Infected with Sirefef.ab, Sirefef.W

Solved
By ChevyVan79
Jul 18, 2012
Topic Status:
Not open for further replies.
  1. Hi,

    My computer just crashed and Microsoft Security Essentials said it was infected with Sirefef.ab and Sirefef.W

    Anyone knows a solution for this?

    Thanks in advance.

    Edit: Windows 7 64-bit
  2. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    Here are some logs (The malwarebytes log is in Dutch, but the last 4 lines are the detections):

    Malwarebytes Log "mbam-log-2012-07-18 (12-12-33).txt":
    -----------------------------------------------------------------
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.07.18.05

    Windows 7 Service Pack 1 x64 NTFS (Veilige modus/netwerkmogelijkheden)
    Internet Explorer 9.0.8112.16421
    Hidde :: HIDDE-PC [administrator]

    18-7-2012 12:06:50
    mbam-log-2012-07-18 (12-12-33).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 243433
    Verstreken tijd: 4 minuut/minuten, 36 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 4
    C:\Users\Hidde\AppData\Local\Temp\24358074.exe (Trojan.Phex.THAGen6) -> Geen actie ondernomen.
    C:\Users\Hidde\Downloads\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Geen actie ondernomen.
    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\n (Trojan.Sirefef) -> Geen actie ondernomen.
    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U\800000cb.@ (Rootkit.0Access) -> Geen actie ondernomen.

    (einde)
    -----------------------------------------------------------------
  3. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    GMER Log "gmer.txt":
    -----------------------------------------------------------------
    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-18 12:44:22
    Windows 6.1.7601 Service Pack 1
    Running: gfz7h0gr.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Windows\System32\wbem\Performance\WmiApRpl_new.ini 41896 bytes

    ---- Registry - GMER 1.0.15 ----

    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}@hajbcffnekildmbc 0x6B 0x61 0x6F 0x67 ...
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}@iadcaliefhdmelnfjn 0x6B 0x61 0x6F 0x67 ...

    ---- EOF - GMER 1.0.15 ----
    -----------------------------------------------------------------
  4. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    DDS Attach "Attach.txt":
    -----------------------------------------------------------------
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 8-1-2011 12:55:33
    System Uptime: 18-7-2012 12:16:28 (0 hours ago)
    .
    Motherboard: ASRock | | 880GMH/USB3.
    Processor: AMD Phenom(tm) II X4 955 Processor | CPUSocket | 3206/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 931 GiB total, 295,069 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ROOT\SUN_VBOXNETFLTMP\0000
    Manufacturer:
    Name:
    PNP Device ID: ROOT\SUN_VBOXNETFLTMP\0000
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Leawo MP4 Converter version 4.1.0.1
    Aangifte inkomstenbelasting 2011
    Acrobat.com
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Asset Services CS4
    Adobe Audition CS5.5
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Recommended Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Extra Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Contribute CS4
    Adobe Creative Suite 4 Design Standard
    Adobe Creative Suite 4 Web Standard
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Download Assistant
    Adobe Dreamweaver CS4
    Adobe Dreamweaver CS6
    Adobe Drive CS4
    Adobe Dynamiclink Support
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Fireworks CS4
    Adobe Fireworks CS6
    Adobe Flash CS4
    Adobe Flash CS4 Extension - Flash Lite STI en
    Adobe Flash CS4 STI-en
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Fonts All
    Adobe Help Manager
    Adobe Illustrator CS4
    Adobe Illustrator CS6
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Importer
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe PDistiller
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader 9.2
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe Shockwave Player 11.6
    Adobe SING CS4
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe Version Cue CS4 Server
    Adobe Widget Browser
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Age of Empires Online
    AMD VISION Engine Control Center
    America's Army 3
    Amnesia: The Dark Descent
    Apple Application Support
    Apple Software Update
    Application Profiles
    µTorrent
    Audacity 1.3.14 (Unicode)
    Audiosurf Demo
    Autodesk Backburner 2012.0.0
    Bastion
    Batman Arkham City version 1.0
    Battlefield 3™
    Battlelog Web Plugins
    BioShock 2
    bl
    Botanicula
    Braid
    Bulletstorm
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    CCC Help English
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Connect
    Cross Fire En
    D3DX10
    DAEMON Tools Lite
    Dead Island
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dotfuscator and Analytics Community Edition
    Dotfuscator Software Services - Community Edition
    Driver San Francisco
    Dropbox
    Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
    Epson Event Manager
    EPSON PX720WD Series Handboek
    EPSON Scan
    EpsonNet Print
    erLT
    ESN Sonar
    Fallout New Vegas
    FIFA 10
    FileZilla Client 3.5.3
    Firebird SQL Server - MAGIX Edition
    Flight Control HD
    Foreign Legion: Buckets of Blood
    Fraps (remove only)
    Free Easy Burner V 4.1
    GameMaker 8.1
    Garena - League of Legends
    Google Chrome
    Google Earth Plug-in
    Google Update Helper
    Half-Life 2
    Half-Life 2: Deathmatch
    Half-Life 2: Episode One
    Half-Life 2: Episode Two
    Half-Life 2: Lost Coast
    Half-Life Deathmatch: Source
    Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)
    Hotfix for Microsoft Visual Studio 2010 Professional - ENU (KB2542054)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2280741)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2284668)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2295689)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2420513)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2452649)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2455033)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB2485545)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982517)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB982721)
    Hotfix for Visual C++ Standard 2010 Beta 1 - ENU (KB983233)
    HydraVision
    IcoFX 2.0
    IIS 7.5 Express
    Java Auto Updater
    Java(TM) 7 Update 3
    JavaFX 2.0.3
    JGsoft RegexBuddy 3 v.3.2.1
    K-Lite Codec Pack 7.6.0 (Basic)
    kuler
    L.A. Noire: The Complete Edition
    Lead and Gold - Gangs of the Wild West
    League of Legends
    LIMBO
    LocalESPC
    LocalESPCui for en-us
    Logitech SetPoint
    Lone Survivor
    Machinarium
    MAGIX Music Maker 17 Premium Download Version
    MAGIX Speed burnR (MSI)
    Malwarebytes Anti-Malware versie 1.62.0.1300
    Mass Effect™ 3 Demo
    Microsoft .NET Framework 4 Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Beta Multi-Targeting Pack
    Microsoft .NET Framework 4.5 Beta SDK
    Microsoft Application Error Reporting
    Microsoft ASP.NET MVC 2
    Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
    Microsoft ASP.NET MVC 3
    Microsoft ASP.NET MVC 3 - Visual Studio 11 Tools Update
    Microsoft ASP.NET MVC 4
    Microsoft ASP.NET MVC 4 - Visual Studio 11 Tools
    Microsoft ASP.NET Web Pages
    Microsoft ASP.NET Web Pages - Visual Studio 11 Tools
    Microsoft ASP.NET Web Pages 2
    Microsoft ASP.NET Web Pages 2 - Visual Studio 11 Tools
    Microsoft Blend for Visual Studio
    Microsoft Blend for Visual Studio ENU resources
    Microsoft DirectX SDK (February 2010)
    Microsoft Expression Encoder 4 Screen Capture Codec
    Microsoft F# Runtime for Silverlight 4
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Help Viewer 2.0 Beta
    Microsoft Mathematics
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Portable Library Multi-Targeting Pack
    Microsoft Portable Library Multi-Targeting Pack Language Pack - enu
    Microsoft Report Viewer Add-On for Visual Studio 11 - Beta
    Microsoft Silverlight 3 SDK
    Microsoft Silverlight 4 SDK
    Microsoft Silverlight 5 SDK
    Microsoft Silverlight Tools for Visual Studio 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 Browser
    Microsoft SQL Server 2008 R2 Data-Tier Application Framework
    Microsoft SQL Server 2008 R2 Data-Tier Application Project
    Microsoft SQL Server 2008 R2 Management Objects
    Microsoft SQL Server 2008 R2 Transact-SQL Language Service
    Microsoft SQL Server 2012 Data-Tier App Framework
    Microsoft SQL Server 2012 Management Objects RC0
    Microsoft SQL Server 2012 T-SQL Language Service RC0
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Data Tools Build Utilities Mar 2012
    Microsoft SQL Server Database Publishing Wizard 1.4
    Microsoft SQL Server System CLR Types
    Microsoft Sync Framework SDK v1.0 SP1
    Microsoft System CLR Types for SQL Server 2012 RC0
    Microsoft Visual C++ Compilers 2010 Standard - enu - x86
    Microsoft Visual C++ 11 x86 Additional Runtime - 11.0.50214
    Microsoft Visual C++ 11 x86 Debug Runtime - 11.0.50214
    Microsoft Visual C++ 11 x86 Minimum Runtime - 11.0.50214
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual C++ Compilers 11
    Microsoft Visual C++ Compilers 11 - ENU Resources
    Microsoft Visual C++ Core Libraries 11
    Microsoft Visual C++ Extended Libraries 11
    Microsoft Visual C++ Microsoft Foundation Class Libraries 11
    Microsoft Visual Studio 11 Beta Tools for .Net 3.5
    Microsoft Visual Studio 11 Beta Updates (KB2677574)
    Microsoft Visual Studio 11 Developer Preview Language Pack - ENU
    Microsoft Visual Studio 11 Developer Preview Pre-Clean Tool
    Microsoft Visual Studio 11 LightSwitch Beta Core
    Microsoft Visual Studio 11 LightSwitch Beta CoreRes - ENU
    Microsoft Visual Studio 11 Professional Beta
    Microsoft Visual Studio 11 Professional Beta - ENU
    Microsoft Visual Studio 11 SharePoint Developer Tools Beta
    Microsoft Visual Studio 11 SharePoint Developer Tools Beta enu Language Pack
    Microsoft Visual Studio 11 Tools for SQL Server Compact 4.0 SP1 Beta ENU
    Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer Core
    Microsoft Visual Studio 11 Ultimate Beta XAML UI Designer enu Resources
    Microsoft Visual Studio 2010 Service Pack 1
    Microsoft Visual Studio 2010 SharePoint Developer Tools
    Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer
    Microsoft Visual Studio Team Foundation Server 11 Beta Team Explorer Language Pack - ENU
    Microsoft Web Deploy dbSqlPackage Provider Nov 2011
    Microsoft Web Tooling Extensions - Visual Studio 11
    Microsoft WSE 3.0 Runtime
    Microsoft XNA Framework Redistributable 3.1
    Microsoft XNA Framework Redistributable 4.0
    Microsoft XNA Game Studio Platform Tools
    Microsoft(R) SQL Server Data Tools, RC0 - enu
    Microsoft_VC80_CRT_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Microsoft_VC90_MFCLOC_x86
    Minutor
    Motherboard Monitor 5
    Mozilla Firefox 13.0.1 (x86 nl)
    Mozilla Maintenance Service
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Need for Speed: Hot Pursuit
    Need for Speed™ SHIFT
    NetBeans IDE 7.0.1
    Netwerkhandleiding EPSON PX720WD Series
    Notepad++
    NVIDIA PhysX
    Octoshape add-in for Adobe Flash Player
    OpenAL
    Opera 11.60
    Origin
    Pando Media Booster
    PDF Settings CS4
    PDF Settings CS6
    Pen Tablet
    ph
    Photoshop Camera Raw
    Pixel Bender Toolkit
    Plants vs. Zombies: Game of the Year
    Portal
    Portal 2
    PreEmptive Analytics Visual Studio Components
    Prerequisites for SSDT RC0
    professional_finalizer
    Psychonauts
    PunkBuster Services
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Revenge of the Titans
    Rockstar Games Social Club
    Samorost 2
    Secure Download Manager
    Security Update for Microsoft .NET Framework 4.5 Beta (KB2686838)
    Sequence
    Sid Meier's Civilization V
    Sitecom 300N X2 USB Wireless LAN Driver and Utility
    Skype Click to Call
    Skype™ 5.9
    SlimDX Redistributable for .NET 4.0 (March 2011)
    SpaceChem
    Spelling Dictionaries Support For Adobe Reader 9
    Spiral Knights
    SQL Server Data Framework Tools
    Steam
    Strawberry Perl
    Suite Shared Configuration CS4
    Super Meat Boy
    Super Meat Boy Editor
    Superbrothers: Sword & Sworcery EP
    swMSM
    Synthesia (remove only)
    System Requirements Lab CYRI
    Team Fortress 2
    Terraria
    Test Drive Unlimited 2
    Text-To-Speech-Runtime
    Trapcode Particular
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    TuxGuitar
    Unity Web Player
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553092)
    Vicon boujou 5.0
    Visual Studio 2008 x64 Redistributables
    Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
    Visual Studio Extensions for Windows Library for JavaScript
    VLC media player 2.0.1
    vs_devenv
    vs_devenvLP
    vs_minshellcore
    vs_minshellinterop
    vs_minshellres
    vslp_finalizer
    WampServer 2.2
    WCF RIA Services V1.0 SP2
    Windosill
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Media Player Firefox Plugin
    Windows Runtime Intellisense Content - English
    Windows Software Development Kit
    Windows Software Development Kit DirectX x86 Remote
    Windows Software Development Kit for Metro style Apps
    Windows Software Development Kit for Metro style Apps DirectX x86 Remote
    Windows Software Development Kit Redistributables
    Worms Reloaded
    Xvid Video Codec
    .
    ==== End Of File ===========================
    -----------------------------------------------------------------
  5. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    DDS "DDS.txt":
    -----------------------------------------------------------------
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 MINIMAL
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.3.1
    Run by Hidde at 12:46:41 on 2012-07-18
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8810 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Windows\system32\ctfmon.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
    uURLSearchHooks: H - No File
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe,
    BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll
    TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
    TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    TB: {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - No File
    EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-unins...VORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM"&"inst=NzctNzEwOTk5NDQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=4262cf34cac247d1b5f5d16c649a9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c
    StartupFolder: C:\Users\Hidde\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - C:\Users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26} : NameServer = 212.19.241.137,212.19.225.136
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
    {074C1DC5-9320-4A9A-947D-C042949C6216}
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    {517BDDE4-E3A7-4570-B21E-2B52B6139FC7}
    TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
    TB-X64: {BA14329E-9550-4989-B3F2-9732E92D17CC} - No File
    TB-X64: {6D8D66F3-14FC-4736-A096-FAC0EA66289C} - No File
    EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
    mRunOnce-x64: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-unins...VORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM"&"inst=NzctNzEwOTk5NDQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=4262cf34cac247d1b5f5d16c649a9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
    FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Program Files\Microsoft\Web Platform Installer\NPWPIDetector.dll
    FF - plugin: C:\Users\Hidde\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: C:\Users\Hidde\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Windows\system32\npdeployJava1.dll
    FF - plugin: C:\Windows\system32\npmproxy.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]
    R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
    S2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-1-30 103992]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-1-30 123960]
    S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
    S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-16 136176]
    S2 Realtek11nSU;Realtek11nSU;C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2011-1-8 36864]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
    S2 TabletServicePen;TabletServicePen;C:\Windows\system32\Pen_Tablet.exe --> C:\Windows\system32\Pen_Tablet.exe [?]
    S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-2-9 2143552]
    S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-9 250056]
    S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-1-15 1431888]
    S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-2-9 137728]
    S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-6-16 136176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8192su.sys --> C:\Windows\system32\DRIVERS\RTL8192su.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
    S3 VSPerfDrv110;Performance Tools Driver 11.0;C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
    S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
    S3 XENfiltv;XENfiltv;C:\Windows\system32\drivers\XENfiltv.sys --> C:\Windows\system32\drivers\XENfiltv.sys [?]
    S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
    S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
    S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
    .
    =============== Created Last 30 ================
    .
    2012-07-18 10:06:23 -------- d-----w- C:\Users\Hidde\AppData\Roaming\Malwarebytes
    2012-07-18 10:06:06 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-07-18 10:06:06 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-07-18 10:06:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 09:21:21 328704 ----a-w- C:\Windows\System32\services.exe.F89547CC9349ABE0
    2012-07-18 09:10:22 328704 ----a-w- C:\Windows\System32\services.exe.213CD11BC46267B2
    2012-07-18 08:56:41 328704 ----a-w- C:\Windows\System32\services.exe.BDCE8669122432CA
    2012-07-18 08:50:10 328704 ----a-w- C:\Windows\System32\services.exe.6AD6BD21D505363A
    2012-07-18 08:45:41 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
    2012-07-18 08:45:32 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
    2012-07-18 08:44:42 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-07-18 08:44:39 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-07-17 14:18:18 -------- d-sh--w- C:\Windows\System32\%APPDATA%
    2012-07-13 08:39:13 -------- d-----w- C:\Program Files (x86)\Crashtastic_0.4.4a_Alpha
    2012-07-11 15:30:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-07-11 12:05:10 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-07-05 15:25:49 -------- d-----w- C:\Program Files\Core Temp
    2012-07-05 15:25:37 -------- d-----w- C:\Users\Hidde\AppData\Local\APN
    2012-07-05 15:23:04 -------- d-----w- C:\Program Files\CPUID
    2012-07-05 15:07:20 4608 ----a-w- C:\Windows\SysWow64\mbmiodrvr.sys
    2012-07-05 15:07:13 -------- d-----w- C:\Program Files (x86)\Motherboard Monitor 5
    2012-07-03 07:54:08 -------- d-----w- C:\Users\Hidde\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-06-22 07:30:27 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-22 07:30:22 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-22 07:30:17 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-22 07:30:17 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-20 09:02:47 -------- d-----w- C:\ProgramData\ALM
    2012-06-20 09:01:57 -------- d-----w- C:\adobeTemp
    2012-06-20 08:49:16 -------- d-----w- C:\Users\Hidde\AppData\Roaming\PDAppFlex
    2012-06-19 14:46:29 -------- d-----w- C:\Users\Hidde\AppData\Local\Dropbox_Folder_Sync
    2012-06-19 14:45:50 -------- d-----w- C:\Program Files (x86)\Dropbox Folder Sync
    2012-06-19 14:45:49 -------- d-----w- C:\Users\Hidde\AppData\Roaming\Dropbox Folder Sync
    2012-06-19 09:23:29 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-19 09:23:29 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-19 08:04:39 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
    .
    ==================== Find3M ====================
    .
    2012-07-12 14:57:28 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 14:57:28 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-19 08:04:44 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
    2012-06-06 18:36:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-06-06 18:36:27 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-06-06 18:35:58 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-22 12:26:10 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys
    2012-05-22 12:26:10 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys
    2012-05-22 12:26:10 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys
    2012-05-22 12:25:40 320856 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll
    2012-05-22 12:25:40 166232 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 05:32:05 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    .
    ============= FINISH: 12:47:03,51 ===============
    -----------------------------------------------------------------
    I hope these logs can help.

    (Edit: repositioned top line)
  6. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

    Download Farbar Recovery Scan Tool and save it to a flash drive.

    Please make sure to download the 64-bit version.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Choose your language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.
    On the System Recovery Options menu you will get the following options:
      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst64 and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Place a check next to List Drivers MD5 as well as the default check marks that are already there
    • Press Scan button.
    • type exit and reboot the computer normally
    • FRST will make a log (FRST.txt) on the flash drive, please copy and paste the log in your reply.
  7. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    The scan completed. I noticed something in the log about an MD5-hash of services which was corrupted or something.

    Farbar Recovery Scan Tool Log "FRST.txt":
    -----------------------------------------------------------------
    Scan result of Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 19-07-2012 08:28:23
    Running from F:\
    Windows 7 Ultimate (X64) OS Language: Dutch Standard
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]
    HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [825184 2009-10-01] (Microsoft Corporation)
    HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
    HKU\Gast\...\Run: [RGSC] E:\Data\Games\[PLAY] GTA IV\Rockstar Games Social Club\RGSCLauncher.exe /silent [x]
    HKU\Gast\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-09] (Valve Corporation)
    HKU\Gast\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3671872 2012-04-17] (DT Soft Ltd)
    HKU\Gast\...\Run: [AdobeBridge] [x]
    HKU\Gast\...\Run: [HydraVisionMDEngine] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraMD.exe" [569344 2010-08-25] (AMD)
    HKU\Gast\...\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED [880496 2012-05-20] (BitTorrent, Inc.)
    HKU\Gast\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized [17357960 2012-05-03] (Skype Technologies S.A.)
    HKU\Gast\...\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart [3407496 2012-05-23] (Electronic Arts)
    HKU\Hidde\...\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1242448 2011-08-09] (Valve Corporation)
    HKLM-x32\...\Runonce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/nl.special-unins...VORUYtUEI2M0YtWDlaQVMtQU8zVEItSEk5Sk8tM0xQMkM"&"inst=NzctNzEwOTk5NDQ0LVNUMTJGT0krMS1ERFQrMC1FVUxBKzEtU1QxMkZBUFArMQ"&"prod=90"&"ver=2012.0.1796"&"mid=4262cf34cac247d1b5f5d16c649a9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c [x]
    Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
    Tcpip\..\Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: [NameServer]212.19.241.137,212.19.225.136
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
    ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)

    ==================== Services (Whitelisted) ======

    3 Adobe Version Cue CS4; "C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [288112 2012-03-16] (Adobe Systems Incorporated)
    3 FirebirdServerMAGIXInstance; "C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe" [3276800 2008-08-07] (MAGIX®)
    3 fussvc; "C:\Program Files\Windows Kits\8.0\App Certification Kit\fussvc.exe" [137728 2012-02-09] (Microsoft Corporation)
    2 Irmon; C:\Windows\System32\irmon.dll [23552 2009-07-14] (Microsoft Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
    2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)
    3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
    2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-01-08] ()
    2 Realtek11nSU; C:\Program Files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [36864 2009-06-01] (Realtek)
    4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -I SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2143552 2012-02-09] (TuneUp Software)
    3 wampapache; "C:\wamp\bin\apache\apache2.2.21\bin\httpd.exe" -k runservice [21504 2011-09-26] (Apache Software Foundation)
    3 wampmysqld; C:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe wampmysqld [9690112 2012-01-25] ()
    3 WMZuneComm; "C:\Program Files\Zune\WMZuneComm.exe" [306400 2011-08-05] (Microsoft Corporation)
    3 ZuneNetworkSvc; "C:\Program Files\Zune\ZuneNss.exe" [8277728 2011-08-05] (Microsoft Corporation)
    3 ZuneWlanCfgSvc; "C:\Program Files\Zune\ZuneWlanCfgSvc.exe" [467680 2011-08-05] (Microsoft Corporation)

    ========================== Drivers (Whitelisted) =============

    2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)
    2 atksgt; C:\Windows\System32\Drivers\atksgt.sys [314016 2011-04-08] ()
    1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [283200 2012-06-19] (DT Soft Ltd)
    3 FLxHCIh; C:\Windows\System32\Drivers\FLxHCIh.sys [65536 2010-08-27] (Fresco Logic)
    3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)
    2 irda; C:\Windows\System32\Drivers\irda.sys [120320 2009-07-14] (Microsoft Corporation)
    3 irsir; C:\Windows\System32\Drivers\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
    2 lirsgt; C:\Windows\System32\Drivers\lirsgt.sys [43680 2011-04-08] ()
    1 mbmiodrvr; \??\C:\Windows\syswow64\mbmiodrvr.sys [4608 2004-04-10] (cansoft@livewiredev.com)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-10-20] (TuneUp Software)
    3 VSPerfDrv110; \??\C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [67920 2011-12-12] (Microsoft Corporation)
    3 XENfiltv; C:\Windows\System32\Drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
    3 ALSysIO; \??\C:\Users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
    3 cpuz135; \??\C:\Users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    3 X6va005; \??\C:\Users\Hidde\AppData\Local\Temp\0059039.tmp [x]
    3 X6va008; \??\C:\Windows\SysWOW64\Drivers\X6va008 [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-18 11:44 - 2012-07-18 11:44 - 00000855 ____A C:\Users\Hidde\Desktop\gmer.log
    2012-07-18 11:19 - 2012-07-18 10:52 - 00302592 ____A C:\Users\Hidde\Desktop\gfz7h0gr.exe
    2012-07-18 11:06 - 2012-07-18 11:06 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\Malwarebytes
    2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-07-18 11:06 - 2012-07-18 11:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 11:06 - 2012-07-03 12:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-18 11:05 - 2012-07-18 10:52 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hidde\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-18 10:21 - 2012-07-18 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F89547CC9349ABE0
    2012-07-18 10:10 - 2012-07-18 10:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.213CD11BC46267B2
    2012-07-18 09:56 - 2012-07-18 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE8669122432CA
    2012-07-18 09:50 - 2012-07-18 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AD6BD21D505363A
    2012-07-18 09:44 - 2012-07-18 09:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
    2012-07-18 09:44 - 2012-07-18 09:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
    2012-07-17 15:18 - 2012-07-17 15:18 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-07-17 14:50 - 2012-07-17 14:50 - 00000064 ____A C:\Users\Hidde\Desktop\virtuemart.txt
    2012-07-13 09:39 - 2012-07-13 09:39 - 00001644 ____A C:\Users\Hidde\Desktop\Crashtastic.lnk
    2012-07-13 09:39 - 2012-07-12 21:18 - 00000000 ____D C:\Program Files (x86)\Crashtastic_0.4.4a_Alpha
    2012-07-11 16:30 - 2012-06-12 04:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-07-11 16:26 - 2012-06-02 13:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-07-11 16:26 - 2012-06-02 13:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-07-11 16:26 - 2012-06-02 13:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-07-11 16:26 - 2012-06-02 13:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-07-11 16:26 - 2012-06-02 13:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-07-11 16:26 - 2012-06-02 13:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-07-11 16:26 - 2012-06-02 13:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-07-11 16:26 - 2012-06-02 13:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-07-11 16:26 - 2012-06-02 13:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-07-11 16:26 - 2012-06-02 13:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-07-11 16:26 - 2012-06-02 12:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-07-11 16:26 - 2012-06-02 12:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-07-11 16:26 - 2012-06-02 12:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-07-11 16:26 - 2012-06-02 12:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-07-11 16:26 - 2012-06-02 10:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-07-11 16:26 - 2012-06-02 09:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-07-11 16:26 - 2012-06-02 09:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-07-11 16:26 - 2012-06-02 09:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-07-11 16:26 - 2012-06-02 09:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-07-11 16:26 - 2012-06-02 09:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-07-11 16:26 - 2012-06-02 09:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-07-11 16:26 - 2012-06-02 09:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-07-11 16:26 - 2012-06-02 09:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-07-11 16:26 - 2012-06-02 09:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-07-11 16:26 - 2012-06-02 09:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-07-11 16:26 - 2012-06-02 09:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-07-11 16:26 - 2012-06-02 09:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-07-11 16:26 - 2012-06-02 09:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-07-11 13:05 - 2012-06-09 06:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-07-11 13:05 - 2012-06-09 05:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-07-11 13:05 - 2012-06-06 07:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-07-11 13:05 - 2012-06-06 07:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-07-11 13:05 - 2012-06-06 07:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-07-11 13:05 - 2012-06-06 06:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-07-11 13:05 - 2012-06-06 06:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-07-11 13:05 - 2012-06-06 06:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-07-11 13:05 - 2012-06-02 06:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-07-11 13:05 - 2012-06-02 06:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-07-11 13:05 - 2012-06-02 06:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-07-11 13:05 - 2012-06-02 06:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-07-11 13:05 - 2012-06-02 06:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-07-11 13:05 - 2012-06-02 05:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-07-11 13:05 - 2012-06-02 05:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-07-11 13:05 - 2012-06-02 05:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-07-11 13:05 - 2012-06-02 05:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-07-11 13:05 - 2010-06-26 04:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
    2012-07-11 13:05 - 2010-06-26 04:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2012-07-05 16:25 - 2012-07-05 16:25 - 00000967 ____A C:\Users\Hidde\Desktop\Core Temp.lnk
    2012-07-05 16:25 - 2012-07-05 16:25 - 00000000 ____D C:\Users\Hidde\AppData\Local\APN
    2012-07-05 16:23 - 2012-07-05 16:23 - 00000876 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    2012-07-05 16:23 - 2012-07-05 16:23 - 00000000 ____D C:\Program Files\CPUID
    2012-07-05 16:08 - 2012-07-05 16:08 - 00000017 ____A C:\Users\Hidde\AppData\Local\resmon.resmoncfg
    2012-07-05 16:07 - 2012-07-05 16:07 - 00000000 ____D C:\Program Files (x86)\Motherboard Monitor 5
    2012-07-05 16:07 - 2004-04-10 08:43 - 00004608 ____A (cansoft@livewiredev.com) C:\Windows\SysWOW64\mbmiodrvr.sys
    2012-07-03 08:54 - 2012-07-03 08:55 - 00000000 ____D C:\Users\Public\Documents\Adobe
    2012-07-03 08:54 - 2012-07-03 08:54 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    2012-06-22 08:30 - 2012-06-02 23:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-22 08:30 - 2012-06-02 23:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-22 08:30 - 2012-06-02 23:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-22 08:30 - 2012-06-02 23:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-22 08:30 - 2012-06-02 23:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-22 08:30 - 2012-06-02 23:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-22 08:30 - 2012-06-02 23:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-22 08:30 - 2012-06-02 14:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-22 08:30 - 2012-06-02 14:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-20 10:07 - 2012-06-20 10:07 - 00001525 ____A C:\Users\Hidde\Desktop\Illustrator.lnk
    2012-06-20 10:07 - 2012-06-20 10:07 - 00001238 ____A C:\Users\Hidde\Desktop\Dreamweaver.lnk
    2012-06-20 10:07 - 2012-06-20 10:07 - 00001214 ____A C:\Users\Hidde\Desktop\Fireworks.lnk
    2012-06-20 10:02 - 2012-06-20 10:02 - 00000000 ____D C:\Users\All Users\ALM
    2012-06-20 09:49 - 2012-06-20 09:49 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\PDAppFlex
    2012-06-19 15:46 - 2012-06-19 15:46 - 00000000 ____D C:\Users\Hidde\AppData\Local\Dropbox_Folder_Sync
    2012-06-19 15:45 - 2012-06-19 15:45 - 00000000 ____D C:\Users\Hidde\AppData\Roaming\Dropbox Folder Sync
    2012-06-19 15:45 - 2012-06-19 15:45 - 00000000 ____D C:\Program Files (x86)\Dropbox Folder Sync
    2012-06-19 09:04 - 2012-06-19 09:04 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite


    ============ 3 Months Modified Files ========================

    2012-07-18 15:38 - 2009-07-14 05:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 15:38 - 2009-07-14 05:45 - 00013632 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-18 15:35 - 2012-06-16 10:13 - 00001050 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-18 15:35 - 2012-02-29 22:09 - 00017146 ____A C:\Windows\setupact.log
    2012-07-18 15:35 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-18 11:44 - 2012-07-18 11:44 - 00000855 ____A C:\Users\Hidde\Desktop\gmer.log
    2012-07-18 11:23 - 2009-07-14 10:16 - 00811884 ____A C:\Windows\System32\perfh013.dat
    2012-07-18 11:23 - 2009-07-14 10:16 - 00178392 ____A C:\Windows\System32\perfc013.dat
    2012-07-18 11:23 - 2009-07-14 06:13 - 01856960 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-18 11:14 - 2012-02-29 22:08 - 00237204 ____A C:\Windows\PFRO.log
    2012-07-18 11:06 - 2012-07-18 11:06 - 00001116 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-18 10:52 - 2012-07-18 11:19 - 00302592 ____A C:\Users\Hidde\Desktop\gfz7h0gr.exe
    2012-07-18 10:52 - 2012-07-18 11:05 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Hidde\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-18 10:21 - 2012-07-18 10:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F89547CC9349ABE0
    2012-07-18 10:10 - 2012-07-18 10:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.213CD11BC46267B2
    2012-07-18 09:59 - 2012-06-15 12:37 - 00000940 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-18 09:56 - 2012-07-18 09:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.BDCE8669122432CA
    2012-07-18 09:50 - 2012-07-18 09:50 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6AD6BD21D505363A
    2012-07-18 09:44 - 2011-12-28 11:02 - 00001912 ____A C:\Windows\epplauncher.mif
    2012-07-18 09:44 - 2011-03-03 21:15 - 01878746 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-18 09:44 - 2011-01-08 19:49 - 01440847 ____A C:\Windows\WindowsUpdate.log
    2012-07-18 09:28 - 2012-06-16 10:13 - 00001054 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-17 14:50 - 2012-07-17 14:50 - 00000064 ____A C:\Users\Hidde\Desktop\virtuemart.txt
    2012-07-13 09:39 - 2012-07-13 09:39 - 00001644 ____A C:\Users\Hidde\Desktop\Crashtastic.lnk
    2012-07-12 15:57 - 2012-05-09 17:16 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-12 15:57 - 2011-05-20 08:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-12 07:59 - 2009-07-14 05:45 - 06856704 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 16:27 - 2011-01-16 08:51 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-05 16:25 - 2012-07-05 16:25 - 00000967 ____A C:\Users\Hidde\Desktop\Core Temp.lnk
    2012-07-05 16:23 - 2012-07-05 16:23 - 00000876 ____A C:\Users\Public\Desktop\CPUID CPU-Z.lnk
    2012-07-05 16:08 - 2012-07-05 16:08 - 00000017 ____A C:\Users\Hidde\AppData\Local\resmon.resmoncfg
    2012-07-03 12:46 - 2012-07-18 11:06 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-29 10:30 - 2011-12-19 16:34 - 00000235 __RAH C:\Windows\ctfile.rfc
    2012-06-20 10:07 - 2012-06-20 10:07 - 00001525 ____A C:\Users\Hidde\Desktop\Illustrator.lnk
    2012-06-20 10:07 - 2012-06-20 10:07 - 00001238 ____A C:\Users\Hidde\Desktop\Dreamweaver.lnk
    2012-06-20 10:07 - 2012-06-20 10:07 - 00001214 ____A C:\Users\Hidde\Desktop\Fireworks.lnk
    2012-06-20 10:04 - 2011-01-08 13:38 - 00133888 ____A C:\Users\Hidde\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-06-19 09:04 - 2012-03-18 13:27 - 00283200 ____A (DT Soft Ltd) C:\Windows\System32\Drivers\dtsoftbus01.sys
    2012-06-16 14:19 - 2012-06-16 13:39 - 00002010 ___AH C:\Users\Hidde\Documents\Default.rdp
    2012-06-12 04:08 - 2012-07-11 16:30 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-11 12:21 - 2012-06-11 10:49 - 00011083 ____A C:\Users\Hidde\Documents\werkzaamheden_specificatie_dewestfries.xlsx
    2012-06-09 06:43 - 2012-07-11 13:05 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-09 05:41 - 2012-07-11 13:05 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-08 15:00 - 2012-03-02 15:59 - 00110447 ____A C:\Windows\DirectX.log
    2012-06-08 09:26 - 2012-06-08 09:26 - 00000222 ____A C:\Users\Hidde\Desktop\Superbrothers Sword & Sworcery EP.url
    2012-06-08 09:26 - 2012-06-08 09:26 - 00000221 ____A C:\Users\Hidde\Desktop\LIMBO.url
    2012-06-08 09:26 - 2012-06-08 09:26 - 00000221 ____A C:\Users\Hidde\Desktop\Amnesia The Dark Descent.url
    2012-06-08 09:26 - 2012-06-08 09:26 - 00000220 ____A C:\Users\Hidde\Desktop\Psychonauts.url
    2012-06-08 09:22 - 2012-06-08 09:22 - 00000222 ____A C:\Users\Hidde\Desktop\Bastion.url
    2012-06-08 09:21 - 2012-06-08 09:21 - 00000221 ____A C:\Users\Hidde\Desktop\Super Meat Boy.url
    2012-06-08 09:21 - 2012-06-08 09:21 - 00000221 ____A C:\Users\Hidde\Desktop\Braid.url
    2012-06-08 09:21 - 2012-06-08 09:21 - 00000202 ____A C:\Users\Hidde\Desktop\Super Meat Boy Editor.url
    2012-06-08 09:21 - 2012-06-08 09:21 - 00000195 ____A C:\Users\Hidde\Desktop\Lone Survivor.url
    2012-06-07 09:39 - 2012-06-07 09:39 - 00001727 ____A C:\Users\Public\Desktop\League of Legends.lnk
    2012-06-07 09:11 - 2011-12-04 15:02 - 00001025 ____A C:\Users\Hidde\Desktop\Dropbox.lnk
    2012-06-06 19:36 - 2011-06-12 13:11 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
    2012-06-06 19:36 - 2011-06-12 13:09 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.exe
    2012-06-06 19:35 - 2011-06-12 13:09 - 00280904 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
    2012-06-06 07:06 - 2012-07-11 13:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-06 07:06 - 2012-07-11 13:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-06 07:02 - 2012-07-11 13:05 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-06 06:05 - 2012-07-11 13:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-06 06:05 - 2012-07-11 13:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-06 06:03 - 2012-07-11 13:05 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-05 13:14 - 2012-06-05 13:14 - 00316064 ____A C:\Windows\Minidump\060512-21574-01.dmp
    2012-06-05 13:14 - 2012-04-11 09:18 - 1151349537 ____A C:\Windows\MEMORY.DMP
    2012-06-04 17:01 - 2012-06-04 17:01 - 00001385 ____A C:\Users\Hidde\Desktop\Visual Studio 11 Beta.lnk
    2012-06-04 13:24 - 2012-06-04 13:23 - 00275264 ____A C:\Windows\Minidump\060412-46113-01.dmp
    2012-06-04 11:06 - 2012-06-04 11:06 - 00002531 ____A C:\Users\Hidde\Desktop\Skype.lnk
    2012-06-02 23:19 - 2012-06-22 08:30 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 23:19 - 2012-06-22 08:30 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 23:19 - 2012-06-22 08:30 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 23:19 - 2012-06-22 08:30 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 23:19 - 2012-06-22 08:30 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 23:15 - 2012-06-22 08:30 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 23:15 - 2012-06-22 08:30 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 14:19 - 2012-06-22 08:30 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 14:15 - 2012-06-22 08:30 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 13:49 - 2012-07-11 16:26 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 13:17 - 2012-07-11 16:26 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 13:12 - 2012-07-11 16:26 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 13:05 - 2012-07-11 16:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 13:05 - 2012-07-11 16:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 13:04 - 2012-07-11 16:26 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 13:04 - 2012-07-11 16:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 13:03 - 2012-07-11 16:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 13:01 - 2012-07-11 16:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 13:00 - 2012-07-11 16:26 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 12:59 - 2012-07-11 16:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 12:57 - 2012-07-11 16:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 12:57 - 2012-07-11 16:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 12:54 - 2012-07-11 16:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 10:07 - 2012-07-11 16:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 09:43 - 2012-07-11 16:26 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 09:33 - 2012-07-11 16:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 09:26 - 2012-07-11 16:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 09:25 - 2012-07-11 16:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 09:25 - 2012-07-11 16:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 09:23 - 2012-07-11 16:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 09:21 - 2012-07-11 16:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 09:20 - 2012-07-11 16:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 09:19 - 2012-07-11 16:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 09:19 - 2012-07-11 16:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 09:17 - 2012-07-11 16:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 09:16 - 2012-07-11 16:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 09:14 - 2012-07-11 16:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-02 06:50 - 2012-07-11 13:05 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-02 06:48 - 2012-07-11 13:05 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-02 06:48 - 2012-07-11 13:05 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-02 06:45 - 2012-07-11 13:05 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-02 06:44 - 2012-07-11 13:05 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-02 05:40 - 2012-07-11 13:05 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-02 05:40 - 2012-07-11 13:05 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-02 05:39 - 2012-07-11 13:05 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-02 05:34 - 2012-07-11 13:05 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-24 11:04 - 2012-05-24 11:04 - 00000562 ____A C:\Windows\wmsetup.log
    2012-05-23 19:57 - 2012-05-23 19:57 - 00000221 ____A C:\Users\Hidde\Desktop\Dead Island.url
    2012-05-22 13:26 - 2012-06-11 12:13 - 00224088 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxDrv.sys
    2012-05-22 13:26 - 2012-06-11 12:13 - 00130904 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxUSBMon.sys
    2012-05-22 13:26 - 2012-05-22 13:26 - 00147288 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetAdp.sys
    2012-05-22 13:25 - 2012-05-22 13:25 - 00320856 ____A (Oracle Corporation) C:\Windows\System32\VBoxNetFltNobj.dll
    2012-05-22 13:25 - 2012-05-22 13:25 - 00166232 ____A (Oracle Corporation) C:\Windows\System32\Drivers\VBoxNetFlt.sys
    2012-05-21 12:32 - 2012-05-21 12:32 - 00000767 ____A C:\Users\Hidde\Desktop\Driver.lnk
    2012-05-09 17:08 - 2012-05-18 10:42 - 00001208 ____A C:\Users\Hidde\Documents\Adobe InDesign CS6.lnk
    2012-05-07 21:57 - 2012-05-07 21:57 - 00275208 ____A C:\Windows\Minidump\050712-25958-01.dmp
    2012-05-06 12:57 - 2012-05-06 12:57 - 00275208 ____A C:\Windows\Minidump\050612-25147-01.dmp
    2012-05-05 18:21 - 2012-05-05 18:20 - 00275208 ____A C:\Windows\Minidump\050512-25256-01.dmp
    2012-05-05 14:57 - 2011-08-10 15:52 - 00001060 ____A C:\Users\Gast\Desktop\Notepad++.lnk
    2012-05-04 12:06 - 2012-06-13 08:22 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-05-04 11:03 - 2012-06-13 08:22 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-05-04 11:03 - 2012-06-13 08:22 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-05-03 21:46 - 2012-05-03 21:46 - 00275208 ____A C:\Windows\Minidump\050312-35630-01.dmp
    2012-05-01 06:40 - 2012-06-13 08:22 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-04-28 06:32 - 2012-06-13 08:22 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-04-28 04:55 - 2012-06-13 08:22 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-04-26 19:19 - 2012-04-26 19:19 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-04-26 19:19 - 2012-04-26 19:19 - 00173960 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-04-26 18:48 - 2012-04-26 18:48 - 00000222 ____A C:\Users\Hidde\Desktop\Botanicula.url
    2012-04-26 18:48 - 2012-04-26 18:48 - 00000221 ____A C:\Users\Hidde\Desktop\Samorost 2.url
    2012-04-26 18:48 - 2012-04-26 18:48 - 00000221 ____A C:\Users\Hidde\Desktop\Machinarium.url
    2012-04-26 18:46 - 2012-04-26 18:46 - 00000221 ____A C:\Users\Hidde\Desktop\Windosill.url
    2012-04-26 06:41 - 2012-06-13 08:22 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 06:41 - 2012-06-13 08:22 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-04-26 06:34 - 2012-06-13 08:22 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 11:58 - 2009-07-14 06:08 - 00032592 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-04-24 06:37 - 2012-06-13 08:22 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-04-24 06:37 - 2012-06-13 08:22 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-04-24 06:37 - 2012-06-13 08:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-04-24 05:36 - 2012-06-13 08:22 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-04-24 05:36 - 2012-06-13 08:22 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-04-24 05:36 - 2012-06-13 08:22 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-04-22 19:30 - 2012-04-22 19:30 - 00001143 ____A C:\Users\Hidde\Desktop\CrossFire.lnk
    2012-04-22 14:32 - 2012-04-22 14:32 - 00000222 ____A C:\Users\Hidde\Desktop\Age of Empires Online.url


    ZeroAccess:
    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}
    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\@
    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\L
    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U
    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U\00000001.@

    ZeroAccess:
    C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}
    C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\@
    C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\L
    C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 9%
    Total physical RAM: 10239.24 MB
    Available physical RAM: 9270.7 MB
    Total Pagefile: 10237.39 MB
    Available Pagefile: 9264.34 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (Windows) (Fixed) (Total:931.41 GB) (Free:417.4 GB) NTFS
    3 Drive f: () (Removable) (Total:0.94 GB) (Free:0.78 GB) NTFS
    4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    5 Drive y: (Door systeem gereserveerd) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Schfnr. Status Grootte Vrij Dyn GPT
    -------- ------------- ------- ------- --- ---
    Schf 0 Online 931 GB 1024 KB
    Schf 1 Online 961 MB 0 B

    DiskPart afsluiten...


    ==========================================================

    Last Boot: 2012-07-11 14:18

    ======================= End Of Log ==========================
    -----------------------------------------------------------------
  8. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Additional FRST Scan

    Once again, please boot to the System Recovery Options and run FRST, as done previously.

    Type the following text in the blank box after Search:

    services.exe

    Click: Search file(s)

    [​IMG]

    When done searching, FRST makes a log, Search.txt, on the C:\ drive.

    Please provide the Search.txt in your reply.
  9. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    Here's the log.

    Farbar Recovery Scan Tool Log "Search.txt":
    -----------------------------------------------------------------
    Farbar Recovery Scan Tool Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-19 13:46:54
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
    -----------------------------------------------------------------
  10. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    FRST64 Fixlist

    Please run the following:

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste). Save it on the flashdrive as fixlist.txt

    NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system

    Now, please enter System Recovery Options then select Command Prompt.

    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Now restart, let it boot normally and tell me how it went.
  11. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    "Fixlog.txt":
    --------------------------------------------------
    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 16-07-2012 02
    Ran by SYSTEM at 2012-07-19 19:18:48 Run:1
    Running from F:\

    ==============================================

    C:\Windows\Installer\{4b450b07-8f43-0861-3c71-52cec0dd6c4e} moved successfully.
    C:\Users\Hidde\AppData\Local\{4b450b07-8f43-0861-3c71-52cec0dd6c4e} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
    ------------------------------------------------

    I restarted my computer. When I started Microsoft Security Essentials it said that I was still infected by Sirefef.Y, Sirefef.B, Sirefef.AB and Sirefef.W :(

    PS.: I go on holiday tomorrow (I think I still have arround 2 hours until I leave this computer). So, if the virus isn't fixed then, is it possible to 'pause' this thread and reopen it in about 2 weeks? :p
  12. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    It seems that Windows didn't gave me a fatal error to restart the computer. :)
  13. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    When I try to start Windows Defender or when I'm trying to update Microsoft Security Essentials, Windows returns the errorcode 0x80070424.
     
  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    I marked it as inactive, when you get back, reply to this thread to continue.

    If it is not open, please PM me.
  15. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    Alright, I'm ready again. :cool:
  16. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix

    Please download ComboFix[​IMG] by sUBs
    From BleepingComputer.com

    Please save the file to your Desktop, but rename it first to svchost.exe

    Important information about ComboFix

    Before the download:
    • Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
    • It is important to rename ComboFix before the download.
    • Please do not rename ComboFix to other names, but only the one indicated.
    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on svchost.exe & follow the prompts.
    • It will attempt to install the Recovery Console:
    • When ComboFix finishes, it will produce a report for you.
    • Please post the "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.
  17. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    Here it is.

    ComboFix Log "ComboFix.txt":
    -----------------------------------------------------------------
    ComboFix 12-08-05.02 - Hidde 06-08-2012 15:11:10.1.4 - x64 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8320 [GMT 2:00]
    Gestart vanuit: c:\users\Hidde\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\cflog\CrashLog_20110426.txt
    C:\install.exe
    c:\users\Hidde\AppData\Local\assembly\tmp
    c:\users\Hidde\AppData\Local\Microsoft\Windows\Temporary Internet Files\cookies.sqlite
    c:\users\Hidde\AppData\Roaming\Love
    c:\users\Hidde\AppData\Roaming\Love\mari0\options.txt
    c:\users\Hidde\Documents\~WRL3387.tmp
    c:\windows\IsUn0413.exe
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    c:\windows\SysWow64\d2d1debug1.dll
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-06 to 2012-08-06 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-06 13:20 . 2012-08-06 13:20 -------- d-----w- c:\users\Gast\AppData\Local\temp
    2012-08-06 13:20 . 2012-08-06 13:20 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-07-19 07:27 . 2012-07-19 07:28 -------- d-----w- C:\FRST
    2012-07-19 06:33 . 2012-07-19 06:33 328704 ----a-w- c:\windows\system32\services.exe.3C1AE47AB51889C6
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\users\Hidde\AppData\Roaming\Malwarebytes
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-18 10:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 09:21 . 2012-07-18 09:21 328704 ----a-w- c:\windows\system32\services.exe.F89547CC9349ABE0
    2012-07-18 09:10 . 2012-07-18 09:10 328704 ----a-w- c:\windows\system32\services.exe.213CD11BC46267B2
    2012-07-18 08:56 . 2012-07-18 08:56 328704 ----a-w- c:\windows\system32\services.exe.BDCE8669122432CA
    2012-07-18 08:50 . 2012-07-18 08:50 328704 ----a-w- c:\windows\system32\services.exe.6AD6BD21D505363A
    2012-07-18 08:45 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
    2012-07-18 08:45 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
    2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-17 14:18 . 2012-07-17 14:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-13 08:39 . 2012-07-12 20:18 -------- d-----w- c:\program files (x86)\Crashtastic_0.4.4a_Alpha
    2012-07-11 15:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 12:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 14:57 . 2012-05-09 16:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 14:57 . 2011-05-20 07:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 15:27 . 2011-01-16 07:51 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-19 08:04 . 2012-03-18 12:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-06-06 18:36 . 2011-06-12 12:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-06 18:36 . 2011-06-12 12:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-06 18:35 . 2011-06-12 12:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-04 18:50 . 2012-06-04 15:56 2471072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2012-06-04 10:56 . 2011-03-03 20:20 2376736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-06-04 10:11 . 2011-05-26 16:22 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-06-02 22:19 . 2012-06-22 07:30 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-22 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-22 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-22 12:26 . 2012-06-11 11:13 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-05-22 12:26 . 2012-06-11 11:13 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
    2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-09 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/nl.special-unins...9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c" [?]
    .
    c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-8 1207312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    .
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2009-06-01 36864]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1909032]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-03-16 288112]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 ALSysIO;ALSysIO;c:\users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
    R3 cpuz135;cpuz135;c:\users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-15 1431888]
    R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-08-11 610816]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 X6va005;X6va005;c:\users\Hidde\AppData\Local\Temp\0059039.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 25600]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 283200]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-08-27 220672]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-08-27 65536]
    .
    .
    --- Andere Services/Drivers In Geheugen ---
    .
    *NewlyCreated* - PXHLPA64
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 14:57]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: NameServer = 212.19.241.137,212.19.225.136
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
    URLSearchHooks-{6d8d66f3-14fc-4736-a096-fac0ea66289c} - (no file)
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
    WebBrowser-{6D8D66F3-14FC-4736-A096-FAC0EA66289C} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Hidde\AppData\Local\Temp\0059039.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}*]
    "iadcaliefhdmelnfjn"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
    61,62,61,6a,00,00
    "hajbcffnekildmbc"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
    61,62,61,6a,00,00
    .
    [HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\SecuROM\License information*]
    "datasecu"=hex:76,ce,bb,62,f1,f3,da,4c,de,2e,db,0c,e1,18,cb,58,24,aa,b9,f6,70,
    6d,21,87,64,f4,5d,19,e5,9b,62,93,98,bb,9f,83,41,17,46,ad,01,c7,9b,2e,70,af,\
    "rkeysecu"=hex:b3,cb,b6,91,a2,37,0e,f8,5e,6d,66,3a,f0,ea,9d,cf
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-08-06 15:22:24
    ComboFix-quarantined-files.txt 2012-08-06 13:22
    .
    Pre-Run: 490.391.724.032 bytes beschikbaar
    Post-Run: 491.166.240.768 bytes beschikbaar
    .
    - - End Of File - - 535FBC7D2CCFD708AA16363936DEDC48
    ---------------------------------------------------
  18. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  19. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    Here, I present you the next ComboFix log.

    ComboFix Log "ComboFix.txt":
    --------------------------------------------------------
    ComboFix 12-08-05.02 - Hidde 07-08-2012 8:19.2.4 - x64 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8289 [GMT 2:00]
    Gestart vanuit: c:\users\Hidde\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Hidde\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-07 to 2012-08-07 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-07 06:28 . 2012-08-07 06:28 -------- d-----w- c:\users\Gast\AppData\Local\temp
    2012-08-07 06:28 . 2012-08-07 06:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-07 06:17 . 2012-08-07 06:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C67C0F10-2281-43CF-BC86-684C71B50A8F}\offreg.dll
    2012-07-19 07:27 . 2012-07-19 07:28 -------- d-----w- C:\FRST
    2012-07-19 06:33 . 2012-07-19 06:33 328704 ----a-w- c:\windows\system32\services.exe.3C1AE47AB51889C6
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\users\Hidde\AppData\Roaming\Malwarebytes
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-18 10:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 09:21 . 2012-07-18 09:21 328704 ----a-w- c:\windows\system32\services.exe.F89547CC9349ABE0
    2012-07-18 09:10 . 2012-07-18 09:10 328704 ----a-w- c:\windows\system32\services.exe.213CD11BC46267B2
    2012-07-18 08:56 . 2012-07-18 08:56 328704 ----a-w- c:\windows\system32\services.exe.BDCE8669122432CA
    2012-07-18 08:50 . 2012-07-18 08:50 328704 ----a-w- c:\windows\system32\services.exe.6AD6BD21D505363A
    2012-07-18 08:45 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
    2012-07-18 08:45 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
    2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-17 14:18 . 2012-07-17 14:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-13 08:39 . 2012-07-12 20:18 -------- d-----w- c:\program files (x86)\Crashtastic_0.4.4a_Alpha
    2012-07-11 15:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 12:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 14:57 . 2012-05-09 16:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 14:57 . 2011-05-20 07:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 15:27 . 2011-01-16 07:51 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-19 08:04 . 2012-03-18 12:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-06-06 18:36 . 2011-06-12 12:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-06 18:36 . 2011-06-12 12:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-06 18:35 . 2011-06-12 12:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-04 18:50 . 2012-06-04 15:56 2471072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2012-06-04 10:56 . 2011-03-03 20:20 2376736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-06-04 10:11 . 2011-05-26 16:22 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-06-02 22:19 . 2012-06-22 07:30 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-22 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-22 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-22 12:26 . 2012-06-11 11:13 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-05-22 12:26 . 2012-06-11 11:13 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
    2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-06_13.20.21 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-07 06:17 . 2012-08-07 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-07 06:17 . 2012-08-07 06:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-09 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/nl.special-unins...9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c" [?]
    .
    c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-8 1207312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    .
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2009-06-01 36864]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1909032]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-03-16 288112]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 ALSysIO;ALSysIO;c:\users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
    R3 cpuz135;cpuz135;c:\users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-15 1431888]
    R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-08-11 610816]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 X6va005;X6va005;c:\users\Hidde\AppData\Local\Temp\0059039.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 25600]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 283200]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-08-27 220672]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-08-27 65536]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 14:57]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: NameServer = 212.19.241.137,212.19.225.136
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Hidde\AppData\Local\Temp\0059039.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}*]
    "iadcaliefhdmelnfjn"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
    61,62,61,6a,00,00
    "hajbcffnekildmbc"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
    61,62,61,6a,00,00
    .
    [HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\SecuROM\License information*]
    "datasecu"=hex:76,ce,bb,62,f1,f3,da,4c,de,2e,db,0c,e1,18,cb,58,24,aa,b9,f6,70,
    6d,21,87,64,f4,5d,19,e5,9b,62,93,98,bb,9f,83,41,17,46,ad,01,c7,9b,2e,70,af,\
    "rkeysecu"=hex:b3,cb,b6,91,a2,37,0e,f8,5e,6d,66,3a,f0,ea,9d,cf
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-08-07 08:30:59
    ComboFix-quarantined-files.txt 2012-08-07 06:30
    ComboFix2.txt 2012-08-06 13:22
    .
    Pre-Run: 491.346.804.736 bytes beschikbaar
    Post-Run: 491.165.831.168 bytes beschikbaar
    .
    - - End Of File - - 384702765DCC6655AC6E4CAB0079B9A3
    ---------------------------------------
  20. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    ComboFix Script

    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Open notepad and copy/paste the text in the codebox below into it:
    • Save this as CFScript.txt, in the same location as ComboFix.exe

      [​IMG]
    • Referring to the picture above, drag CFScript into ComboFix.exe
    • When finished, it shall produce a log for you at C:\ComboFix.txt
    • Please post the contents of the log in your next reply.
  21. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    And the next ComboFix log.

    ComboFix Log "ComboFix.txt":
    --------------------------------------------------------------------
    ComboFix 12-08-05.02 - Hidde 08-08-2012 8:23.3.4 - x64 MINIMAL
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.10239.8272 [GMT 2:00]
    Gestart vanuit: c:\users\Hidde\Desktop\ComboFix.exe
    gebruikte Opdracht switches :: c:\users\Hidde\Desktop\CFScript.txt
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Nieuw herstelpunt werd aangemaakt
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))
    .
    .
    2012-08-08 06:32 . 2012-08-08 06:32 -------- d-----w- c:\users\Gast\AppData\Local\temp
    2012-08-08 06:32 . 2012-08-08 06:32 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-08 06:21 . 2012-08-08 06:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C67C0F10-2281-43CF-BC86-684C71B50A8F}\offreg.dll
    2012-07-19 07:27 . 2012-07-19 07:28 -------- d-----w- C:\FRST
    2012-07-19 06:33 . 2012-07-19 06:33 328704 ----a-w- c:\windows\system32\services.exe.3C1AE47AB51889C6
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\users\Hidde\AppData\Roaming\Malwarebytes
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\programdata\Malwarebytes
    2012-07-18 10:06 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-07-18 10:06 . 2012-07-18 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-18 09:21 . 2012-07-18 09:21 328704 ----a-w- c:\windows\system32\services.exe.F89547CC9349ABE0
    2012-07-18 09:10 . 2012-07-18 09:10 328704 ----a-w- c:\windows\system32\services.exe.213CD11BC46267B2
    2012-07-18 08:56 . 2012-07-18 08:56 328704 ----a-w- c:\windows\system32\services.exe.BDCE8669122432CA
    2012-07-18 08:50 . 2012-07-18 08:50 328704 ----a-w- c:\windows\system32\services.exe.6AD6BD21D505363A
    2012-07-18 08:45 . 2012-02-09 12:17 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B6A9F61E-DDC0-4A0E-86FE-A820D0B40BFE}\gapaengine.dll
    2012-07-18 08:45 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{85AB1BFF-CCDA-4C24-8C87-18F3F736516A}\mpengine.dll
    2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-07-18 08:44 . 2012-07-18 08:44 -------- d-----w- c:\program files\Microsoft Security Client
    2012-07-17 14:18 . 2012-07-17 14:18 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-13 08:39 . 2012-07-12 20:18 -------- d-----w- c:\program files (x86)\Crashtastic_0.4.4a_Alpha
    2012-07-11 15:30 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 12:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-12 14:57 . 2012-05-09 16:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-12 14:57 . 2011-05-20 07:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-11 15:27 . 2011-01-16 07:51 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-19 08:04 . 2012-03-18 12:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-06-06 18:36 . 2011-06-12 12:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-06-06 18:36 . 2011-06-12 12:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-06-06 18:35 . 2011-06-12 12:09 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-06-04 18:50 . 2012-06-04 15:56 2471072 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
    2012-06-04 10:56 . 2011-03-03 20:20 2376736 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
    2012-06-04 10:11 . 2011-05-26 16:22 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
    2012-06-02 22:19 . 2012-06-22 07:30 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 07:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 07:30 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 07:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 07:30 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 07:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 07:30 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 13:19 . 2012-06-22 07:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 13:15 . 2012-06-22 07:30 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-22 12:26 . 2012-06-11 11:13 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
    2012-05-22 12:26 . 2012-06-11 11:13 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
    2012-05-22 12:26 . 2012-05-22 12:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
    2012-05-22 12:25 . 2012-05-22 12:25 320856 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
    2012-05-22 12:25 . 2012-05-22 12:25 166232 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-08-06_13.20.21 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-08 06:21 . 2012-08-08 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-08-08 06:21 . 2012-08-08 06:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-08-06 13:08 . 2012-08-06 13:08 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 94208 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2011-08-09 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "AvgUninstallURL"="start http://www.avg.com/nl.special-unins...9bc7-ad1491be2ce6c122f6b66faa90e70c2decf7d34c" [?]
    .
    c:\users\Hidde\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Hidde\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2011-1-8 1207312]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe"
    "AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
    "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "Wondershare Helper Compact.exe"=c:\program files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    .
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 224088]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 130904]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-26 204288]
    R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-10-25 361984]
    R2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2011-06-24 55424]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-01-30 123960]
    R2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
    R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R2 Realtek11nSU;Realtek11nSU;c:\program files (x86)\SITECOM\300N X2 USB Wireless LAN Utility\RtlService.exe [2009-06-01 36864]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2007-09-07 1909032]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-02-09 2143552]
    R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-03-16 288112]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
    R3 ALSysIO;ALSysIO;c:\users\Hidde\AppData\Local\Temp\ALSysIO64.sys [x]
    R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-26 10496512]
    R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-26 326656]
    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
    R3 cpuz135;cpuz135;c:\users\Hidde\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x]
    R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-09-15 1431888]
    R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-02-09 137728]
    R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-01-12 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-19 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-30 236544]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-08-11 610816]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-10-20 11856]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 147288]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-05-22 166232]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 VSPerfDrv110;Performance Tools Driver 11.0;c:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2011-12-12 67920]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-01-09 1255736]
    R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]
    R3 X6va005;X6va005;c:\users\Hidde\AppData\Local\Temp\0059039.tmp [x]
    R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
    R3 XENfiltv;XENfiltv;c:\windows\system32\drivers\XENfiltv.sys [2009-07-31 25600]
    R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
    R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
    R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-06-19 283200]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-08-27 220672]
    S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-08-27 65536]
    .
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-09 14:57]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
    .
    2012-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-06-16 20:05]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-02-18 05:12 97792 ----a-w- c:\users\Hidde\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    ------- Bijkomende Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://nl.ask.com/?l=dis&o=41648005&gct=hp
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\Hidde\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
    IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
    TCP: Interfaces\{D152E762-592D-4911-B26F-0089DDB0FE26}: NameServer = 212.19.241.137,212.19.225.136
    DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    FF - ProfilePath - c:\users\Hidde\AppData\Roaming\Mozilla\Firefox\Profiles\i38demmb.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&hl=nl&q=
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxps://encrypted.google.com/search?hl=en&q=
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: nglayout.initialpaint.delay - 600
    FF - user.js: content.notify.interval - 600000
    FF - user.js: content.max.tokenizing.time - 1800000
    FF - user.js: content.switch.threshold - 600000
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va005]
    "ImagePath"="\??\c:\users\Hidde\AppData\Local\Temp\0059039.tmp"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va008]
    "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FF582BE0-8B6E-BEB0-8FBE-2800DE432E73}*]
    "iadcaliefhdmelnfjn"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
    61,62,61,6a,00,00
    "hajbcffnekildmbc"=hex:6b,61,6f,67,62,6f,6f,67,6e,6e,61,65,6b,6a,66,6b,64,62,
    61,62,61,6a,00,00
    .
    [HKEY_USERS\S-1-5-21-3616390189-2703281750-890906377-1000\Software\SecuROM\License information*]
    "datasecu"=hex:76,ce,bb,62,f1,f3,da,4c,de,2e,db,0c,e1,18,cb,58,24,aa,b9,f6,70,
    6d,21,87,64,f4,5d,19,e5,9b,62,93,98,bb,9f,83,41,17,46,ad,01,c7,9b,2e,70,af,\
    "rkeysecu"=hex:b3,cb,b6,91,a2,37,0e,f8,5e,6d,66,3a,f0,ea,9d,cf
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2012-08-08 08:35:05
    ComboFix-quarantined-files.txt 2012-08-08 06:35
    ComboFix2.txt 2012-08-07 06:30
    ComboFix3.txt 2012-08-06 13:22
    .
    Pre-Run: 491.360.534.528 bytes beschikbaar
    Post-Run: 491.177.103.360 bytes beschikbaar
    .
    - - End Of File - - F1751EB2136184E8CA5D1C35165F1F9E
    -------------------------------------------------------
  22. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Scan for malware

    [​IMG] Please download Malwarebytes Anti-Malware from HERE.


    Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If you are prompted to restart, please allow it to restart your computer. Failure to do this, will cause the infection to still be active on the computer.
    • Please save the log to a location you will remember.
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • The log can also be found at C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
    • Copy and paste the entire report in your next reply.
  23. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    Seems like he can't detect anything. :)

    Malwarebytes log:
    -------------------------------------------------
    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Databaseversie: v2012.08.08.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Hidde :: HIDDE-PC [administrator]

    8-8-2012 13:44:45
    mbam-log-2012-08-08 (13-44-45).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 221664
    Verstreken tijd: 3 minuut/minuten, 58 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
    -----------------------------------------------
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Let's see if this is it...

    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, you may close the window
    • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
  25. ChevyVan79

    ChevyVan79 Newcomer, in training Topic Starter Posts: 20

    The scan finally completed after 6:15 hours :p

    ESET Online Scan Log
    ------------------------------------------
    ESETSmartInstaller@High as downloader log:
    all ok
    # version=7
    # OnlineScannerApp.exe=1.0.0.1
    # OnlineScanner.ocx=1.0.0.6583
    # api_version=3.0.2
    # EOSSerial=6888324da3d70144973428c3a3245f1f
    # end=finished
    # remove_checked=true
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=false
    # antistealth_checked=true
    # utc_time=2012-08-09 02:46:43
    # local_time=2012-08-09 04:46:43 (+0100, West-Europa (zomertijd))
    # country="Netherlands"
    # lang=1033
    # osver=6.1.7601 NT Service Pack 1
    # compatibility_mode=1024 16777215 100 0 29602811 29602811 0 0
    # compatibility_mode=5893 16776574 100 94 74876 96130823 0 0
    # compatibility_mode=8192 67108863 100 0 214 214 0 0
    # scanned=647747
    # found=1
    # cleaned=1
    # scan_time=22630
    C:\Users\Hidde\Documents\Vuze Downloads\Anno 1404 with Venice Expansion Pack\3.Anno 1404 Venice.iso Win32/Packed.VMProtect.D trojan (deleted - quarantined) 00000000000000000000000000000000 C
    --------------------------------------------
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.