Vraag & Antwoord

Beveiliging & privacy

Geel icoontje bij internettoegang

Anoniem
None
106 antwoorden
  • Welterusten, ik ga ook zo onder de wol.
  • Goedemorgen, hierbij het logbestand van Combofix:

    ComboFix 13-01-28.03 - Jos H 29-01-2013 6:58.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.1640 [GMT 1:00]
    Gestart vanuit: c:\users\Jos H\Desktop\ComboFix.exe
    AV: G Data InternetSecurity 2013 COMPUTER!TOTAAL Edition *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
    FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
    SP: G Data InternetSecurity 2013 COMPUTER!TOTAAL Edition *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\SysinternalsSuite\adrestore.exe
    c:\users\SysinternalsSuite\Cacheset.exe
    c:\users\SysinternalsSuite\ctrl2cap.exe
    c:\users\SysinternalsSuite\DMON.SYS
    c:\users\SysinternalsSuite\efsdump.exe
    c:\users\SysinternalsSuite\hex2dec.exe
    c:\users\SysinternalsSuite\ldmdump.exe
    c:\users\SysinternalsSuite\LoadOrd.exe
    c:\users\SysinternalsSuite\movefile.exe
    c:\users\SysinternalsSuite\ntfsinfo.exe
    c:\users\SysinternalsSuite\pipelist.exe
    c:\users\SysinternalsSuite\ShareEnum.exe
    c:\users\SysinternalsSuite\Tcpvcon.exe
    c:\users\SysinternalsSuite\Volumeid.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-28 to 2013-01-29 ))))))))))))))))))))))))))))))
    .
    .
    2013-01-29 06:10 . 2013-01-29 06:10 ——– d—–w- c:\users\Default\AppData\Local\temp
    2013-01-29 05:56 . 2013-01-29 05:56 76232 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60EC14E2-7FE6-4478-93ED-C67089AB9B56}\offreg.dll
    2013-01-29 04:25 . 2013-01-08 05:32 9161176 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60EC14E2-7FE6-4478-93ED-C67089AB9B56}\mpengine.dll
    2013-01-28 12:45 . 2013-01-28 12:45 ——– d—–w- c:\program files\DIFX
    2013-01-27 18:00 . 2013-01-27 18:00 ——– d—–w- c:\program files (x86)\Intel
    2013-01-27 18:00 . 2011-02-28 07:09 53248 —-a-w- c:\windows\SysWow64\CSVer.dll
    2013-01-27 18:00 . 2013-01-27 18:00 ——– d—–w- C:\Intel
    2013-01-27 17:47 . 2013-01-27 17:47 ——– d—–w- c:\program files (x86)\SystemRequirementsLab
    2013-01-27 17:47 . 2013-01-27 17:47 ——– d—–w- c:\users\Jos H\AppData\Roaming\SystemRequirementsLab
    2013-01-27 17:42 . 2013-01-27 17:42 859552 —-a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-01-27 17:42 . 2013-01-27 17:42 780192 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2013-01-23 13:00 . 2013-01-23 13:00 ——– d—–w- c:\users\Jos H\AppData\Roaming\ParetoLogic
    2013-01-23 13:00 . 2013-01-23 13:00 ——– d—–w- c:\users\Jos H\AppData\Roaming\DriverCure
    2013-01-23 13:00 . 2013-01-23 13:04 ——– d—–w- c:\programdata\ParetoLogic
    2013-01-22 13:42 . 2013-01-22 13:42 ——– d—–w- C:\ATISupport
    2013-01-09 13:36 . 2013-01-09 13:36 ——– d—–w- c:\windows\SysWow64\Adobe
    2013-01-09 09:21 . 2012-11-01 05:43 2002432 —-a-w- c:\windows\system32\msxml6.dll
    2013-01-09 09:21 . 2012-11-01 05:43 1882624 —-a-w- c:\windows\system32\msxml3.dll
    2013-01-09 09:21 . 2012-11-01 04:47 1389568 —-a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 09:21 . 2012-11-01 04:47 1236992 —-a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 09:21 . 2012-11-09 05:45 750592 —-a-w- c:\windows\system32\win32spl.dll
    2013-01-09 09:21 . 2012-11-09 04:43 492032 —-a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 09:21 . 2012-11-22 05:44 800768 —-a-w- c:\windows\system32\usp10.dll
    2013-01-09 09:21 . 2012-11-22 04:45 626688 —-a-w- c:\windows\SysWow64\usp10.dll
    2013-01-09 09:21 . 2012-11-20 05:48 307200 —-a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 09:21 . 2012-11-20 04:51 220160 —-a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 09:21 . 2012-11-23 03:13 68608 —-a-w- c:\windows\system32\taskhost.exe
    2013-01-09 09:20 . 2012-11-23 03:26 3149824 —-a-w- c:\windows\system32\win32k.sys
    2013-01-07 08:19 . 2013-01-07 08:19 ——– d—–w- c:\users\Jos H\AppData\Local\O&O
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-18 12:25 . 2012-11-19 13:09 74248 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-18 12:25 . 2012-11-19 13:09 697864 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 09:35 . 2012-11-19 09:10 67599240 —-a-w- c:\windows\system32\MRT.exe
    2012-12-29 07:57 . 2012-12-14 09:11 181064 —-a-w- c:\windows\PSEXESVC.EXE
    2012-12-23 05:54 . 2012-12-23 05:54 14794312 —-a-w- c:\program files (x86)\Common Files\lpuninstall.exe
    2012-12-16 17:11 . 2012-12-21 02:00 46080 —-a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 02:00 367616 —-a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 15:49 . 2012-12-03 16:30 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-12 21:37 . 2012-12-12 21:37 4472832 —-a-w- c:\windows\SysWow64\GPhotos.scr
    2012-12-12 09:24 . 2012-11-22 17:41 18960 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-12-06 15:29 . 2012-12-06 15:29 16504 —-a-w- c:\windows\system32\drivers\GdPhyMem.sys
    2012-12-06 15:29 . 2012-12-06 15:29 106648 —-a-w- c:\windows\system32\drivers\GRD.sys
    2012-12-05 13:08 . 2012-12-05 13:08 64376 —-a-w- c:\windows\system32\drivers\HookCentre.sys
    2012-12-05 13:08 . 2012-12-05 13:08 126880 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2012-12-05 13:08 . 2012-12-05 13:08 54176 —-a-w- c:\windows\system32\drivers\GDBehave.sys
    2012-12-05 13:08 . 2012-12-05 13:08 64416 —-a-w- c:\windows\system32\drivers\gdwfpcd64.sys
    2012-12-05 11:51 . 2012-12-05 11:51 60320 —-a-w- c:\windows\system32\drivers\PktIcpt.sys
    2012-11-30 11:07 . 2012-11-30 11:07 10792 —-a-w- c:\windows\SysWow64\GdScrSv.nl.dll
    2012-11-30 04:45 . 2013-01-09 09:22 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2012-11-26 02:25 . 2012-11-26 02:25 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2012-11-26 02:25 . 2012-11-26 02:25 856712 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-11-21 07:30 . 2012-11-21 07:30 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2012-11-21 07:30 . 2012-11-21 07:30 856712 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-11-20 16:28 . 2012-10-02 13:03 167048 —-a-w- c:\users\SysinternalsSuite\psping.exe
    2012-11-20 16:28 . 2012-07-17 22:59 568440 —-a-w- c:\users\SysinternalsSuite\ZoomIt.exe
    2012-11-20 16:28 . 2012-07-17 22:59 294520 —-a-w- c:\users\SysinternalsSuite\ZoomIt64.exe
    2012-11-20 16:28 . 2011-02-14 11:37 729464 —-a-w- c:\users\SysinternalsSuite\Winobj.exe
    2012-11-20 16:28 . 2012-10-17 17:28 144984 —-a-w- c:\users\SysinternalsSuite\whois.exe
    2012-11-20 16:28 . 2012-09-10 08:16 1056392 —-a-w- c:\users\SysinternalsSuite\vmmap.exe
    2012-11-20 16:28 . 2011-07-25 11:40 300832 —-a-w- c:\users\SysinternalsSuite\Tcpview.exe
    2012-11-20 16:28 . 2012-05-09 10:08 136312 —-a-w- c:\users\SysinternalsSuite\strings.exe
    2012-11-20 16:28 . 2006-11-01 13:05 150328 —-a-w- c:\users\SysinternalsSuite\sync.exe
    2012-11-20 16:28 . 2012-10-02 13:03 231048 —-a-w- c:\users\SysinternalsSuite\sigcheck.exe
    2012-11-20 16:28 . 2008-02-27 17:51 103464 —-a-w- c:\users\SysinternalsSuite\ShellRunas.exe
    2012-11-20 16:28 . 2007-04-27 09:17 87424 —-a-w- c:\users\SysinternalsSuite\streams.exe
    2012-11-20 16:28 . 2011-08-31 14:16 155936 —-a-w- c:\users\SysinternalsSuite\sdelete.exe
    2012-11-20 16:28 . 2006-11-01 13:07 334720 —-a-w- c:\users\SysinternalsSuite\RootkitRevealer.exe
    2012-11-20 16:28 . 2006-11-01 13:05 150328 —-a-w- c:\users\SysinternalsSuite\regjump.exe
    2012-11-20 16:28 . 2012-07-11 16:35 581744 —-a-w- c:\users\SysinternalsSuite\RAMMap.exe
    2012-11-20 16:28 . 2006-11-01 13:06 162616 —-a-w- c:\users\SysinternalsSuite\RegDelNull.exe
    2012-11-20 16:28 . 2012-10-17 17:28 171608 —-a-w- c:\users\SysinternalsSuite\pspasswd.exe
    2012-11-20 16:28 . 2010-04-27 10:04 169848 —-a-w- c:\users\SysinternalsSuite\PsService.exe
    2012-11-20 16:28 . 2006-12-04 16:53 207664 —-a-w- c:\users\SysinternalsSuite\psshutdown.exe
    2012-11-20 16:28 . 2006-12-04 16:53 187184 —-a-w- c:\users\SysinternalsSuite\pssuspend.exe
    2012-11-20 16:28 . 2012-06-21 22:34 468592 —-a-w- c:\users\SysinternalsSuite\pskill.exe
    2012-11-20 16:28 . 2012-03-22 14:53 232232 —-a-w- c:\users\SysinternalsSuite\pslist.exe
    2012-11-20 16:28 . 2010-04-27 10:04 178040 —-a-w- c:\users\SysinternalsSuite\psloglist.exe
    2012-11-20 16:28 . 2010-04-27 10:04 183160 —-a-w- c:\users\SysinternalsSuite\PsLoggedon.exe
    2012-11-20 16:28 . 2010-04-27 10:04 333176 —-a-w- c:\users\SysinternalsSuite\PsGetsid.exe
    2012-11-20 16:28 . 2010-04-27 10:04 390520 —-a-w- c:\users\SysinternalsSuite\PsInfo.exe
    2012-11-20 16:28 . 2012-07-11 16:45 2474608 —-a-w- c:\users\SysinternalsSuite\Procmon.exe
    2012-11-20 16:28 . 2010-04-27 10:04 381816 —-a-w- c:\users\SysinternalsSuite\PsExec.exe
    2012-11-20 16:28 . 2006-12-04 16:53 105264 —-a-w- c:\users\SysinternalsSuite\psfile.exe
    2012-11-20 16:28 . 2012-10-02 13:03 2712200 —-a-w- c:\users\SysinternalsSuite\procexp.exe
    2012-11-20 16:28 . 2012-11-14 13:47 462424 —-a-w- c:\users\SysinternalsSuite\procdump.exe
    2012-11-20 16:28 . 2012-01-13 16:35 451392 —-a-w- c:\users\SysinternalsSuite\portmon.exe
    2012-11-20 16:28 . 2006-11-01 13:06 215928 —-a-w- c:\users\SysinternalsSuite\pagedfrg.exe
    2012-11-20 16:28 . 2006-11-01 13:05 150328 —-a-w- c:\users\SysinternalsSuite\pendmoves.exe
    2012-11-20 16:28 . 2010-04-30 10:43 261496 —-a-w- c:\users\SysinternalsSuite\logonsessions.exe
    2012-11-20 16:28 . 2012-10-17 17:28 539736 —-a-w- c:\users\SysinternalsSuite\livekd.exe
    2012-11-20 16:28 . 2011-07-07 12:28 520496 —-a-w- c:\users\SysinternalsSuite\Listdlls.exe
    2012-11-20 16:28 . 2010-09-07 14:39 150392 —-a-w- c:\users\SysinternalsSuite\junction.exe
    2012-11-20 16:28 . 2012-07-11 16:41 462456 —-a-w- c:\users\SysinternalsSuite\handle.exe
    2012-11-20 16:28 . 2011-07-07 12:28 103216 —-a-w- c:\users\SysinternalsSuite\FindLinks.exe
    2012-11-20 16:28 . 2011-12-02 12:15 222520 —-a-w- c:\users\SysinternalsSuite\du.exe
    2012-11-20 16:28 . 2010-03-24 13:00 580984 —-a-w- c:\users\SysinternalsSuite\DiskView.exe
    2012-11-20 16:28 . 2010-10-12 11:56 1766264 —-a-w- c:\users\SysinternalsSuite\disk2vhd.exe
    2012-11-20 16:28 . 2007-05-14 07:42 87424 —-a-w- c:\users\SysinternalsSuite\diskext.exe
    2012-11-20 16:28 . 2006-11-01 13:06 224056 —-a-w- c:\users\SysinternalsSuite\Diskmon.exe
    2012-11-20 16:28 . 2012-10-17 17:28 116824 —-a-w- c:\users\SysinternalsSuite\Desktops.exe
    2012-11-20 16:28 . 2012-10-02 13:03 468104 —-a-w- c:\users\SysinternalsSuite\Dbgview.exe
    2012-11-20 16:28 . 1999-11-21 18:46 2832 —-a-w- c:\users\SysinternalsSuite\ctrl2cap.nt5.sys
    2012-11-20 16:28 . 2012-11-14 09:22 1479256 —-a-w- c:\users\SysinternalsSuite\Coreinfo.exe
    2012-11-20 16:28 . 2006-09-27 17:04 10104 —-a-w- c:\users\SysinternalsSuite\ctrl2cap.amd.sys
    2012-11-20 16:28 . 1999-11-21 17:20 2864 —-a-w- c:\users\SysinternalsSuite\ctrl2cap.nt4.sys
    2012-11-20 16:28 . 2012-11-14 09:22 207960 —-a-w- c:\users\SysinternalsSuite\Contig.exe
    2012-11-20 16:28 . 2009-06-03 21:36 151936 —-a-w- c:\users\SysinternalsSuite\Clockres.exe
    2012-11-20 16:28 . 2012-09-10 08:16 567944 —-a-w- c:\users\SysinternalsSuite\autorunsc.exe
    2012-11-20 16:28 . 2009-09-30 00:31 844648 —-a-w- c:\users\SysinternalsSuite\Bginfo.exe
    2012-11-20 16:28 . 2012-09-10 08:16 649864 —-a-w- c:\users\SysinternalsSuite\autoruns.exe
    2012-11-20 16:28 . 2011-02-22 14:18 148856 —-a-w- c:\users\SysinternalsSuite\Autologon.exe
    2012-11-20 16:28 . 2007-11-20 12:25 1049640 —-a-w- c:\users\SysinternalsSuite\ADInsight.exe
    2012-11-20 16:28 . 2012-11-14 09:22 479832 —-a-w- c:\users\SysinternalsSuite\ADExplorer.exe
    2012-11-20 16:28 . 2006-11-01 13:06 174968 —-a-w- c:\users\SysinternalsSuite\AccessEnum.exe
    2012-11-20 16:28 . 2012-08-01 12:27 331888 —-a-w- c:\users\SysinternalsSuite\accesschk.exe
    2012-11-19 16:24 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2012-11-19 16:24 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2012-11-19 11:24 . 2012-11-19 11:27 594472 —-a-w- c:\windows\system32\drivers\btwampfl.sys
    2012-11-19 11:24 . 2012-11-19 11:25 39976 —-a-w- c:\windows\system32\drivers\btwl2cap.sys
    2012-11-19 11:24 . 2012-11-19 11:25 21544 —-a-w- c:\windows\system32\drivers\btwrchid.sys
    2012-11-19 11:24 . 2012-11-19 11:25 210984 —-a-w- c:\windows\system32\drivers\btwavdt.sys
    2012-11-19 11:24 . 2012-11-19 11:25 184872 —-a-w- c:\windows\system32\drivers\btwaudio.sys
    2012-11-19 09:18 . 2012-11-19 09:18 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2012-11-19 09:18 . 2012-11-19 09:18 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-11-19 09:18 . 2012-11-19 09:18 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-11-19 09:18 . 2012-11-19 09:18 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2012-11-19 09:18 . 2012-11-19 09:18 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2012-11-19 09:18 . 2012-11-19 09:18 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
    "GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
    Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-23 14794312]
    Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-23 14794312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EtmTempSense;EtmTempSense;c:\windows\system32\DRIVERS\EtmTempSense.sys [2007-12-11 21504]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-01-23 132608]
    R3 netw5v64;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NETwLx64; Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 64 Bit;c:\windows\system32\DRIVERS\NETwLx64.sys [2010-08-16 7442432]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-19 1255736]
    S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-12-05 54176]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
    S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-12-05 126880]
    S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-12-05 64416]
    S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-12-06 106648]
    S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-12-05 64376]
    S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
    S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
    S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
    S2 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
    S2 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-08-30 1109296]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-11-19 594472]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-11-19 39976]
    S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-12-05 60320]
    S3 NETwLv64; Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2010-10-07 7533568]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-10-06 766096]
    S3 TridVidx64;Trident TVMaster TM6000 Analog plus Digital Video Service x64;c:\windows\system32\DRIVERS\TridVidx64.sys [2007-07-31 207488]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-19 12:25]
    .
    .
    ——— X64 Entries ———–
    .
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: LastPass - file://c:\users\Jos H\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Invulformulieren - file://c:\users\Jos H\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    TCP: DhcpNameServer = 213.197.28.3 213.197.30.28
    FF - ProfilePath - c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl
    FF - ExtSQL: 2012-12-05 12:51; {906305f7-aafc-45e9-8bbd-941950a84dad}; c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
    FF - ExtSQL: 2012-12-15 05:46; smarterwiki@wikiatic.com; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\smarterwiki@wikiatic.com.xpi
    FF - ExtSQL: 2012-12-16 10:51; 2020Player_IKEA@2020Technologies.com; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\2020Player_IKEA@2020Technologies.com
    FF - ExtSQL: 2012-12-23 06:54; support@lastpass.com; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\support@lastpass.com
    FF - ExtSQL: 2012-12-23 16:53; https-everywhere@eff.org; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\https-everywhere@eff.org
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-{C5089197-5B15-44AD-B0FC-2E94EE9ECB63} - c:\programdata\{4E78170A-6049-4586-A083-3AECE1A687E4}\wsc_x1.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-01-29 07:14:48
    ComboFix-quarantined-files.txt 2013-01-29 06:14
    .
    Pre-Run: 60.966.817.792 bytes beschikbaar
    Post-Run: 60.582.305.792 bytes beschikbaar
    .
    - - End Of File - - F1F2A1248BAC06CD7D7CEEFF41A338D4
  • Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:896a2437c4]Kladblok (of Notepad)[/b:896a2437c4]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:896a2437c4]
  • Hierbij het 2e Combofix log; Starttijd: 08:17 uur Eindtijd: 09:26 uur

    ComboFix 13-01-28.03 - Jos H 29-01-2013 8:17.2.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3070.2002 [GMT 1:00]
    Gestart vanuit: c:\users\Jos H\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Jos H\Desktop\CFScript.exe
    AV: G Data InternetSecurity 2013 COMPUTER!TOTAAL Edition *Disabled/Updated* {39B780B4-63C2-05B0-3B40-8F7A21E4F496}
    FW: G Data Personal Firewall *Disabled* {018C0191-29AD-04E8-101F-264FDF37B3ED}
    SP: G Data InternetSecurity 2013 COMPUTER!TOTAAL Edition *Disabled/Updated* {82D66150-45F8-0A3E-01F0-B4085A63BE2B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\autorun.inf
    c:\programdata\ParetoLogic
    C:\setdd.pif
    c:\users\Jos H\AppData\Roaming\DriverCure
    c:\users\Jos H\AppData\Roaming\DriverCure\LogFile.txt
    c:\users\Jos H\AppData\Roaming\ParetoLogic
    c:\users\Jos H\AppData\Roaming\ParetoLogic\PC Health Advisor\Client.txt
    c:\users\Jos H\AppData\Roaming\ParetoLogic\PC Health Advisor\Server.txt
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-12-28 to 2013-01-29 ))))))))))))))))))))))))))))))
    .
    .
    2013-01-29 08:18 . 2013-01-29 08:18 ——– d—–w- c:\users\Default\AppData\Local\temp
    2013-01-29 04:25 . 2013-01-08 05:32 9161176 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60EC14E2-7FE6-4478-93ED-C67089AB9B56}\mpengine.dll
    2013-01-28 12:45 . 2013-01-28 12:45 ——– d—–w- c:\program files\DIFX
    2013-01-27 18:00 . 2013-01-27 18:00 ——– d—–w- c:\program files (x86)\Intel
    2013-01-27 18:00 . 2011-02-28 07:09 53248 —-a-w- c:\windows\SysWow64\CSVer.dll
    2013-01-27 18:00 . 2013-01-27 18:00 ——– d—–w- C:\Intel
    2013-01-27 17:47 . 2013-01-27 17:47 ——– d—–w- c:\program files (x86)\SystemRequirementsLab
    2013-01-27 17:47 . 2013-01-27 17:47 ——– d—–w- c:\users\Jos H\AppData\Roaming\SystemRequirementsLab
    2013-01-27 17:42 . 2013-01-27 17:42 859552 —-a-w- c:\windows\SysWow64\npDeployJava1.dll
    2013-01-27 17:42 . 2013-01-27 17:42 780192 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2013-01-22 13:42 . 2013-01-22 13:42 ——– d—–w- C:\ATISupport
    2013-01-09 13:36 . 2013-01-09 13:36 ——– d—–w- c:\windows\SysWow64\Adobe
    2013-01-09 09:21 . 2012-11-01 05:43 2002432 —-a-w- c:\windows\system32\msxml6.dll
    2013-01-09 09:21 . 2012-11-01 05:43 1882624 —-a-w- c:\windows\system32\msxml3.dll
    2013-01-09 09:21 . 2012-11-01 04:47 1389568 —-a-w- c:\windows\SysWow64\msxml6.dll
    2013-01-09 09:21 . 2012-11-01 04:47 1236992 —-a-w- c:\windows\SysWow64\msxml3.dll
    2013-01-09 09:21 . 2012-11-09 05:45 750592 —-a-w- c:\windows\system32\win32spl.dll
    2013-01-09 09:21 . 2012-11-09 04:43 492032 —-a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 09:21 . 2012-11-22 05:44 800768 —-a-w- c:\windows\system32\usp10.dll
    2013-01-09 09:21 . 2012-11-22 04:45 626688 —-a-w- c:\windows\SysWow64\usp10.dll
    2013-01-09 09:21 . 2012-11-20 05:48 307200 —-a-w- c:\windows\system32\ncrypt.dll
    2013-01-09 09:21 . 2012-11-20 04:51 220160 —-a-w- c:\windows\SysWow64\ncrypt.dll
    2013-01-09 09:21 . 2012-11-23 03:13 68608 —-a-w- c:\windows\system32\taskhost.exe
    2013-01-09 09:20 . 2012-11-23 03:26 3149824 —-a-w- c:\windows\system32\win32k.sys
    2013-01-07 08:19 . 2013-01-07 08:19 ——– d—–w- c:\users\Jos H\AppData\Local\O&O
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-18 12:25 . 2012-11-19 13:09 74248 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-18 12:25 . 2012-11-19 13:09 697864 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 09:35 . 2012-11-19 09:10 67599240 —-a-w- c:\windows\system32\MRT.exe
    2012-12-29 07:57 . 2012-12-14 09:11 181064 —-a-w- c:\windows\PSEXESVC.EXE
    2012-12-23 05:54 . 2012-12-23 05:54 14794312 —-a-w- c:\program files (x86)\Common Files\lpuninstall.exe
    2012-12-16 17:11 . 2012-12-21 02:00 46080 —-a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:45 . 2012-12-21 02:00 367616 —-a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:13 . 2012-12-21 02:00 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 15:49 . 2012-12-03 16:30 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-12-12 21:37 . 2012-12-12 21:37 4472832 —-a-w- c:\windows\SysWow64\GPhotos.scr
    2012-12-12 09:24 . 2012-11-22 17:41 18960 —-a-w- c:\windows\system32\drivers\LNonPnP.sys
    2012-12-06 15:29 . 2012-12-06 15:29 16504 —-a-w- c:\windows\system32\drivers\GdPhyMem.sys
    2012-12-06 15:29 . 2012-12-06 15:29 106648 —-a-w- c:\windows\system32\drivers\GRD.sys
    2012-12-05 13:08 . 2012-12-05 13:08 64376 —-a-w- c:\windows\system32\drivers\HookCentre.sys
    2012-12-05 13:08 . 2012-12-05 13:08 126880 —-a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2012-12-05 13:08 . 2012-12-05 13:08 54176 —-a-w- c:\windows\system32\drivers\GDBehave.sys
    2012-12-05 13:08 . 2012-12-05 13:08 64416 —-a-w- c:\windows\system32\drivers\gdwfpcd64.sys
    2012-12-05 11:51 . 2012-12-05 11:51 60320 —-a-w- c:\windows\system32\drivers\PktIcpt.sys
    2012-11-30 11:07 . 2012-11-30 11:07 10792 —-a-w- c:\windows\SysWow64\GdScrSv.nl.dll
    2012-11-30 04:45 . 2013-01-09 09:22 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2012-11-26 02:25 . 2012-11-26 02:25 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
    2012-11-26 02:25 . 2012-11-26 02:25 856712 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-11-21 07:30 . 2012-11-21 07:30 48648 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
    2012-11-21 07:30 . 2012-11-21 07:30 856712 —-a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-11-20 16:28 . 2012-10-02 13:03 167048 —-a-w- c:\users\SysinternalsSuite\psping.exe
    2012-11-20 16:28 . 2012-07-17 22:59 568440 —-a-w- c:\users\SysinternalsSuite\ZoomIt.exe
    2012-11-20 16:28 . 2012-07-17 22:59 294520 —-a-w- c:\users\SysinternalsSuite\ZoomIt64.exe
    2012-11-20 16:28 . 2011-02-14 11:37 729464 —-a-w- c:\users\SysinternalsSuite\Winobj.exe
    2012-11-20 16:28 . 2012-10-17 17:28 144984 —-a-w- c:\users\SysinternalsSuite\whois.exe
    2012-11-20 16:28 . 2012-09-10 08:16 1056392 —-a-w- c:\users\SysinternalsSuite\vmmap.exe
    2012-11-20 16:28 . 2011-07-25 11:40 300832 —-a-w- c:\users\SysinternalsSuite\Tcpview.exe
    2012-11-20 16:28 . 2012-05-09 10:08 136312 —-a-w- c:\users\SysinternalsSuite\strings.exe
    2012-11-20 16:28 . 2006-11-01 13:05 150328 —-a-w- c:\users\SysinternalsSuite\sync.exe
    2012-11-20 16:28 . 2012-10-02 13:03 231048 —-a-w- c:\users\SysinternalsSuite\sigcheck.exe
    2012-11-20 16:28 . 2008-02-27 17:51 103464 —-a-w- c:\users\SysinternalsSuite\ShellRunas.exe
    2012-11-20 16:28 . 2007-04-27 09:17 87424 —-a-w- c:\users\SysinternalsSuite\streams.exe
    2012-11-20 16:28 . 2011-08-31 14:16 155936 —-a-w- c:\users\SysinternalsSuite\sdelete.exe
    2012-11-20 16:28 . 2006-11-01 13:07 334720 —-a-w- c:\users\SysinternalsSuite\RootkitRevealer.exe
    2012-11-20 16:28 . 2006-11-01 13:05 150328 —-a-w- c:\users\SysinternalsSuite\regjump.exe
    2012-11-20 16:28 . 2012-07-11 16:35 581744 —-a-w- c:\users\SysinternalsSuite\RAMMap.exe
    2012-11-20 16:28 . 2006-11-01 13:06 162616 —-a-w- c:\users\SysinternalsSuite\RegDelNull.exe
    2012-11-20 16:28 . 2012-10-17 17:28 171608 —-a-w- c:\users\SysinternalsSuite\pspasswd.exe
    2012-11-20 16:28 . 2010-04-27 10:04 169848 —-a-w- c:\users\SysinternalsSuite\PsService.exe
    2012-11-20 16:28 . 2006-12-04 16:53 207664 —-a-w- c:\users\SysinternalsSuite\psshutdown.exe
    2012-11-20 16:28 . 2006-12-04 16:53 187184 —-a-w- c:\users\SysinternalsSuite\pssuspend.exe
    2012-11-20 16:28 . 2012-06-21 22:34 468592 —-a-w- c:\users\SysinternalsSuite\pskill.exe
    2012-11-20 16:28 . 2012-03-22 14:53 232232 —-a-w- c:\users\SysinternalsSuite\pslist.exe
    2012-11-20 16:28 . 2010-04-27 10:04 178040 —-a-w- c:\users\SysinternalsSuite\psloglist.exe
    2012-11-20 16:28 . 2010-04-27 10:04 183160 —-a-w- c:\users\SysinternalsSuite\PsLoggedon.exe
    2012-11-20 16:28 . 2010-04-27 10:04 333176 —-a-w- c:\users\SysinternalsSuite\PsGetsid.exe
    2012-11-20 16:28 . 2010-04-27 10:04 390520 —-a-w- c:\users\SysinternalsSuite\PsInfo.exe
    2012-11-20 16:28 . 2012-07-11 16:45 2474608 —-a-w- c:\users\SysinternalsSuite\Procmon.exe
    2012-11-20 16:28 . 2010-04-27 10:04 381816 —-a-w- c:\users\SysinternalsSuite\PsExec.exe
    2012-11-20 16:28 . 2006-12-04 16:53 105264 —-a-w- c:\users\SysinternalsSuite\psfile.exe
    2012-11-20 16:28 . 2012-10-02 13:03 2712200 —-a-w- c:\users\SysinternalsSuite\procexp.exe
    2012-11-20 16:28 . 2012-11-14 13:47 462424 —-a-w- c:\users\SysinternalsSuite\procdump.exe
    2012-11-20 16:28 . 2012-01-13 16:35 451392 —-a-w- c:\users\SysinternalsSuite\portmon.exe
    2012-11-20 16:28 . 2006-11-01 13:06 215928 —-a-w- c:\users\SysinternalsSuite\pagedfrg.exe
    2012-11-20 16:28 . 2006-11-01 13:05 150328 —-a-w- c:\users\SysinternalsSuite\pendmoves.exe
    2012-11-20 16:28 . 2010-04-30 10:43 261496 —-a-w- c:\users\SysinternalsSuite\logonsessions.exe
    2012-11-20 16:28 . 2012-10-17 17:28 539736 —-a-w- c:\users\SysinternalsSuite\livekd.exe
    2012-11-20 16:28 . 2011-07-07 12:28 520496 —-a-w- c:\users\SysinternalsSuite\Listdlls.exe
    2012-11-20 16:28 . 2010-09-07 14:39 150392 —-a-w- c:\users\SysinternalsSuite\junction.exe
    2012-11-20 16:28 . 2012-07-11 16:41 462456 —-a-w- c:\users\SysinternalsSuite\handle.exe
    2012-11-20 16:28 . 2011-07-07 12:28 103216 —-a-w- c:\users\SysinternalsSuite\FindLinks.exe
    2012-11-20 16:28 . 2011-12-02 12:15 222520 —-a-w- c:\users\SysinternalsSuite\du.exe
    2012-11-20 16:28 . 2010-03-24 13:00 580984 —-a-w- c:\users\SysinternalsSuite\DiskView.exe
    2012-11-20 16:28 . 2010-10-12 11:56 1766264 —-a-w- c:\users\SysinternalsSuite\disk2vhd.exe
    2012-11-20 16:28 . 2007-05-14 07:42 87424 —-a-w- c:\users\SysinternalsSuite\diskext.exe
    2012-11-20 16:28 . 2006-11-01 13:06 224056 —-a-w- c:\users\SysinternalsSuite\Diskmon.exe
    2012-11-20 16:28 . 2012-10-17 17:28 116824 —-a-w- c:\users\SysinternalsSuite\Desktops.exe
    2012-11-20 16:28 . 2012-10-02 13:03 468104 —-a-w- c:\users\SysinternalsSuite\Dbgview.exe
    2012-11-20 16:28 . 1999-11-21 18:46 2832 —-a-w- c:\users\SysinternalsSuite\ctrl2cap.nt5.sys
    2012-11-20 16:28 . 2012-11-14 09:22 1479256 —-a-w- c:\users\SysinternalsSuite\Coreinfo.exe
    2012-11-20 16:28 . 2006-09-27 17:04 10104 —-a-w- c:\users\SysinternalsSuite\ctrl2cap.amd.sys
    2012-11-20 16:28 . 1999-11-21 17:20 2864 —-a-w- c:\users\SysinternalsSuite\ctrl2cap.nt4.sys
    2012-11-20 16:28 . 2012-11-14 09:22 207960 —-a-w- c:\users\SysinternalsSuite\Contig.exe
    2012-11-20 16:28 . 2009-06-03 21:36 151936 —-a-w- c:\users\SysinternalsSuite\Clockres.exe
    2012-11-20 16:28 . 2012-09-10 08:16 567944 —-a-w- c:\users\SysinternalsSuite\autorunsc.exe
    2012-11-20 16:28 . 2009-09-30 00:31 844648 —-a-w- c:\users\SysinternalsSuite\Bginfo.exe
    2012-11-20 16:28 . 2012-09-10 08:16 649864 —-a-w- c:\users\SysinternalsSuite\autoruns.exe
    2012-11-20 16:28 . 2011-02-22 14:18 148856 —-a-w- c:\users\SysinternalsSuite\Autologon.exe
    2012-11-20 16:28 . 2007-11-20 12:25 1049640 —-a-w- c:\users\SysinternalsSuite\ADInsight.exe
    2012-11-20 16:28 . 2012-11-14 09:22 479832 —-a-w- c:\users\SysinternalsSuite\ADExplorer.exe
    2012-11-20 16:28 . 2006-11-01 13:06 174968 —-a-w- c:\users\SysinternalsSuite\AccessEnum.exe
    2012-11-20 16:28 . 2012-08-01 12:27 331888 —-a-w- c:\users\SysinternalsSuite\accesschk.exe
    2012-11-19 16:24 . 2009-07-14 02:36 175616 —-a-w- c:\windows\system32\msclmd.dll
    2012-11-19 16:24 . 2009-07-14 02:36 152576 —-a-w- c:\windows\SysWow64\msclmd.dll
    2012-11-19 11:24 . 2012-11-19 11:27 594472 —-a-w- c:\windows\system32\drivers\btwampfl.sys
    2012-11-19 11:24 . 2012-11-19 11:25 39976 —-a-w- c:\windows\system32\drivers\btwl2cap.sys
    2012-11-19 11:24 . 2012-11-19 11:25 21544 —-a-w- c:\windows\system32\drivers\btwrchid.sys
    2012-11-19 11:24 . 2012-11-19 11:25 210984 —-a-w- c:\windows\system32\drivers\btwavdt.sys
    2012-11-19 11:24 . 2012-11-19 11:25 184872 —-a-w- c:\windows\system32\drivers\btwaudio.sys
    2012-11-19 09:18 . 2012-11-19 09:18 86528 —-a-w- c:\windows\SysWow64\iesysprep.dll
    2012-11-19 09:18 . 2012-11-19 09:18 76800 —-a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2012-11-19 09:18 . 2012-11-19 09:18 74752 —-a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2012-11-19 09:18 . 2012-11-19 09:18 48640 —-a-w- c:\windows\SysWow64\mshtmler.dll
    2012-11-19 09:18 . 2012-11-19 09:18 161792 —-a-w- c:\windows\SysWow64\msls31.dll
    2012-11-19 09:18 . 2012-11-19 09:18 110592 —-a-w- c:\windows\SysWow64\IEAdvpack.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "G Data AntiVirus Tray Application"="c:\program files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe" [2012-09-17 995352]
    "GDFirewallTray"="c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe" [2012-01-27 1470968]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2012-4-1 1390368]
    Install LastPass FF RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-23 14794312]
    Install LastPass IE RunOnce.lnk - c:\program files (x86)\Common Files\lpuninstall.exe [2012-12-23 14794312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 EtmTempSense;EtmTempSense;c:\windows\system32\DRIVERS\EtmTempSense.sys [2007-12-11 21504]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-01-23 132608]
    R3 netw5v64;Stuurprogramma voor Intel(R) Wireless WiFi Link 5000 Series-adapter voor 64-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
    R3 NETwLx64; Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows XP 64 Bit;c:\windows\system32\DRIVERS\NETwLx64.sys [2010-08-16 7442432]
    R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
    R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-09-24 1328736]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-11-19 1255736]
    S0 GDBehave;GDBehave;c:\windows\system32\drivers\GDBehave.sys [2012-12-05 54176]
    S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\DRIVERS\MxEFUF64.sys [2011-10-20 157696]
    S1 GDMnIcpt;GDMnIcpt;c:\windows\system32\drivers\MiniIcpt.sys [2012-12-05 126880]
    S1 gdwfpcd;G Data WFP CD;c:\windows\system32\drivers\gdwfpcd64.sys [2012-12-05 64416]
    S1 GRD;G Data Rootkit Detector Driver;c:\windows\system32\drivers\GRD.sys [2012-12-06 106648]
    S1 HookCentre;HookCentre;c:\windows\system32\drivers\HookCentre.sys [2012-12-05 64376]
    S2 AVKProxy;G Data AntiVirus Proxy;c:\program files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2012-08-23 1542680]
    S2 AVKService;G Data Scheduler;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [2012-01-27 468472]
    S2 AVKWCtl;G Data Bestandssysteembewaker;c:\program files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe [2012-08-30 2011568]
    S2 GDFwSvc;G Data Personal Firewall;c:\program files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2012-06-04 1766464]
    S2 GDScan;G Data Scanner;c:\program files (x86)\Common Files\G Data\GDScan\GDScan.exe [2012-03-29 470008]
    S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-09-24 656480]
    S3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\DRIVERS\ATSwpWDF.sys [2012-08-30 1109296]
    S3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2012-11-19 594472]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2012-11-19 39976]
    S3 GDPkIcpt;GDPkIcpt;c:\windows\system32\drivers\PktIcpt.sys [2012-12-05 60320]
    S3 NETwLv64; Intel(R) Wireless WiFi Link 5000 Series adapter stuurprogramma onder Windows Vista 64 Bit;c:\windows\system32\DRIVERS\NETwLv64.sys [2010-10-07 7533568]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-10-06 766096]
    S3 TridVidx64;Trident TVMaster TM6000 Analog plus Digital Video Service x64;c:\windows\system32\DRIVERS\TridVidx64.sys [2007-07-31 207488]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-19 12:25]
    .
    .
    ——— X64 Entries ———–
    .
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Verzenden naar OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: LastPass - file://c:\users\Jos H\AppData\LocalLow\LastPass\context.html?cmd=lastpass
    IE: LastPass Invulformulieren - file://c:\users\Jos H\AppData\LocalLow\LastPass\context.html?cmd=fillforms
    TCP: DhcpNameServer = 213.197.28.3 213.197.30.28
    FF - ProfilePath - c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig?hl=nl
    FF - ExtSQL: 2012-12-05 12:51; {906305f7-aafc-45e9-8bbd-941950a84dad}; c:\program files (x86)\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}
    FF - ExtSQL: 2012-12-15 05:46; smarterwiki@wikiatic.com; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\smarterwiki@wikiatic.com.xpi
    FF - ExtSQL: 2012-12-16 10:51; 2020Player_IKEA@2020Technologies.com; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\2020Player_IKEA@2020Technologies.com
    FF - ExtSQL: 2012-12-23 06:54; support@lastpass.com; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\support@lastpass.com
    FF - ExtSQL: 2012-12-23 16:53; https-everywhere@eff.org; c:\users\Jos H\AppData\Roaming\Mozilla\Firefox\Profiles\vx95oueb.default\extensions\https-everywhere@eff.org
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    AddRemove-{C5089197-5B15-44AD-B0FC-2E94EE9ECB63} - c:\programdata\{4E78170A-6049-4586-A083-3AECE1A687E4}\wsc_x1.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-01-29 09:26:26 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-01-29 08:26
    ComboFix2.txt 2013-01-29 06:14
    .
    Pre-Run: 60.763.680.768 bytes beschikbaar
    Post-Run: 60.689.498.112 bytes beschikbaar
    .
    - - End Of File - - 5BC6D0ACF79EC8D67C5CC42C91B9D3E9
  • Na het opstarten van de Taakplanner was alles leeg en kon ik Taakplanner niet meer afsluiten ook niet met Taakbeheer.
    Gisteren kreeg ik in Taakplanner nog foutmeldingen maar nu dus helemaal niets meer.
    Computer opnieuw opgestart en alles werkt weer (behalve de Taakplanner).
    Zonnetje is er ook nog (maar dit is volgens mij niet zo belangrijk).
  • Heb jij een USB-stick aangesloten gehad?

    [b:69d95b17f7]Welk programma[/b:69d95b17f7]:
  • I.v.m. defecte DVD-drive Windows via (nieuwe) USB-stick geinstalleerd (november 2012).
    Tevens kwam ik er achter dat Windows Firewall en Defender ingeschakeld waren; deze nu uitgeschakeld (i.v.m. G Data beveiliging ).
    Ook was de UAC uitgeschakeld; deze dus weer ingeschakeld.
    Hieronder het logbestand van de emergency kit:

    Emsisoft Emergency Kit - Versie 3.0
    Laatste Update: 29-1-2013 12:38:01

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\

    Detecteer riskware: Uit
    Scan archieven: Aan
    ADS Scan: Aan
    Bestandsextensiefilter: Uit
    Geavanceerde cache: Aan
    Directe schijftoegang: Uit

    Scan gestart: 29-1-2013 12:40:03

    C:\Users\Jos H\Desktop\ComboFix.exe -> (NSIS o) -> lzma_solid_nsis0200 Ontdekt: Win32.Sality.3 (B)

    Gescand 407028
    Gevonden 1

    Scan geëindigd: 29-1-2013 13:28:57
    Scantijd: 0:48:54

    C:\Users\Jos H\Desktop\ComboFix.exe -> (NSIS o) -> lzma_solid_nsis0200 Verwijderd Win32.Sality.3 (B)

    Verwijderd 1
  • En hoe staat het nu met de twee gemelde problemen?
  • Taakplanner is weer toegankelijk (met foutmeldingen) maar de schema's zijn weg.
    Betrouwbaarheidscontrole werkt ook niet (relatie met Taakplanner).
    Kan ik met de Win-DVD een herstel reparatie uitvoeren?
    http://www.sevenforums.com/tutorials/3413-repair-install.html
    Ik heb m.i. de meeste oplossingen voor het herstellen van de Taakplanner al uitgevoerd.
    En ja, het zonnetje is er nog maar is voor mij niet belangrijk als het geen storende invloed heeft op de werking van Windows.
  • Dat mag je van mij proberen hoor.
    Hou er wel rekening mee, dat dit een klein uurtje duurt!
  • Ik heb de handleiding van de herstel reparatie eens goed doorgelezen en besloten om dit niet te doen (teveel risico's voor mij).
    Op dit moment werkt de laptop goed en ben ik Taakbeheer niet nodig.
    Belangrijk voor mij is dat er geen malware, virussen o.i.d. in het systeem zitten en dat is nu goed gecontroleerd.

    @ Abraham54:

    Wederom heel erg bedankt voor je support!!!!!!
  • In verband met de nieuwste ontwikkelingen omtrent ComboFix wil ik graag dat jij het volgende nu doet:

  • Ik ga er morgen mee aan de slag; vanavond geen tijd.
    Wat bedoel je met de nieuwste ontwikkelingen rondom Combofix?
  • ComboFix bleek geïnfekteerd te zijn met Sality - zie ook het resultaat van de voorgaande scan!
    Daarom is het uitermate belangrijk dat jouw Windows dus goed nagekeken gaat worden!
  • Otl.exe uitgevoerd en goed gelukt; na opnieuw opstarten Eset Online scanner
    opgehaald.

    Als Eset de virus database wil ophalen krijg ik de volgende melding in het rood:

    Can not get update. Is proxy configured?

    Ik kreeg ook geen melding van de Active X control.

    Wat te doen?
  • Probeer het in Veilige modus met netwerkmogelijkheid.
  • Onderstaand het logbestand van de ESET Online Scanner in Veilige Modus:

    ESETSmartInstaller@High as downloader log:
    all ok
    # version=8
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6889
    # api_version=3.0.2
    # EOSSerial=d7be580abbfdb743ba9553887de1e201
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2013-01-30 08:20:58
    # local_time=2013-01-30 09:20:58 (+0100, West-Europa (standaardtijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=5893 16776574 100 94 85883 111163908 0 0
    # scanned=95443
    # found=0
    # cleaned=0
    # scan_time=2492
  • Dat is tenminste een goed gegeven.

    [b:dc88493f0a]Download Windows Repair all in one (Portable) [/b:dc88493f0a] van deze site: http://www.bleepingcomputer.com/download/windows-repair-all-in-one-portable/
    Druk op de
  • Bovenstaande uitgevoerd; SFC gaf geen problemen en bij Windows Repair alles uitgevoerd wat jij hebt aangegeven.
    Repair programma's draaiden goed; telkens op uitvoeren geklikt.
    Ging na 1 minuut opstarten en daarna was het zonnetje weer weg.
  • En Windows draait ook weer goed?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.