ComboFix 12-07-12.02 - Tom 13/07/2012 1:30.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3956.2443 [GMT 2:00] Gestart vanuit: c:\users\Tom\Desktop\ComboFix.exe gebruikte Opdracht switches :: / Unistall AV: BitDefender Antivirus *Disabled/Updated* {982ADE23-275B-0766-37C5-DE01A484098E} FW: BitDefender Firewall *Disabled* {A0115F06-6D34-063E-1C9A-77345A574EF5} SP: BitDefender Antispyware *Disabled/Updated* {234B3FC7-0161-08E8-0D75-E573DF034333} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . -- Voorgaande Run -- . Besmet exemplaar van c:\windows\system32\Services.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\ERDNT\cache64\services.exe . -------- . c:\windows\SysWow64\Drivers\atapi.sys . . . is geïnfecteerd!! . . (((((((((((((((((((( Bestanden Gemaakt van 2012-06-12 to 2012-07-12 )))))))))))))))))))))))))))))) . . 2012-07-12 23:55 . 2012-07-12 23:55 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-07-12 23:55 . 2012-07-12 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-12 22:10 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-12 21:42 . 2012-06-06 06:05 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll 2012-07-12 21:42 . 2012-06-06 06:05 1499136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll 2012-07-12 21:42 . 2012-06-06 06:05 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll 2012-07-12 21:42 . 2012-06-06 05:05 1019904 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll 2012-07-12 21:42 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll 2012-07-12 21:42 . 2012-06-06 05:03 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-07-12 21:42 . 2012-06-06 06:05 61440 ----a-w- c:\program files\Common Files\System\ado\msador15.dll 2012-07-12 21:42 . 2012-06-06 06:02 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-07-12 21:42 . 2012-06-06 05:05 143360 ----a-w- c:\program files (x86)\Common Files\System\ado\msjro.dll 2012-07-12 21:42 . 2012-06-06 05:05 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll 2012-07-12 21:42 . 2012-06-06 05:05 57344 ----a-w- c:\program files (x86)\Common Files\System\ado\msador15.dll 2012-07-12 21:42 . 2012-06-06 05:05 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll 2012-07-12 21:42 . 2012-06-06 05:05 212992 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll 2012-07-12 21:31 . 2012-07-12 21:31 -------- d-----w- c:\users\Tom\AppData\Roaming\BitDefender 2012-07-12 21:30 . 2012-07-12 21:35 -------- d-----w- c:\programdata\BitDefender 2012-07-12 21:30 . 2012-07-12 21:31 -------- d-----w- c:\program files\Common Files\BitDefender 2012-07-12 21:30 . 2012-07-12 21:30 -------- d-----w- c:\program files\BitDefender 2012-07-12 21:26 . 2012-07-12 21:26 -------- d-----w- c:\program files (x86)\Common Files\BitDefender 2012-07-12 21:19 . 2012-07-12 21:20 74195 ----a-w- C:\BdUninstallTool2012.07.12-11.19.15.reg 2012-07-11 19:06 . 2012-07-11 19:06 -------- d-----w- C:\_OTL 2012-07-05 14:15 . 2012-07-11 20:41 -------- d-----w- C:\sh4ldr 2012-07-05 14:15 . 2012-07-05 14:15 -------- d-----w- c:\program files\Enigma Software Group 2012-07-05 13:26 . 2012-07-05 13:26 -------- d-----w- c:\users\Tom\AppData\Roaming\SpeedyPC Software 2012-07-05 13:26 . 2012-07-05 13:26 -------- d-----w- c:\users\Tom\AppData\Roaming\DriverCure 2012-07-05 13:26 . 2012-07-05 13:26 -------- d-----w- c:\programdata\SpeedyPC Software 2012-07-05 13:26 . 2012-07-05 13:26 -------- d-----w- c:\program files (x86)\Common Files\SpeedyPC Software 2012-07-05 12:31 . 2012-07-05 12:31 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-04 22:12 . 2012-07-04 22:12 -------- d-----w- c:\users\Tom\AppData\Local\Macromedia 2012-07-04 21:59 . 2012-07-12 23:00 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-04 21:59 . 2012-07-04 21:59 -------- d-----w- c:\windows\system32\Macromed 2012-06-22 16:03 . 2012-06-22 16:03 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-22 16:03 . 2012-06-22 16:03 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-21 06:15 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 06:15 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 06:15 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 06:15 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 06:14 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 06:14 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 06:14 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 06:14 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 06:14 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-13 05:49 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 05:49 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 05:49 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 23:00 . 2011-05-24 09:00 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 21:54 . 2009-10-19 15:04 88144 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys . . ((((((((((((((((((((((((((((( SnapShot_2012-07-11_20.04.00 ))))))))))))))))))))))))))))))))))))))))) . - 2012-01-15 12:33 . 2011-11-17 05:28 96768 c:\windows\SysWOW64\sspicli.dll + 2012-07-12 21:43 . 2012-06-02 04:34 96768 c:\windows\SysWOW64\sspicli.dll + 2009-07-13 23:43 . 2009-07-14 01:14 77824 c:\windows\SysWOW64\SetIEInstalledDate.exe - 2012-01-15 12:33 . 2011-11-17 05:34 22016 c:\windows\SysWOW64\secur32.dll + 2012-07-12 21:43 . 2012-06-02 04:40 22016 c:\windows\SysWOW64\secur32.dll + 2011-03-19 16:34 . 2010-11-20 12:17 83968 c:\windows\SysWOW64\RegisterIEPKEYs.exe + 2009-07-13 23:42 . 2009-07-14 01:16 46592 c:\windows\SysWOW64\pngfilt.dll + 2009-07-13 23:42 . 2009-07-14 01:06 48128 c:\windows\SysWOW64\mshtmler.dll + 2011-03-19 16:34 . 2010-11-20 12:19 67072 c:\windows\SysWOW64\mshtmled.dll + 2009-07-13 23:42 . 2009-07-14 01:14 47104 c:\windows\SysWOW64\mshta.exe + 2011-03-19 16:34 . 2010-11-20 12:17 12800 c:\windows\SysWOW64\msfeedssync.exe + 2011-03-19 16:34 . 2010-11-20 12:19 64512 c:\windows\SysWOW64\msfeedsbs.dll + 2011-04-13 13:55 . 2011-03-07 05:33 68608 c:\windows\SysWOW64\migration\WininetPlugin.dll + 2011-03-19 16:35 . 2010-11-20 12:19 44544 c:\windows\SysWOW64\licmgr10.dll + 2011-04-13 13:55 . 2011-03-07 05:31 48128 c:\windows\SysWOW64\jsproxy.dll + 2011-03-19 16:34 . 2010-11-20 12:19 96256 c:\windows\SysWOW64\inseng.dll + 2011-03-19 16:34 . 2010-11-20 12:19 34304 c:\windows\SysWOW64\imgutil.dll + 2009-07-13 23:42 . 2009-07-14 01:15 72192 c:\windows\SysWOW64\iesetup.dll + 2009-07-13 23:42 . 2009-07-14 01:15 56320 c:\windows\SysWOW64\iernonce.dll + 2009-07-13 23:42 . 2009-07-14 01:15 61952 c:\windows\SysWOW64\icardie.dll + 2009-07-13 23:43 . 2009-07-14 01:15 18432 c:\windows\SysWOW64\corpol.dll - 2009-07-14 04:54 . 2012-07-11 19:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-12 23:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-12 23:56 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-11 19:06 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-11 19:06 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-07-12 23:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-13 23:42 . 2009-07-14 01:14 73216 c:\windows\SysWOW64\admparse.dll + 2009-11-05 00:35 . 2012-07-12 23:58 84514 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-07-11 18:38 40318 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-12 23:58 40318 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-01-30 13:57 . 2012-07-12 23:58 28008 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761200818-1682720771-1100777243-1001_UserData.bin + 2009-07-13 23:58 . 2009-07-14 01:39 93184 c:\windows\system32\SetIEInstalledDate.exe + 2011-03-19 16:34 . 2010-11-20 13:25 98816 c:\windows\system32\RegisterIEPKEYs.exe + 2009-07-13 23:58 . 2009-07-14 01:41 62976 c:\windows\system32\pngfilt.dll + 2009-07-13 23:58 . 2009-07-14 01:29 48128 c:\windows\system32\mshtmler.dll + 2011-03-19 16:34 . 2010-11-20 13:27 97280 c:\windows\system32\mshtmled.dll + 2009-07-13 23:58 . 2009-07-14 01:39 43520 c:\windows\system32\mshta.exe + 2011-03-19 16:34 . 2010-11-20 13:24 12288 c:\windows\system32\msfeedssync.exe + 2011-03-19 16:34 . 2010-11-20 13:27 82944 c:\windows\system32\msfeedsbs.dll + 2011-04-13 13:55 . 2011-03-07 06:31 95232 c:\windows\system32\migration\WininetPlugin.dll + 2011-03-19 16:35 . 2010-11-20 13:26 57856 c:\windows\system32\licmgr10.dll + 2011-04-13 13:55 . 2011-03-07 06:29 64512 c:\windows\system32\jsproxy.dll + 2009-07-13 23:58 . 2009-07-14 01:41 52736 c:\windows\system32\imgutil.dll + 2009-07-13 23:58 . 2009-07-14 01:41 72704 c:\windows\system32\iernonce.dll + 2009-07-13 23:58 . 2009-07-14 01:39 73728 c:\windows\system32\ie4uinit.exe + 2009-07-13 23:58 . 2009-07-14 01:41 84480 c:\windows\system32\icardie.dll - 2009-07-14 05:30 . 2012-05-01 11:58 86016 c:\windows\system32\DriverStore\infpub.dat + 2009-07-14 05:30 . 2012-07-12 21:32 86016 c:\windows\system32\DriverStore\infpub.dat + 2012-07-12 21:43 . 2012-06-02 05:48 95600 c:\windows\system32\drivers\ksecdd.sys - 2012-01-15 12:33 . 2011-11-17 06:49 95600 c:\windows\system32\drivers\ksecdd.sys + 2009-07-13 23:58 . 2009-07-14 01:40 22016 c:\windows\system32\corpol.dll + 2010-01-31 05:09 . 2012-07-12 23:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-31 05:09 . 2012-07-11 14:57 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-07-12 17:54 . 2012-07-12 23:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-12 23:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-11 14:57 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-13 23:58 . 2009-07-14 01:40 90112 c:\windows\system32\admparse.dll - 2010-01-30 13:22 . 2011-04-22 06:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-01-30 13:22 . 2012-07-12 23:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:46 . 2012-07-12 23:26 93904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2010-01-30 13:22 . 2011-04-22 06:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-01-30 13:22 . 2012-07-12 23:20 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-01-30 13:22 . 2011-04-22 06:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-30 13:22 . 2012-07-12 23:20 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-30 13:22 . 2012-07-12 23:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-30 13:22 . 2012-07-11 18:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-01-30 13:22 . 2011-04-22 11:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-01-30 13:22 . 2012-07-12 23:20 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-02-26 22:45 . 2012-05-10 15:45 23040 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2010-02-26 22:45 . 2012-07-12 22:05 23040 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2010-02-26 22:45 . 2012-05-10 15:45 27136 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2010-02-26 22:45 . 2012-07-12 22:05 27136 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2010-02-26 22:45 . 2012-05-10 15:45 11264 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2010-02-26 22:45 . 2012-07-12 22:05 11264 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2010-02-26 22:45 . 2012-05-10 15:45 12288 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2010-02-26 22:45 . 2012-07-12 22:05 12288 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2010-07-05 14:20 . 2012-05-10 15:58 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2010-07-05 14:20 . 2012-07-12 22:09 35088 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\oisicon.exe + 2010-07-05 14:20 . 2012-07-12 22:09 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe - 2010-07-05 14:20 . 2012-05-10 15:58 18704 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\mspicons.exe + 2010-07-05 14:20 . 2012-07-12 22:09 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe - 2010-07-05 14:20 . 2012-05-10 15:58 20240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\cagicon.exe + 2012-07-12 21:31 . 2012-07-12 21:31 57344 c:\windows\Installer\{028FF35A-9CFD-4653-9E5B-9667BD72D6AF}\texticon.exe + 2012-07-12 21:31 . 2012-07-12 21:31 32768 c:\windows\Installer\{028FF35A-9CFD-4653-9E5B-9667BD72D6AF}\maintenance_icon.exe + 2012-07-12 21:31 . 2012-07-12 21:31 61440 c:\windows\Installer\{028FF35A-9CFD-4653-9E5B-9667BD72D6AF}\helpicon.exe + 2011-03-19 16:34 . 2010-11-20 12:57 69120 c:\windows\diagnostics\system\IESecurity\DiagPackage.dll + 2011-03-19 16:34 . 2010-11-20 12:57 92160 c:\windows\diagnostics\system\IEBrowseWeb\DiagPackage.dll + 2012-07-12 21:43 . 2010-06-26 03:24 2048 c:\windows\SysWOW64\msxml3r.dll - 2009-07-14 00:19 . 2009-07-14 01:07 2048 c:\windows\SysWOW64\msxml3r.dll - 2009-07-14 00:41 . 2009-07-14 01:30 2048 c:\windows\system32\msxml3r.dll + 2012-07-12 21:43 . 2010-06-26 03:55 2048 c:\windows\system32\msxml3r.dll - 2012-07-11 20:03 . 2012-07-11 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-12 23:56 . 2012-07-12 23:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-12 23:56 . 2012-07-12 23:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-07-11 20:03 . 2012-07-11 20:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-02-26 22:45 . 2012-07-12 22:05 4096 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2010-02-26 22:45 . 2012-05-10 15:45 4096 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2011-04-13 13:55 . 2011-03-07 05:33 981504 c:\windows\SysWOW64\wininet.dll + 2009-07-13 23:42 . 2009-07-14 01:14 151552 c:\windows\SysWOW64\wextract.exe + 2011-03-19 16:34 . 2010-11-20 12:21 229376 c:\windows\SysWOW64\webcheck.dll + 2011-04-13 13:55 . 2011-02-18 05:43 428032 c:\windows\SysWOW64\vbscript.dll + 2009-07-13 23:43 . 2009-07-14 01:16 131584 c:\windows\SysWOW64\url.dll + 2012-07-12 21:43 . 2012-06-02 04:40 225280 c:\windows\SysWOW64\schannel.dll + 2011-03-19 16:34 . 2010-11-20 12:20 153088 c:\windows\SysWOW64\occache.dll - 2009-07-13 23:33 . 2009-07-14 01:16 219136 c:\windows\SysWOW64\ncrypt.dll + 2012-07-12 21:43 . 2012-06-02 04:39 219136 c:\windows\SysWOW64\ncrypt.dll + 2011-03-19 16:35 . 2010-11-20 12:19 606208 c:\windows\SysWOW64\mstime.dll + 2011-03-19 16:34 . 2010-11-20 12:19 195072 c:\windows\SysWOW64\msrating.dll + 2009-07-13 23:26 . 2009-07-14 01:15 157184 c:\windows\SysWOW64\msls31.dll + 2011-03-19 16:35 . 2010-11-20 12:19 599552 c:\windows\SysWOW64\msfeeds.dll + 2012-07-12 23:00 . 2012-07-12 23:00 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe + 2012-07-12 22:00 . 2012-07-12 22:00 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.exe + 2012-07-12 22:00 . 2012-07-12 22:00 465096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_ActiveX.dll - 2012-07-04 21:59 . 2012-07-04 22:00 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-07-04 21:59 . 2012-07-12 23:00 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2012-07-12 21:43 . 2012-04-17 04:34 716800 c:\windows\SysWOW64\jscript.dll - 2012-06-14 05:07 . 2012-05-17 22:29 716800 c:\windows\SysWOW64\jscript.dll + 2009-07-13 23:42 . 2009-07-14 01:14 226816 c:\windows\SysWOW64\iexpress.exe + 2011-03-19 16:34 . 2010-11-20 12:17 139264 c:\windows\SysWOW64\ieUnatt.exe + 2011-04-13 13:55 . 2011-03-07 05:31 176640 c:\windows\SysWOW64\ieui.dll - 2012-06-14 05:07 . 2012-05-17 22:20 176640 c:\windows\SysWOW64\ieui.dll + 2011-03-19 16:34 . 2010-11-20 12:19 114688 c:\windows\SysWOW64\iesysprep.dll + 2011-03-19 16:35 . 2010-11-20 12:19 186368 c:\windows\SysWOW64\iepeers.dll + 2011-03-19 16:35 . 2010-11-20 12:19 389120 c:\windows\SysWOW64\iedkcs32.dll + 2009-06-10 21:13 . 2009-07-14 01:15 445952 c:\windows\SysWOW64\ieapfltr.dll + 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll - 2011-04-22 11:55 . 2011-04-22 11:55 163840 c:\windows\SysWOW64\ieakui.dll + 2009-07-13 23:43 . 2009-07-14 01:15 229376 c:\windows\SysWOW64\ieaksie.dll + 2009-07-13 23:43 . 2009-07-14 01:15 126976 c:\windows\SysWOW64\ieakeng.dll + 2011-03-19 16:35 . 2010-11-20 12:17 176128 c:\windows\SysWOW64\ie4uinit.exe + 2009-07-13 23:42 . 2009-07-14 01:15 215552 c:\windows\SysWOW64\dxtrans.dll + 2009-07-13 23:42 . 2009-07-14 01:15 346112 c:\windows\SysWOW64\dxtmsft.dll + 2010-01-30 13:29 . 2012-07-12 21:21 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2010-01-30 13:29 . 2012-07-11 18:34 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-13 23:58 . 2009-07-14 01:39 161792 c:\windows\system32\wextract.exe + 2011-03-19 16:35 . 2010-11-20 13:27 290304 c:\windows\system32\webcheck.dll + 2011-04-13 13:55 . 2011-02-18 10:56 613376 c:\windows\system32\vbscript.dll + 2009-07-13 23:58 . 2009-07-14 01:41 134144 c:\windows\system32\url.dll + 2012-07-12 21:43 . 2012-06-02 05:45 340992 c:\windows\system32\schannel.dll - 2012-01-15 12:33 . 2011-11-17 06:35 340992 c:\windows\system32\schannel.dll + 2009-07-14 02:36 . 2012-07-12 23:25 730574 c:\windows\system32\perfh009.dat + 2010-01-06 20:07 . 2012-07-12 23:25 259298 c:\windows\system32\perfc013.dat + 2009-07-14 02:36 . 2012-07-12 23:25 215962 c:\windows\system32\perfc009.dat + 2009-07-13 23:58 . 2009-07-14 01:41 189952 c:\windows\system32\occache.dll - 2009-07-13 23:49 . 2009-07-14 01:41 307200 c:\windows\system32\ncrypt.dll + 2012-07-12 21:43 . 2012-06-02 05:44 307200 c:\windows\system32\ncrypt.dll + 2009-07-13 23:59 . 2009-07-14 01:41 241152 c:\windows\system32\msrating.dll - 2011-04-22 11:55 . 2011-04-22 11:55 222208 c:\windows\system32\msls31.dll + 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll + 2011-03-19 16:35 . 2010-11-20 13:27 702464 c:\windows\system32\msfeeds.dll + 2012-07-12 23:00 . 2012-07-12 23:00 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_Plugin.exe + 2012-07-12 22:00 . 2012-07-12 22:00 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.exe + 2012-07-12 22:00 . 2012-07-12 22:00 512200 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_265_ActiveX.dll + 2012-07-12 21:43 . 2012-04-17 05:31 918016 c:\windows\system32\jscript.dll + 2011-03-19 16:34 . 2010-11-20 13:26 125440 c:\windows\system32\inseng.dll + 2009-07-13 23:58 . 2009-07-14 01:39 251904 c:\windows\system32\iexpress.exe + 2009-07-13 23:58 . 2009-07-14 01:39 171008 c:\windows\system32\ieUnatt.exe + 2011-04-13 13:55 . 2011-03-07 06:28 247808 c:\windows\system32\ieui.dll + 2009-07-13 23:58 . 2009-07-14 01:41 138240 c:\windows\system32\iesysprep.dll + 2009-07-13 23:58 . 2009-07-14 01:41 100864 c:\windows\system32\iesetup.dll + 2011-03-19 16:35 . 2010-11-20 13:26 252928 c:\windows\system32\iepeers.dll + 2011-03-19 16:35 . 2010-11-20 13:26 445952 c:\windows\system32\iedkcs32.dll + 2009-06-10 20:30 . 2009-07-14 01:41 481792 c:\windows\system32\ieapfltr.dll - 2011-04-22 11:55 . 2011-04-22 11:55 163840 c:\windows\system32\ieakui.dll + 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll - 2011-04-22 11:55 . 2011-04-22 11:55 267776 c:\windows\system32\ieaksie.dll + 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll + 2009-07-13 23:58 . 2009-07-14 01:41 156160 c:\windows\system32\ieakeng.dll - 2009-07-14 04:45 . 2012-06-14 15:30 500528 c:\windows\system32\FNTCACHE.DAT + 2009-07-14 04:45 . 2012-07-12 22:14 500528 c:\windows\system32\FNTCACHE.DAT + 2009-07-13 23:58 . 2009-07-14 01:40 315904 c:\windows\system32\dxtrans.dll + 2009-07-13 23:58 . 2009-07-14 01:40 497152 c:\windows\system32\dxtmsft.dll - 2009-07-14 05:30 . 2012-05-01 11:58 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-07-12 21:32 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-07-12 21:32 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-05-01 11:58 143360 c:\windows\system32\DriverStore\infstor.dat + 2012-07-12 21:43 . 2012-06-02 05:48 151920 c:\windows\system32\drivers\ksecpkg.sys + 2012-07-12 21:43 . 2012-06-02 05:50 458704 c:\windows\system32\drivers\cng.sys + 2010-01-19 17:32 . 2010-01-19 17:32 103944 c:\windows\system32\drivers\BDVEDISK.sys - 2009-07-14 05:12 . 2012-07-04 22:00 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-07-12 22:00 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:01 . 2012-07-11 17:57 444024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-12 23:55 444024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2010-02-26 22:45 . 2012-05-10 15:45 409600 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2010-02-26 22:45 . 2012-07-12 22:05 409600 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2010-02-26 22:45 . 2012-07-12 22:05 286720 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2010-02-26 22:45 . 2012-05-10 15:45 286720 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2010-02-26 22:45 . 2012-07-12 22:05 249856 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2010-02-26 22:45 . 2012-05-10 15:45 249856 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2010-02-26 22:45 . 2012-05-10 15:45 794624 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2010-02-26 22:45 . 2012-07-12 22:05 794624 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2010-02-26 22:45 . 2012-07-12 22:05 135168 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\misc.exe - 2010-02-26 22:45 . 2012-05-10 15:45 135168 c:\windows\Installer\{91120413-6000-11D3-8CFE-0150048383C9}\misc.exe + 2010-07-05 14:20 . 2012-07-12 22:09 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2010-07-05 14:20 . 2012-05-10 15:58 888080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\wordicon.exe - 2010-07-05 14:20 . 2012-05-10 15:58 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe + 2010-07-05 14:20 . 2012-07-12 22:09 922384 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\pptico.exe - 2010-07-05 14:20 . 2012-05-10 15:58 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2010-07-05 14:20 . 2012-07-12 22:09 217864 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\misc.exe + 2010-07-05 14:20 . 2012-07-12 22:09 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe - 2010-07-05 14:20 . 2012-05-10 15:58 184080 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\joticon.exe + 2012-07-12 21:31 . 2012-07-12 21:31 336782 c:\windows\Installer\{028FF35A-9CFD-4653-9E5B-9667BD72D6AF}\register_icon.exe + 2011-04-13 13:55 . 2011-03-07 05:33 1230336 c:\windows\SysWOW64\urlmon.dll - 2011-03-19 16:35 . 2010-11-20 12:19 1390080 c:\windows\SysWOW64\msxml6.dll + 2012-07-12 21:43 . 2012-06-06 05:05 1390080 c:\windows\SysWOW64\msxml6.dll + 2012-07-12 21:43 . 2012-06-06 05:05 1236992 c:\windows\SysWOW64\msxml3.dll - 2011-03-19 16:35 . 2010-11-20 12:19 1236992 c:\windows\SysWOW64\msxml3.dll + 2011-04-13 13:55 . 2011-03-07 05:31 5981696 c:\windows\SysWOW64\mshtml.dll + 2012-07-12 23:00 . 2012-07-12 23:00 9465032 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll + 2012-07-12 23:00 . 2012-07-12 23:00 1536712 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe + 2011-03-19 16:36 . 2010-11-20 12:19 2064384 c:\windows\SysWOW64\iertutil.dll + 2009-06-10 21:13 . 2009-06-10 21:13 3698584 c:\windows\SysWOW64\ieapfltr.dat + 2011-04-13 13:55 . 2011-03-07 06:31 1188864 c:\windows\system32\wininet.dll + 2011-04-13 13:55 . 2011-03-07 06:31 1491456 c:\windows\system32\urlmon.dll + 2010-01-06 20:07 . 2012-07-12 23:25 1085482 c:\windows\system32\perfh013.dat - 2011-03-19 16:36 . 2010-11-20 13:27 2004480 c:\windows\system32\msxml6.dll + 2012-07-12 21:43 . 2012-06-06 06:06 2004480 c:\windows\system32\msxml6.dll + 2012-07-12 21:43 . 2012-06-06 06:06 1881600 c:\windows\system32\msxml3.dll + 2011-03-19 16:36 . 2010-11-20 13:27 1026560 c:\windows\system32\mstime.dll + 2011-04-13 13:55 . 2011-03-07 06:29 8995328 c:\windows\system32\mshtml.dll + 2011-03-19 16:36 . 2010-11-20 13:26 2444288 c:\windows\system32\iertutil.dll + 2009-06-10 20:30 . 2009-06-10 20:30 3698584 c:\windows\system32\ieapfltr.dat + 2009-07-14 04:45 . 2012-07-12 22:18 7163631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-06-22 04:19 7163631 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2010-02-01 00:30 . 2012-07-12 20:53 3981736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-02-01 00:30 . 2012-06-18 23:34 3981736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-10-27 23:22 . 2012-07-11 17:57 7917956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761200818-1682720771-1100777243-1001-8192.dat + 2010-10-27 23:22 . 2012-07-12 23:55 7917956 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761200818-1682720771-1100777243-1001-8192.dat + 2012-05-30 05:19 . 2012-05-30 05:19 1732608 c:\windows\Installer\1bd31e.msp + 2012-06-19 10:54 . 2012-06-19 10:54 2239488 c:\windows\Installer\1bd315.msp + 2012-04-04 20:37 . 2012-04-04 20:37 2540544 c:\windows\Installer\1bd305.msp + 2012-06-29 12:33 . 2012-06-29 12:33 6063616 c:\windows\Installer\1bd2f4.msp + 2010-07-05 14:20 . 2012-07-12 22:09 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe - 2010-07-05 14:20 . 2012-05-10 15:58 1172240 c:\windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe + 2011-07-27 04:09 . 2011-07-27 04:09 5310848 c:\windows\Installer\$PatchCache$\Managed\00002119F20000000000000000F01FEC\12.0.6612\IPEDITOR.DLL + 2012-07-12 21:43 . 2012-06-09 04:41 12873728 c:\windows\SysWOW64\shell32.dll + 2011-04-13 13:55 . 2011-03-07 05:31 10990080 c:\windows\SysWOW64\ieframe.dll + 2009-07-14 02:34 . 2012-07-12 22:13 11272192 c:\windows\system32\SMI\Store\Machine\schema.dat - 2012-02-15 11:50 . 2012-01-04 10:44 14172672 c:\windows\system32\shell32.dll + 2012-07-12 21:43 . 2012-06-09 05:43 14172672 c:\windows\system32\shell32.dll + 2010-01-31 21:14 . 2012-07-12 22:06 59701280 c:\windows\system32\MRT.exe + 2012-07-12 23:00 . 2012-07-12 23:00 12314312 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll + 2011-04-13 13:55 . 2011-03-07 06:28 12260352 c:\windows\system32\ieframe.dll + 2012-07-12 21:18 . 2012-07-12 21:18 106917888 c:\windows\Installer\8abec.msi . -- Snapshot teruggezet naar huidige datum -- . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-05 39408] "Gadwin PrintScreen"="c:\program files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe" [2011-05-03 487424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-09-24 261888] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-25 588648] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-12-10 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-11-01 1094736] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-29 419112] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2010-01-18 181480] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-11-10 417792] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2009-09-12 103768] "YouTubeDownloader_upgrade"="c:\program files (x86)\E-Zsoft\YouTubeDownloader\YouTubeDownloader.exe" [2010-05-20 394240] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-05-23 296056] "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [BU] . c:\users\Tom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-1-20 576000] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] Registration Prince of Persia Warrior Within.LNK - c:\program files (x86)\Ubisoft\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ CodeMeter Control Center.lnk - c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe [2010-6-30 6871440] Online plug-in.lnk - c:\windows\Installer\{B8A2256E-6225-4D9E-B1C9-C26CA1E22FEB}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-3-4 73728] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer] @="Service" . R1 eusk2par;EUTRON SmartKey Parallel Driver;c:\windows\system32\Drivers\eusk2par-amd64.sys [2005-11-21 33792] R2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-07-22 40448] R3 Arrakis3;BitDefender Arrakis-server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 278224] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-07 1436424] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-22 113120] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-11 305448] R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-27 1255736] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2012-07-12 88144] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2012-07-12 89680] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 87600] S1 MIPFSv364;MIPFSv364;c:\windows\system32\drivers\MIPFSv364.sys [2010-09-20 190504] S1 MIPv464;MIPv464;c:\windows\system32\drivers\MIPv464.sys [2010-11-02 66680] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-10 202752] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-01-19 103944] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2010-06-30 2067344] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-09-30 844320] S2 FlexNET SCIA;FlexNET SCIA;c:\program files (x86)\SCIA\FlexNET\lmgrd.exe [2009-11-21 1334096] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-09-24 62720] S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-01-29 163936] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-08-06 320040] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-04 23:00] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 13:34] . 2012-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 13:34] . 2012-07-12 c:\windows\Tasks\SpeedyPC Registration3.job - c:\windows\system32\rundll32.exe [2009-07-13 01:14] . 2012-07-11 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files (x86)\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Tom\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-09-11 05:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-22 323072] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-11 349480] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-29 8312352] "PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-06 200704] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-09-30 823840] "BitDefender Antiphishing Helper 32"="c:\program files\BitDefender\BitDefender 2010\Antispam32\IEShow.exe" [2009-10-19 71152] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 76296] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2012-07-12 1702496] . ------- Bijkomende Scan ------- . uStart Page = hxxp://isearch.avg.com/?cid={A5339C52-B8D5-4733-9207-E6D3F10E42BC}&mid=e6e1564f5e7d47d19de9d16f6b9d3d2c-4940c124ba3ea5841cdecf5f298b20d514eeb295&lang=nl&ds=st011&pr=sa&d=2012-03-07 16:03&v=10.0.0.7&sap=hp uLocal Page = c:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = 127.0.0.1:9421; IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Free YouTube Download - c:\users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm IE: Free YouTube to Mp3 Converter - c:\users\Tom\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\Tom\AppData\Roaming\Mozilla\Firefox\Profiles\sd9czh3v.default\ FF - prefs.js: browser.startup.homepage - hxxp://by159w.bay159.mail.live.com/default.aspx FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&crg=3.1010000.10005&q= . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{1392b8d2-5c05-419f-a8f6-b9f15a596612} - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-761200818-1682720771-1100777243-1001\Software\SecuROM\License information*] "datasecu"=hex:3b,41,47,b2,9f,83,06,cf,e8,31,98,a1,e6,01,ca,a6,24,82,96,6a,e4, 6f,4c,b3,cf,36,ae,5a,36,f0,d1,71,c0,f9,be,d5,59,43,c0,2b,b0,ea,ca,33,81,6e,\ "rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\SCIA\FlexNET\SCIA.exe c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files (x86)\Citrix\ICA Client\ssonsvr.exe . ************************************************************************** . Voltooingstijd: 2012-07-13 02:05:42 - machine werd herstart ComboFix-quarantined-files.txt 2012-07-13 00:05 ComboFix2.txt 2012-05-16 23:45 . Pre-Run: 318.506.266.624 bytes beschikbaar Post-Run: 318.204.723.200 bytes beschikbaar . - - End Of File - - 57A2826460C4018D321B184459EB265E