Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Rootkit Infection (I guess) in system32/drivers/spie.sys


  • This topic is locked This topic is locked
43 replies to this topic

#1 Bommelding

Bommelding

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 September 2013 - 04:16 AM

A few days ago, my virusscanner suddenly found over 50 infections in my system32/drivers folder. Every time i scan my computer again, the infected file has a new name. Yesterday it said system32/drivers/spsy.sys was infected and today it says that system32/drivers/spie.sys is infected. I didn't dare removing the files when my virusscanner (AVG) gave me that option, because i'm scared of ruining my system32-files. Also, i don't have any recovery/windows-disk. I do have a product

key, however. I'm using an Acer Aspire M1641 system.

 

This is the result of AVG scanning my whole computer:

 

2gvtuuc.jpg

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 8.0.6001.19458  BrowserJavaVersion: 10.7.2
Run by Ruben at 11:01:17 on 2013-09-24
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.4094.1585 [GMT 2:00]
.
AV: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2013\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2013\avgemca.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe
c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\loggingserver.exe
C:\Windows\system32\SearchIndexer.exe
C:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RAVCpl64.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Ruben\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ruben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Ruben\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Ruben\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://roosters5.gepro-osi.nl/roosters/rooster.php?leerling=127966&type=Leerlingrooster&afdeling=v5&wijzigingen=1&school=449
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
uProxyOverride = <local>
mWinlogon: Userinit = userinit.exe
BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {95B7759C-8C7F-4BF1-B163-73684A933233} - <orphaned>
BHO: Babylon IE plugin: {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - 
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\Google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: &Google: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar1.dll
TB: &Google: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\Google\googletoolbar1.dll
uRun: [ccleaner] "C:\Program Files (x86)\CCleaner\CCleaner.exe" /AUTO
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [NexonEULauncher] <no file>
mRun: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
mRun: [eRecoveryService] <no file>
StartupFolder: C:\Users\Ruben\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote-inhoudsopgave.onetoc2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - C:\Users\Ruben\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/uno1/GAME_UNO1.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.67.0.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} - hxxp://www.wonderking.co.kr/gamestart/wk_setup.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} - hxxp://www.instantaction.com/download/iaplayer.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://www.popcap.com/webgames/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.5.1.0.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: Interfaces\{009F2CD6-21C6-4706-922A-415F7EBA7DC2} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{9E8E9B4A-2DEC-45E8-871F-33FB898FD389} : NameServer = 192.168.1.254
TCP: Interfaces\{E6E84D23-F26D-478E-BBD6-56EDD9F93DF3} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - 
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-BHO: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - <orphaned>
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [RtHDVCpl] RAVCpl64.exe
x64-Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe
x64-Run: [EPSON Stylus DX3800 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_FATIACE.EXE /F "C:\Windows\TEMP\E_S2210.tmp" /EF "HKLM"
x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?cfg=2-207-0-2kuH1
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff10.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff4.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff5.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff6.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff7.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff8.dll
FF - component: C:\Program Files (x86)\AVG\AVG2012\Firefox4\components\avgssff9.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: C:\Users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\Components\aosmgr\conflict_221\npaosmgr.dll
FF - plugin: C:\Program Files (x86)\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Ruben\Program Files (x86)\DNA\plugins\npbtdna.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
.
---- FIREFOX POLICIES ----
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-7-20 71480]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-7-20 311608]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-7-1 116536]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-5 45880]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-7-20 246072]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-7-20 206648]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-3-30 45856]
R1 HWiNFO32;HWiNFO32 Kernel Driver;C:\Program Files (x86)\HWiNFO32\HWiNFO64A.SYS [2010-7-13 31616]
R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;C:\Program Files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-9-23 269448]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-13 236544]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-7-4 4939312]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-7-23 283136]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 27648]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-19 8704]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 VBoxDrv;VBox Support Driver;D:\YouWave_Android\vb\VBoxDrv.sys [2010-7-15 203864]
R2 vToolbarUpdater15.5.0;vToolbarUpdater15.5.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.5.0\ToolbarUpdater.exe [2013-8-14 1643184]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2012-8-13 92176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]
S3 gwiopm;gwiopm;C:\Program Files (x86)\My Drivers\GWIOPM.SYS [2010-7-17 3904]
S3 Mkd2Nadr;Mkd2Nadr;C:\Windows\System32\drivers\Mkd2Nadr.sys [2009-10-3 106040]
S3 Mkd3kfNt;Mkd3kfNt;C:\Windows\System32\drivers\mkd3kfnt.sys [2009-10-3 180280]
S3 netr7364;Gigabyte RT73 Wireless Driver for Vista for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-7-7 311296]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 PerfHost;Host van prestatiemeter-DLL;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 sj;sj;D:\Eden Eternal\sjcs64.sys [2011-6-5 47224]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 usj;usj;D:\Eden Eternal\avital\ussjcs64.sys [2012-7-5 89560]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-4-19 1022632]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-13 89920]
.
=============== File Associations ===============
.
FileExt: .reg: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .js: Applications\notepad.exe=C:\Windows\System32\NOTEPAD.EXE %1 [UserChoice]
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-09-04 23:43:42 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
2013-08-14 21:32:34 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2013-08-08 02:03:11 2775552 ----a-w- C:\Windows\System32\win32k.sys
2013-08-02 14:06:01 1706496 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2013-08-02 04:09:35 1548288 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2013-08-01 11:13:23 1147392 ----a-w- C:\Windows\System32\wininet.dll
2013-08-01 11:13:00 1489920 ----a-w- C:\Windows\System32\urlmon.dll
2013-08-01 11:13:00 108032 ----a-w- C:\Windows\System32\url.dll
2013-08-01 11:11:17 243712 ----a-w- C:\Windows\System32\occache.dll
2013-08-01 11:09:45 1062912 ----a-w- C:\Windows\System32\mstime.dll
2013-08-01 11:09:17 98304 ----a-w- C:\Windows\System32\mshtmled.dll
2013-08-01 11:09:17 9340928 ----a-w- C:\Windows\System32\mshtml.dll
2013-08-01 11:09:14 742912 ----a-w- C:\Windows\System32\msfeeds.dll
2013-08-01 11:09:14 71680 ----a-w- C:\Windows\System32\msfeedsbs.dll
2013-08-01 11:08:45 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2013-08-01 11:08:33 31744 ----a-w- C:\Windows\System32\jsproxy.dll
2013-08-01 11:08:26 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-08-01 11:08:13 219136 ----a-w- C:\Windows\System32\ieui.dll
2013-08-01 11:08:12 77312 ----a-w- C:\Windows\System32\iesetup.dll
2013-08-01 11:08:12 2357760 ----a-w- C:\Windows\System32\iertutil.dll
2013-08-01 11:08:12 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2013-08-01 11:08:11 72192 ----a-w- C:\Windows\System32\iernonce.dll
2013-08-01 11:08:11 252416 ----a-w- C:\Windows\System32\iepeers.dll
2013-08-01 11:08:11 12510208 ----a-w- C:\Windows\System32\ieframe.dll
2013-08-01 11:08:05 459776 ----a-w- C:\Windows\System32\iedkcs32.dll
2013-08-01 11:06:06 23040 ----a-w- C:\Windows\System32\corpol.dll
2013-08-01 10:21:05 916992 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-08-01 10:20:49 1212928 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-08-01 10:20:48 105984 ----a-w- C:\Windows\SysWow64\url.dll
2013-08-01 10:18:59 206848 ----a-w- C:\Windows\SysWow64\occache.dll
2013-08-01 10:16:56 611840 ----a-w- C:\Windows\SysWow64\mstime.dll
2013-08-01 10:16:28 67072 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-08-01 10:16:28 6016512 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-08-01 10:16:26 55296 ----a-w- C:\Windows\SysWow64\msfeedsbs.dll
2013-08-01 10:16:25 630272 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-08-01 10:15:46 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2013-08-01 10:15:29 25600 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-08-01 10:15:21 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-08-01 10:15:09 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-08-01 10:15:09 2005504 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-08-01 10:15:09 164352 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-08-01 10:15:09 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-08-01 10:15:08 55808 ----a-w- C:\Windows\SysWow64\iernonce.dll
2013-08-01 10:15:08 184320 ----a-w- C:\Windows\SysWow64\iepeers.dll
2013-08-01 10:15:08 11111936 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-08-01 10:15:04 387584 ----a-w- C:\Windows\SysWow64\iedkcs32.dll
2013-08-01 10:13:35 18944 ----a-w- C:\Windows\SysWow64\corpol.dll
2013-08-01 09:50:42 479232 ----a-w- C:\Windows\System32\html.iec
2013-08-01 08:37:30 385024 ----a-w- C:\Windows\SysWow64\html.iec
2013-08-01 08:00:39 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-08-01 08:00:16 70656 ----a-w- C:\Windows\System32\ie4uinit.exe
2013-08-01 07:59:00 12288 ----a-w- C:\Windows\System32\msfeedssync.exe
2013-08-01 07:58:02 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2013-08-01 06:56:39 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-08-01 06:56:36 174080 ----a-w- C:\Windows\SysWow64\ie4uinit.exe
2013-08-01 06:55:16 13312 ----a-w- C:\Windows\SysWow64\msfeedssync.exe
2013-08-01 06:54:34 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-07-19 23:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys
2013-07-19 23:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
2013-07-19 23:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2013-07-19 23:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2013-07-17 20:01:51 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-07-17 19:41:34 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-07-16 09:25:53 689152 ----a-w- C:\Windows\System32\themeui.dll
2013-07-16 04:35:16 615936 ----a-w- C:\Windows\SysWow64\themeui.dll
2013-07-10 09:47:49 677888 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2013-07-10 09:42:55 1303552 ----a-w- C:\Windows\System32\rpcrt4.dll
2013-07-09 12:04:30 1585256 ----a-w- C:\Windows\System32\ntdll.dll
2013-07-09 12:04:30 1168088 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-07-08 04:51:57 4691904 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-07-08 04:20:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-07-08 04:20:04 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2013-07-08 04:18:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-07-08 04:16:55 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2013-07-08 04:16:55 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2013-07-08 04:16:54 992768 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-07-08 04:16:33 43008 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-07-08 04:15:39 234496 ----a-w- C:\Windows\System32\wow64.dll
2013-07-08 04:15:25 218624 ----a-w- C:\Windows\System32\wintrust.dll
2013-07-08 04:14:21 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2013-07-08 04:12:34 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2013-07-08 04:12:34 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2013-07-08 04:12:34 1276416 ----a-w- C:\Windows\System32\crypt32.dll
2013-07-08 01:39:04 26112 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-07-08 01:39:03 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-07-08 01:39:02 2560 ----a-w- C:\Windows\SysWow64\user.exe
2013-07-05 04:45:27 1423808 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-06-30 23:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
.
============= FINISH: 11:01:43,11 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 24 September 2013 - 04:56 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with Malwarebytes Anti-Rootkit

Please download Malwarebytes Anti-Rootkit from here Malwarebytes : Malwarebytes Anti-Rootkit and save it to your desktop.

Be sure to print out and follow the instructions provided on that same page.

Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

  • Double click the mbar.zip file to open it, then 'Extract all files'.
  • Double click the mbar folder to open it, then double click mbar.exe to start the tool.

Check for Updates, then Scan your system for malware

If malware is found, do NOT press the Cleanup button yet. Click EXIT.

I'd like to see the log first so I can see what it sees. You'll find the log in that mbar folder as MBAR-log-[date and time]***.txt . Please attach that to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 Bommelding

Bommelding
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 September 2013 - 05:39 AM

Hello Marius,

 

First, thank you for the quick and very clear reply!

My first language isn't english either, so i guess that won't be a problem.

The log-file is attached to this reply.

 

 

Attached Files



#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 24 September 2013 - 07:30 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 Bommelding

Bommelding
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 September 2013 - 09:48 AM

If you need any dutch text to be translated to english, please tell me :)
 
 
 
 
ComboFix 13-09-24.02 - Ruben 24-09-2013  16:31:55.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.4094.2518 [GMT 2:00]
Gestart vanuit: c:\users\Ruben\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\windows
c:\programdata\windows\ccdxmmde.dat
c:\programdata\windows\du44.dat
c:\programdata\windows\xessmsxe.dat
c:\users\Ruben\AppData\Local\assembly\tmp
c:\users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Ruben\AppData\Roaming\.#
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\IsUn0413.exe
c:\windows\SysWow64\frapsvid.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-08-24 to 2013-09-24  ))))))))))))))))))))))))))))))
.
.
2013-09-24 14:39 . 2013-09-24 14:39 -------- d-----w- c:\users\Ruben\AppData\Local\temp
2013-09-24 14:39 . 2013-09-24 14:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-24 10:10 . 2013-09-24 10:10 -------- d-----w- c:\programdata\Malwarebytes
2013-09-24 10:10 . 2013-09-24 10:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-23 20:59 . 2013-09-23 20:59 -------- d-----w- c:\windows\system32\RT 7 Lite
2013-09-23 20:59 . 2013-09-23 20:59 -------- d-----w- c:\program files\Rockers Team
2013-09-11 11:11 . 2013-07-16 09:25 689152 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 11:11 . 2013-07-16 04:35 615936 ----a-w- c:\windows\SysWow64\themeui.dll
2013-09-04 23:43 . 2013-09-04 23:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-04 20:05 . 2013-09-04 20:05 -------- d-----w- c:\users\Ruben\AppData\Roaming\TERA
2013-09-04 20:03 . 2013-09-04 20:03 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-09-03 20:54 . 2013-09-03 21:05 -------- d-----w- c:\programdata\Solid State Networks
2013-09-03 17:12 . 2013-09-03 17:12 -------- d-----w- c:\users\Ruben\AppData\Roaming\DragonicaECB
2013-09-02 21:14 . 2013-09-02 21:14 -------- d-----w- C:\gPotato.eu
2013-09-02 19:55 . 2013-09-02 21:14 -------- d-----w- C:\Dragonica Europe
2013-09-01 20:43 . 2013-09-01 20:43 -------- d-----w- c:\windows\SysWow64\xlive
2013-09-01 20:43 . 2013-09-01 20:43 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-08-31 13:20 . 2013-08-31 13:20 -------- d-----w- C:\GamesCampus
2013-08-28 13:19 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-28 13:19 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 21:32 . 2013-03-30 14:06 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-19 23:51 . 2013-07-19 23:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-17 20:01 . 2013-08-15 16:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-15 16:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-10 09:47 . 2013-08-15 16:39 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-10 09:42 . 2013-08-15 16:39 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:04 . 2013-08-15 16:39 1585256 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 12:04 . 2013-08-15 16:39 1168088 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-07-08 04:51 . 2013-08-15 16:39 4691904 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-15 16:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-07-08 04:20 . 2013-08-15 16:39 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-08 04:18 . 2013-08-15 16:39 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-07-08 04:16 . 2013-08-15 16:39 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-08 04:16 . 2013-08-15 16:39 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-08 04:16 . 2013-08-15 16:39 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-08 04:16 . 2013-08-15 16:39 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 04:15 . 2013-08-15 16:39 234496 ----a-w- c:\windows\system32\wow64.dll
2013-07-08 04:15 . 2013-08-15 16:39 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:14 . 2013-08-15 16:39 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-07-08 04:12 . 2013-08-15 16:39 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:12 . 2013-08-15 16:39 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:12 . 2013-08-15 16:39 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-07-08 01:39 . 2013-08-15 16:39 26112 ----a-w- c:\windows\SysWow64\setup16.exe
2013-07-08 01:39 . 2013-08-15 16:39 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-07-08 01:39 . 2013-08-15 16:39 2560 ----a-w- c:\windows\SysWow64\user.exe
2013-07-05 04:45 . 2013-08-15 16:39 1423808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-30 23:45 . 2013-06-30 23:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner.exe" [2012-03-27 2773824]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Ruben\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Spotify Web Helper"="c:\users\Ruben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-09-11 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-14 2314416]
.
c:\users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
OneNote-inhoudsopgave.onetoc2 [2009-9-6 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:36]
.
2010-09-10 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2010-07-30 19:18]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146384247-908000070-1081564149-1000Core1ce8bb74591c460.job
- c:\users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14 09:25]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-25 6150656]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 315936]
"EPSON Stylus DX3800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://roosters5.gepro-osi.nl/roosters/rooster.php?leerling=xxxxxx&type=Leerlingrooster&afdeling=xx&wijzigingen=1&school=xxx
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Ruben\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: instantaction.com\login
Trusted Zone: kuaiche.com\software
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{9E8E9B4A-2DEC-45E8-871F-33FB898FD389}: NameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} - hxxp://www.wonderking.co.kr/gamestart/wk_setup.cab
FF - ProfilePath - c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://gb.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?cfg=2-207-0-2kuH1
FF - prefs.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: SweetIM Toolbar for Firefox: {EEE6C361-6118-11DC-9C72-001320C79847} - %profile%\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
FF - user.js: keyword.URL - hxxp://mp3tubetoolbarsearch.com/?prt=pinballtb02ff&Keywords=
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Wow6432Node-HKCU-Run-NexonEULauncher - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-PlayNC Launcher - (no file)
Wow6432Node-HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
AddRemove-12bbe590-c890-11d9-9669-0800200c9a66_is1 - d:\lotro\unins000.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Alliance of Valiant Arms - c:\aeriagames\AVA\Uninst.exe
AddRemove-Atlantica - d:\atlantica\uninst.exe
AddRemove-Catan - c:\windows\IsUn0413.exe
AddRemove-Fiesta Online(EU_English) - l:\ruben\Spellen\Fiesta\Fiesta Online(EU_English)\uninst.exe
AddRemove-FLV to AVI Video Converter_is1 - c:\program files (x86)\FLV to AVI Video Converter\unins000.exe
AddRemove-GhostMouse_is1 - c:\program files (x86)\GhostMouse Free\unins000.exe
AddRemove-Grand Fantasia - c:\aeriagames\GrandFantasia\Uninst.exe
AddRemove-GunZ - c:\aeriagames\GunZ\Uninst.exe
AddRemove-Harry Potter - Quidditch World Cup_is1 - c:\program files (x86)\Harry Potter - Quidditch World Cup\unins000.exe
AddRemove-MabinogiEU - c:\nexon\MabinogiEU\Mabinogi.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-Supaplex Editor_is1 - l:\supaplex editor\unins000.exe
AddRemove-YouTube FLV to AVI converter Pro_is1 - c:\program files (x86)\Easiestutils\YouTube FLV to AVI converter Pro\unins000.exe
AddRemove-{08C5815C-2C6E-44f8-8748-0E61BC9AFB03} - c:\games\OGP\La Tale\Uninstall.exe
AddRemove-{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1 - c:\program files (x86)\War Inc Battlezone\unins000.exe
AddRemove-{A2F166A0-F031-4E27-A057-C69733219434}_is1 - c:\program files (x86)\TERA Online\unins000.exe
AddRemove-{B69F28DF-CBB1-41B7-008A-210E4D0518FC} - c:\program files (x86)\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
AddRemove-{E5348080-5B89-40BE-908B-41A4784E0EDE}_is1 - d:\gpotato.eu\Dragonica\unins000.exe
AddRemove-INK-RO - c:\program files\Gravity\RagnarokOnline\Uninstal.exe
AddRemove-SOE-DC Universe Online Live - d:\sony online entertainment\Installed Games\DC Universe Online Live\Uninstaller.exe
AddRemove-Wurm Online 2.7.4-2655 - c:\windows\system32\javaws.exe
AddRemove-{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4} - c:\program files (x86)\EA Games\Battlefield Heroes\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va001]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\0011C6D.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va002]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\00245C8.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va003]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\003AAC.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va005]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\005299F.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3146384247-908000070-1081564149-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,a3,19,5f,93,58,77,ef,74,48,73,66,13,58,81,8c,2c,73,46,c3,3c,d6,3c,
   20,7d,e8,ef,5d,54,d1,c0,1d,38,5b,fb,6a,cd,51,fd,4d,eb,18,39,8a,c8,94,6d,ff,\
"??"=hex:c1,f8,c4,fe,a4,25,f8,6a,83,56,38,74,49,9e,d7,72
.
[HKEY_USERS\S-1-5-21-3146384247-908000070-1081564149-1000\Software\SecuROM\License information*]
"datasecu"=hex:92,b4,33,56,88,86,b6,c6,f1,52,9d,bc,45,42,06,b3,ba,f0,dd,0d,2e,
   9a,8f,f1,c5,e1,00,b9,f5,93,a7,b6,b9,68,72,16,3f,ac,c3,62,4a,b4,60,31,10,89,\
"rkeysecu"=hex:46,65,3a,50,b8,36,8f,3c,7b,9a,9a,ae,a3,e2,bc,9c
.
[HKEY_USERS\S-1-5-21-3146384247-908000070-1081564149-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):17,2f,04,bc,94,b6,fa,82,0b,78,b9,ff,30,35,2a,6c,07,bd,32,69,16,
   57,a8,01,97,5a,5b,76,77,b0,8f,5e,8d,21,45,f8,c6,fe,32,89,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3146384247-908000070-1081564149-1000_Classes\Wow6432Node\CLSID\{b1b709d2-72b0-46a3-885e-fb5d750d1ce2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000047
"Therad"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Voltooingstijd: 2013-09-24  16:42:46
ComboFix-quarantined-files.txt  2013-09-24 14:42
.
Pre-Run: 5.851.648.000 bytes beschikbaar
Post-Run: 5.428.060.160 bytes beschikbaar
.
- - End Of File - - A1921109480D2832C2916D72C195696F
A863475757CC50891AA8458C415E4B25


#6 Bommelding

Bommelding
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 24 September 2013 - 04:17 PM

After running combofix, everything still worked fine.
However, i switched off my pc for dinner and when i returned and switched it on again, my internet connection was gone!
When i mouse over the 2 pc's-symbol in the lower right corner of my screen, it says: Connected to: unknown network. Access: only local.

#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 25 September 2013 - 03:51 AM

Combofix scripting

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Download the attached CFScript.txt and save it to the location where Combofix is.


CFScriptB-4.gif


Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

 

 

 

 

Full System Scan with Malwarebytes Antimalware
 

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

Attached Files


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 Bommelding

Bommelding
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 25 September 2013 - 06:50 AM

I'm unable to download and update malwarebytes anti-malware because my internet connection isn't working.
However, i can download and update the program on an other computer and transfer it to my pc through a USB-stick. Is it safe to do that?
 
Edit: now my pc isn't saying "connected to unknown network" anymore. It now says: "not connected to any network"

The combofix script was just 1 file so i guessed that nothing would go wrong if i transferred that through USB, so i got the combofix-log here:
 
 
 
ComboFix 13-09-24.02 - Ruben 25-09-2013  13:18:09.2.2 - x64
Microsoft® Windows Vista Home Premium   6.0.6002.2.1252.31.1043.18.4094.2682 [GMT 2:00]
Gestart vanuit: c:\users\Ruben\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Ruben\Desktop\CFScript.txt
AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ruben\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome.manifest
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome\sweetim-toolbar.jar
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components\SIMAutoCompleteSearch.js
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\install.rdf
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\manifest.mf
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.rsa
c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF\zigbert.sf
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-08-25 to 2013-09-25  ))))))))))))))))))))))))))))))
.
.
2013-09-25 11:26 . 2013-09-25 11:26 -------- d-----w- c:\users\Ruben\AppData\Local\temp
2013-09-25 11:26 . 2013-09-25 11:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-09-24 10:10 . 2013-09-24 10:10 -------- d-----w- c:\programdata\Malwarebytes
2013-09-24 10:10 . 2013-09-24 10:35 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-09-23 20:59 . 2013-09-23 20:59 -------- d-----w- c:\windows\system32\RT 7 Lite
2013-09-23 20:59 . 2013-09-23 20:59 -------- d-----w- c:\program files\Rockers Team
2013-09-11 11:11 . 2013-07-16 09:25 689152 ----a-w- c:\windows\system32\themeui.dll
2013-09-11 11:11 . 2013-07-16 04:35 615936 ----a-w- c:\windows\SysWow64\themeui.dll
2013-09-04 23:43 . 2013-09-04 23:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
2013-09-04 20:05 . 2013-09-04 20:05 -------- d-----w- c:\users\Ruben\AppData\Roaming\TERA
2013-09-04 20:03 . 2013-09-04 20:03 -------- d-----w- c:\programdata\SystemRequirementsLab
2013-09-03 20:54 . 2013-09-03 21:05 -------- d-----w- c:\programdata\Solid State Networks
2013-09-03 17:12 . 2013-09-03 17:12 -------- d-----w- c:\users\Ruben\AppData\Roaming\DragonicaECB
2013-09-02 21:14 . 2013-09-02 21:14 -------- d-----w- C:\gPotato.eu
2013-09-02 19:55 . 2013-09-02 21:14 -------- d-----w- C:\Dragonica Europe
2013-09-01 20:43 . 2013-09-01 20:43 -------- d-----w- c:\windows\SysWow64\xlive
2013-09-01 20:43 . 2013-09-01 20:43 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-08-31 13:20 . 2013-08-31 13:20 -------- d-----w- C:\GamesCampus
2013-08-28 13:19 . 2013-08-02 14:06 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-28 13:19 . 2013-08-02 04:09 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-14 21:32 . 2013-03-30 14:06 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-07-19 23:51 . 2013-07-19 23:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys
2013-07-19 23:50 . 2013-07-19 23:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys
2013-07-19 23:50 . 2013-07-19 23:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2013-07-19 23:50 . 2013-07-19 23:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys
2013-07-17 20:01 . 2013-08-15 16:34 2048 ----a-w- c:\windows\system32\tzres.dll
2013-07-17 19:41 . 2013-08-15 16:34 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-07-10 09:47 . 2013-08-15 16:39 677888 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-07-10 09:42 . 2013-08-15 16:39 1303552 ----a-w- c:\windows\system32\rpcrt4.dll
2013-07-09 12:04 . 2013-08-15 16:39 1585256 ----a-w- c:\windows\system32\ntdll.dll
2013-07-09 12:04 . 2013-08-15 16:39 1168088 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-07-08 04:51 . 2013-08-15 16:39 4691904 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-07-08 04:20 . 2013-08-15 16:39 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-07-08 04:20 . 2013-08-15 16:39 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-07-08 04:18 . 2013-08-15 16:39 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-07-08 04:16 . 2013-08-15 16:39 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-07-08 04:16 . 2013-08-15 16:39 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-07-08 04:16 . 2013-08-15 16:39 992768 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-07-08 04:16 . 2013-08-15 16:39 43008 ----a-w- c:\windows\apppatch\acwow64.dll
2013-07-08 04:15 . 2013-08-15 16:39 234496 ----a-w- c:\windows\system32\wow64.dll
2013-07-08 04:15 . 2013-08-15 16:39 218624 ----a-w- c:\windows\system32\wintrust.dll
2013-07-08 04:14 . 2013-08-15 16:39 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2013-07-08 04:12 . 2013-08-15 16:39 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2013-07-08 04:12 . 2013-08-15 16:39 132096 ----a-w- c:\windows\system32\cryptnet.dll
2013-07-08 04:12 . 2013-08-15 16:39 1276416 ----a-w- c:\windows\system32\crypt32.dll
2013-07-08 01:39 . 2013-08-15 16:39 26112 ----a-w- c:\windows\SysWow64\setup16.exe
2013-07-08 01:39 . 2013-08-15 16:39 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-07-08 01:39 . 2013-08-15 16:39 2560 ----a-w- c:\windows\SysWow64\user.exe
2013-07-05 04:45 . 2013-08-15 16:39 1423808 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-30 23:45 . 2013-06-30 23:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files (x86)\CCleaner\CCleaner.exe" [2012-03-27 2773824]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Akamai NetSession Interface"="c:\users\Ruben\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472]
"Spotify Web Helper"="c:\users\Ruben\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-09-11 1104384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-08-14 2314416]
.
c:\users\Ruben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
OneNote-inhoudsopgave.onetoc2 [2009-9-6 3656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 1394hub;1394 Enabled Hub;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe;c:\program files (x86)\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 12:36]
.
2010-09-10 c:\windows\Tasks\Defraggler Volume C Task.job
- c:\program files\Defraggler\df64.exe [2010-07-30 19:18]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3146384247-908000070-1081564149-1000Core1ce8bb74591c460.job
- c:\users\Ruben\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-14 09:25]
.
2013-01-23 c:\windows\Tasks\ROC_REG_JAN_DELETE.job
- c:\programdata\AVG January 2013 Campaign\ROC.exe [2013-01-22 21:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 97792 ----a-w- c:\users\Ruben\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-03-25 6150656]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-05-06 315936]
"EPSON Stylus DX3800 Series"="c:\windows\system32\spool\DRIVERS\x64\3\E_FATIACE.EXE" [2005-02-08 98304]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 660360]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://roosters5.gepro-osi.nl/roosters/rooster.php?leerling=127966&type=Leerlingrooster&afdeling=v5&wijzigingen=1&school=449
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp64&d=0709&m=aspire_m1641
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\Ruben\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Translate this web page with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
IE: Translate with Babylon - c:\program files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: instantaction.com\login
Trusted Zone: kuaiche.com\software
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: Interfaces\{9E8E9B4A-2DEC-45E8-871F-33FB898FD389}: NameServer = 192.168.1.254
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.5.0\ViProtocol.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} - hxxp://www.netmarble.jp/_common/cab/NMJTransX.cab
DPF: {7A0D1738-10EA-47FF-92BE-4E137B5BE1A4} - hxxps://mpsnare.iesnare.com/StmOCX.cab
DPF: {8B92E3B3-6D67-48A3-9B7D-5983396A2D48} - hxxp://www.wonderking.co.kr/gamestart/wk_setup.cab
FF - ProfilePath - c:\users\Ruben\AppData\Roaming\Mozilla\Firefox\Profiles\ksui4gpm.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?cfg=2-207-0-2kuH1
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: PC Sync 2 Synchronisation Extension: bkmrksync@nokia.com - c:\program files (x86)\Nokia\Nokia PC Suite 7\bkmrksync
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: iMacros for Firefox: {81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} - %profile%\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - user.js: keyword.enabled - 1
.
- - - - ORPHANS VERWIJDERD - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
AddRemove-12bbe590-c890-11d9-9669-0800200c9a66_is1 - d:\lotro\unins000.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Alliance of Valiant Arms - c:\aeriagames\AVA\Uninst.exe
AddRemove-Atlantica - d:\atlantica\uninst.exe
AddRemove-Catan - c:\windows\IsUn0413.exe
AddRemove-Fiesta Online(EU_English) - l:\ruben\Spellen\Fiesta\Fiesta Online(EU_English)\uninst.exe
AddRemove-FLV to AVI Video Converter_is1 - c:\program files (x86)\FLV to AVI Video Converter\unins000.exe
AddRemove-GhostMouse_is1 - c:\program files (x86)\GhostMouse Free\unins000.exe
AddRemove-Grand Fantasia - c:\aeriagames\GrandFantasia\Uninst.exe
AddRemove-GunZ - c:\aeriagames\GunZ\Uninst.exe
AddRemove-Harry Potter - Quidditch World Cup_is1 - c:\program files (x86)\Harry Potter - Quidditch World Cup\unins000.exe
AddRemove-MabinogiEU - c:\nexon\MabinogiEU\Mabinogi.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
AddRemove-Supaplex Editor_is1 - l:\supaplex editor\unins000.exe
AddRemove-YouTube FLV to AVI converter Pro_is1 - c:\program files (x86)\Easiestutils\YouTube FLV to AVI converter Pro\unins000.exe
AddRemove-{08C5815C-2C6E-44f8-8748-0E61BC9AFB03} - c:\games\OGP\La Tale\Uninstall.exe
AddRemove-{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1 - c:\program files (x86)\War Inc Battlezone\unins000.exe
AddRemove-{A2F166A0-F031-4E27-A057-C69733219434}_is1 - c:\program files (x86)\TERA Online\unins000.exe
AddRemove-{B69F28DF-CBB1-41B7-008A-210E4D0518FC} - c:\program files (x86)\Electronic Arts\Harry Potter and the Order of the Phoenix\EAUninstall.exe
AddRemove-{E5348080-5B89-40BE-908B-41A4784E0EDE}_is1 - d:\gpotato.eu\Dragonica\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va001]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\0011C6D.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va002]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\00245C8.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va003]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\003AAC.tmp"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\X6va005]
"ImagePath"="\??\c:\users\Ruben\AppData\Local\Temp\005299F.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3146384247-908000070-1081564149-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:15,a3,19,5f,93,58,77,ef,74,48,73,66,13,58,81,8c,2c,73,46,c3,3c,d6,3c,
   20,7d,e8,ef,5d,54,d1,c0,1d,38,5b,fb,6a,cd,51,fd,4d,eb,18,39,8a,c8,94,6d,ff,\
"??"=hex:c1,f8,c4,fe,a4,25,f8,6a,83,56,38,74,49,9e,d7,72
.
[HKEY_USERS\S-1-5-21-3146384247-908000070-1081564149-1000\Software\SecuROM\License information*]
"datasecu"=hex:92,b4,33,56,88,86,b6,c6,f1,52,9d,bc,45,42,06,b3,ba,f0,dd,0d,2e,
   9a,8f,f1,c5,e1,00,b9,f5,93,a7,b6,b9,68,72,16,3f,ac,c3,62,4a,b4,60,31,10,89,\
"rkeysecu"=hex:46,65,3a,50,b8,36,8f,3c,7b,9a,9a,ae,a3,e2,bc,9c
.
[HKEY_USERS\S-1-5-21-3146384247-908000070-1081564149-1000_Classes\Wow6432Node\CLSID\{b1b709d2-72b0-46a3-885e-fb5d750d1ce2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000047
"Therad"=dword:00000009
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
Voltooingstijd: 2013-09-25  13:29:18
ComboFix-quarantined-files.txt  2013-09-25 11:29
ComboFix2.txt  2013-09-24 14:42
.
Pre-Run: 9.404.928.000 bytes beschikbaar
Post-Run: 9.076.330.496 bytes beschikbaar
.
- - End Of File - - F5E71C764E017042797C893FC210ED59
A863475757CC50891AA8458C415E4B25

Edited by Bommelding, 25 September 2013 - 07:33 AM.


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 25 September 2013 - 09:45 AM

Restart your computer and try again to connect to a network


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 Bommelding

Bommelding
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 25 September 2013 - 09:59 AM

I've tried restarting a few times already, doesn't work :s

Neither does restarting in safe mode (with networking capabilities)..



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 25 September 2013 - 10:32 AM

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 Bommelding

Bommelding
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 25 September 2013 - 10:40 AM

Farbar Service Scanner Version: 13-09-2013
Ran by Ruben (administrator) on 25-09-2013 at 17:37:38
Running from "C:\Users\Ruben\Desktop"
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. 
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-08-15 18:39] - [2013-07-05 06:45] - 1423808 ____A (Microsoft Corporation) C2CB949645C299E23FBFD26CAD3FC96E
 
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
 
 
**** End of log ****


#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 26 September 2013 - 05:41 AM

Try to repair your internet connection - right click the icon in the task bar and select repair.

If that won´t work, disconnect completely from the network and then establish a new connection.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 Bommelding

Bommelding
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:12 AM

Posted 26 September 2013 - 05:52 AM

Already did both of those, neither of them worked :(
Manually setting up a new connection isn't working either...

#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:12 AM

Posted 26 September 2013 - 06:37 AM

Scan with Farbar´s Service Scanner

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender

  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users