------- d-----w- c:\program files (x86)\Echoes of the Past - De Citadels der Tijd

2012-07-10 13:14 . 2012-07-22 23:01 -------- d-----w- c:\program files (x86)\Hidden Identity - Chicago Blackout

2012-07-10 11:55 . 2012-07-10 11:55 -------- d--h--w- c:\users\snowy\AppData\Roaming\TikisLab

2012-07-09 20:11 . 2012-07-17 12:51 -------- d-----w- c:\users\snowy\AppData\Local\TheCursedIsland

2012-07-09 15:07 . 2012-07-09 15:07 -------- d--h--w- c:\users\snowy\AppData\Roaming\Amulet_of_time

2012-07-09 14:28 . 2012-07-09 14:28 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-07-09 14:28 . 2012-07-09 14:28 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-07-09 14:28 . 2012-07-09 14:28 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-07-09 14:28 . 2012-07-09 14:28 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-07-09 14:28 . 2012-07-09 14:28 -------- d-----w- c:\program files (x86)\OpenAL

2012-07-09 00:02 . 2012-07-09 00:02 -------- d--h--w- c:\users\snowy\AppData\Roaming\tabagames

2012-07-05 16:45 . 2012-07-05 16:45 5030088 ----a-w- c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-26 20:25 . 2012-04-03 08:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-26 20:25 . 2011-09-28 21:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 00:35 . 2011-09-30 22:44 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-27 13:51 . 2012-06-27 13:51 105000 ----a-w- c:\windows\system32\drivers\NNStlsc.sys

2012-06-27 13:51 . 2012-06-27 13:51 112680 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys

2012-06-27 13:51 . 2012-06-27 13:51 109096 ----a-w- c:\windows\system32\drivers\NNSPrv.sys

2012-06-27 13:51 . 2012-06-27 13:51 68648 ----a-w- c:\windows\system32\drivers\NNSPihsw.sys

2012-06-27 13:51 . 2012-06-27 13:51 304680 ----a-w- c:\windows\system32\drivers\NNSProt.sys

2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSPop3.sys

2012-06-27 13:51 . 2012-06-27 13:51 93224 ----a-w- c:\windows\system32\drivers\NNSpicc.sys

2012-06-27 13:51 . 2012-06-27 13:51 33320 ----a-w- c:\windows\system32\drivers\NNSNAHSL.sys

2012-06-27 13:51 . 2012-06-27 13:51 113192 ----a-w- c:\windows\system32\drivers\NNSIds.sys

2012-06-27 13:51 . 2012-06-27 13:51 89128 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys

2012-06-27 13:51 . 2012-06-27 13:51 116776 ----a-w- c:\windows\system32\drivers\NNSHttp.sys

2012-06-02 22:19 . 2012-06-19 02:02 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 02:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 02:02 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 02:02 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 02:02 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 02:02 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 02:02 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 13:19 . 2012-06-19 02:01 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 13:15 . 2012-06-19 02:01 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 10:25 . 2011-11-25 21:14 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-02_10.26.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-02 13:18 . 2012-08-02 13:18 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2012-08-02 00:19 . 2012-08-02 00:19 13318 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat

- 2009-07-14 04:54 . 2012-08-02 08:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-02 13:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2012-08-02 13:22 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-02 08:52 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-02 13:22 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-02 08:52 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 05:10 . 2012-08-02 13:21 52938 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-09-26 09:51 . 2012-08-02 13:21 23622 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1153778155-1967841725-190187470-1001_UserData.bin

- 2012-08-02 08:48 . 2012-08-02 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-02 13:19 . 2012-08-02 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-02 08:48 . 2012-08-02 08:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-08-02 13:19 . 2012-08-02 13:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-09-26 15:22 . 2012-08-02 12:56 438170 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 05:01 . 2012-08-02 00:18 235928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-08-02 13:17 235928 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-09-28 22:47 . 2012-08-02 00:18 5021979 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1153778155-1967841725-190187470-1001-8192.dat

+ 2011-09-28 22:47 . 2012-08-02 13:17 5021979 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1153778155-1967841725-190187470-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-06-22 5283680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe" [2010-06-28 263936]

"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]

"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-06 600688]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2012-05-01 3151512]

"PSUAMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2012-07-13 37152]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys [2012-06-27 33320]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update-service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-26 250056]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2010-05-24 246304]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-28 1255736]

R4 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys [2012-06-27 68648]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-26 834544]

S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys [2012-06-27 89128]

S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys [2012-06-27 116776]

S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys [2012-06-27 113192]

S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys [2012-06-27 93224]

S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys [2012-06-27 116776]

S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys [2012-06-27 304680]

S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys [2012-06-27 109096]

S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys [2012-06-27 112680]

S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys [2012-07-12 219688]

S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys [2012-06-27 105000]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2012-07-13 205352]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]

S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]

S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-07-13 140064]

S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]

S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-07-13 167464]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2012-07-13 119336]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2012-07-13 123944]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2012-07-13 130088]

S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-07-13 36640]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]

S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-07-09 139264]

S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys [2011-03-10 57928]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:25]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-13 12:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-14 165912]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-14 387608]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-14 365592]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]

"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]

"combofix"="c:\combofix\CF23649.3XE" [2010-11-20 345088]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://packardbell.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files (x86)\PokerStars.EU\PokerStarsUpdate.exe

TCP: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\snowy\AppData\Roaming\Mozilla\Firefox\Profiles\1khia0hb.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: security.csp.enable - false

FF - user.js: extentions.y2layers.installId - 85906e91-797c-4adc-b844-be8b54271663

FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-{0cc09160-108c-4759-bab1-5c12c216e005} - (no file)

BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)

WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)

AddRemove-appbario8 Toolbar - c:\program files (x86)\appbario8\uninstall.exe

AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe

AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\Sidekick Manager\2.2.513.159\{6f06cdeb-5de2-4520-aef2-1aa556ca7a6b}\Uninstall Manager.exe

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1153778155-1967841725-190187470-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-08-02 16:15:34 - machine werd herstart

ComboFix-quarantined-files.txt 2012-08-02 14:15

ComboFix2.txt 2012-08-02 11:01

.

Pre-Run: 234.655.703.040 bytes beschikbaar

Post-Run: 234.423.926.784 bytes beschikbaar

.

- - End Of File - - 37CB1D71ED7E471EA11E130C7EE139B2

Link naar reactie
Delen op andere sites

Ik ben aan het werk ( voor zover mogelijk ) op mijn lappie krijg echter bij zowat alles wat ik probeer te gebruiken de kreet " Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering" Dit gold ook voor het Internet zowel Mozilla als IE. Dit heb ik kunnen openen als zijn administrator. Maar heb bijvoorbeeld nu geen geluid op mijn lappie als ik dit probeer aan te zetten krijg ik bovenstaande kreet te zien, hetzelfde als ik probeer foto's van mijn fotokaart op de laptop te krijgen.

Link naar reactie
Delen op andere sites

Dit is idd opgelost waarvoor mijn dank.Nu de hamvraag. Is er een mogelijkheid dat de bestanden die weg zijn weer ergens tevoorschijn gehaald kunnen worden? Wat ik begrepen heb van het art. is dat de malware deze als verborgen bestanden maakt. Of is alles echt foetsie? Was het een virus/malware? Of was er iets anders aan de hand op mijn lappie?

Link naar reactie
Delen op andere sites

Verwijder nog zeker de gebruikte tools én de restjes van de besmetting.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In Windows 7

  • via Start -> Configuratiescherm -> Systeem & Beveiliging -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.
  • Klik nu op "verwijderen" om alle herstelpunten te verwijderen.
  • Klik op "Toepassen" en "OK".
  • Herstart nu de PC.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.