Ben ik weer….
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:29:07, on 7-2-2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\AVG\AVG2013\avgui.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Users\Marije\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - “C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll” (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: “C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files (x86)\ASUS\APRP\APRP.EXE”
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: “C:\Program Files (x86)\AVG\AVG2013\avgui.exe” /TRAYONLY
O4 - HKLM\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: “C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
O4 - HKUS\S-1-5-21-4282477497-3648180435-3969883101-1003\..\Run: “C:\Users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe” /c (User ‘Vincent’)
O4 - HKUS\S-1-5-21-4282477497-3648180435-3969883101-1003\..\Run: C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload (User ‘Vincent’)
O4 - HKUS\S-1-5-21-4282477497-3648180435-3969883101-1003\..\Run: C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup (User ‘Vincent’)
O4 - HKUS\S-1-5-21-4282477497-3648180435-3969883101-1003\..\Run: C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (User ‘Vincent’)
O4 - HKUS\S-1-5-21-4282477497-3648180435-3969883101-1003\..\Run: “C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe” /PROMPT /CMPID=JAN2013_TB (User ‘Vincent’)
O4 - S-1-5-21-4282477497-3648180435-3969883101-1003 Startup: Dropbox.lnk = Vincent\AppData\Roaming\Dropbox\bin\Dropbox.exe (User ‘Vincent’)
O4 - S-1-5-21-4282477497-3648180435-3969883101-1003 User Startup: Dropbox.lnk = Vincent\AppData\Roaming\Dropbox\bin\Dropbox.exe (User ‘Vincent’)
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra ‘Tools’ menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: Accelerated graphics
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (file missing)
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\PROGRA~3\BROWSE~1\261123~1.78\{D1538~1\brwmngr.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vToolbarUpdater14.0.1 - Unknown owner - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
–
End of file - 10978 bytes
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
ComboFix 13-02-06.01 - Marije 06-02-2013 21:20:26.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4000.2341
Gestart vanuit: c:\users\Marije\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))
.
.
2013-02-06 20:32 . 2013-02-06 20:32 ——– d—–w- c:\users\Vincent\AppData\Local\temp
2013-02-06 20:32 . 2013-02-06 20:32 ——– d—–w- c:\users\Default\AppData\Local\temp
2013-02-06 19:30 . 2013-02-06 19:30 ——– d—–w- c:\users\Marije\AppData\Roaming\Malwarebytes
2013-02-06 19:30 . 2013-02-06 19:30 ——– d—–w- c:\users\Marije\AppData\Local\Programs
2013-02-06 06:51 . 2013-02-06 06:51 ——– d—–w- c:\users\Vincent\AppData\Roaming\Malwarebytes
2013-02-06 06:50 . 2013-02-06 06:50 ——– d—–w- c:\programdata\Malwarebytes
2013-02-06 06:49 . 2013-02-06 19:30 ——– d—–w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-06 06:49 . 2012-12-14 15:49 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
2013-02-06 06:49 . 2013-02-06 06:49 ——– d—–w- c:\users\Vincent\AppData\Local\Programs
2013-02-04 21:06 . 2013-02-06 19:26 334 —-a-w- c:\windows\DeleteOnReboot.bat
2013-02-01 17:19 . 2013-02-01 17:19 ——– d—–w- c:\users\Marije\AppData\Local\Google
2013-01-09 16:39 . 2012-11-09 05:45 750592 —-a-w- c:\windows\system32\win32spl.dll
2013-01-09 16:39 . 2012-11-09 04:43 492032 —-a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 16:38 . 2012-11-01 05:43 2002432 —-a-w- c:\windows\system32\msxml6.dll
2013-01-09 16:38 . 2012-11-01 05:43 1882624 —-a-w- c:\windows\system32\msxml3.dll
2013-01-09 16:38 . 2012-11-01 04:47 1389568 —-a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 16:38 . 2012-11-01 04:47 1236992 —-a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 16:36 . 2012-11-30 05:41 424448 —-a-w- c:\windows\system32\KernelBase.dll
2013-01-09 16:35 . 2012-11-23 03:13 68608 —-a-w- c:\windows\system32\taskhost.exe
2013-01-09 16:35 . 2012-11-23 03:26 3149824 —-a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-06 20:16 . 2012-08-16 12:04 380 —-a-w- c:\users\Marije\AppData\Roaming\sp_data.sys
2013-02-06 18:43 . 2012-08-16 13:12 380 —-a-w- c:\users\Vincent\AppData\Roaming\sp_data.sys
2013-01-24 19:27 . 2012-08-21 04:47 37720 —-a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-01-13 07:08 . 2012-08-20 18:45 67599240 —-a-w- c:\windows\system32\MRT.exe
2013-01-09 16:14 . 2012-09-18 14:39 74248 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 16:14 . 2012-09-18 14:39 697864 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-16 17:11 . 2012-12-21 21:52 46080 —-a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 21:52 367616 —-a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:52 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:52 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 16:36 44032 —-a-w- c:\windows\apppatch\acwow64.dll
2012-11-15 22:33 . 2012-11-15 22:33 111968 —-a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-11-14 07:06 . 2012-12-17 05:37 17811968 —-a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-17 05:37 10925568 —-a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-17 05:37 2312704 —-a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-17 05:37 1346048 —-a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-17 05:37 1392128 —-a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-17 05:37 1494528 —-a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-17 05:37 237056 —-a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-17 05:37 85504 —-a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-17 05:37 816640 —-a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-17 05:37 599040 —-a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-17 05:37 173056 —-a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-17 05:37 2144768 —-a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-17 05:37 729088 —-a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-17 05:37 96768 —-a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-17 05:37 2382848 —-a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-17 05:37 248320 —-a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-17 05:37 1800704 —-a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-17 05:37 1427968 —-a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-17 05:37 1129472 —-a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-17 05:37 142848 —-a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-17 05:37 420864 —-a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-17 05:37 2382848 —-a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 06:12 2048 —-a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 06:12 2048 —-a-w- c:\windows\SysWow64\tzres.dll
2012-10-14 06:42 . 2012-10-14 06:42 80078336 —-a-w- c:\program files\Samsung Kies.msi
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“KiesPreload”=“c:\program files (x86)\Samsung\Kies\Kies.exe”
“KiesAirMessage”=“c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe”
“swg”=“c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe”
.
“Adobe ARM”=“c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“ASUSPRP”=“c:\program files (x86)\ASUS\APRP\APRP.EXE”
“ASUSWebStorage”=“c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe”
“SonicMasterTray”=“c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe”
“ATKOSD2”=“c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe”
“ATKMEDIA”=“c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe”
“HControlUser”=“c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe”
“Wireless Console 3”=“c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe”
“AVG_UI”=“c:\program files (x86)\AVG\AVG2013\avgui.exe”
“KiesTrayAgent”=“c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe”
.
c:\users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marije\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
FancyStart daemon.lnk - c:\windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
.
“ConsentPromptBehaviorAdmin”= 5 (0x5)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableUIADesktopToggle”= 0 (0x0)
.
“LoadAppInit_DLLs”=1 (0x1)
“AppInit_DLLs”=c:\progra~3\BROWSE~1\261123~1.78\{D1538~1\brwmngr.dll
.
@=“”
.
R2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
S2 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
S2 vToolbarUpdater14.0.1;vToolbarUpdater14.0.1;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.0.1\ToolbarUpdater.exe
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
.
.
2013-02-02 07:27 1607120 —-a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Inhoud van de ‘Gedeelde Taken’ map
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282477497-3648180435-3969883101-1003Core.job
- c:\users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe
.
2013-02-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4282477497-3648180435-3969883101-1003UA.job
- c:\users\Vincent\AppData\Local\Google\Update\GoogleUpdate.exe
.
.
——— X64 Entries ———–
.
.
@=“{6D4133E5-0742-4ADC-8A8C-9303440F7190}”
2011-05-25 07:09 227840 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
@=“{64174815-8D98-4CE6-8646-4C039977D808}”
2011-05-25 07:09 227840 —-a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSShellExt64.dll
.
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“AmIcoSinglun64”=“c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe”
“RtHDVBg”=“c:\program files\Realtek\Audio\HDA\RAVBg64.exe”
.
——- Bijkomende Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://asus.msn.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKCU-Run-ROC_JAN2013_TB - c:\program files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe
Wow6432Node-HKLM-Run-vProt - c:\program files (x86)\AVG Secure Search\vprot.exe
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
“Flag”=dword:00000000
.
@Denied: (2) (LocalSystem)
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A 2) (Everyone)
@=“FlashBroker”
“LocalizedString”=“@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101”
.
“Enabled”=dword:00000001
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
.
@Denied: (A 2) (Everyone)
@=“Shockwave Flash Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx”
“ThreadingModel”=“Apartment”
.
@=“0”
.
@=“ShockwaveFlash.ShockwaveFlash.11”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“ShockwaveFlash.ShockwaveFlash”
.
@Denied: (A 2) (Everyone)
@=“Macromedia Flash Factory Object”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx”
“ThreadingModel”=“Apartment”
.
@=“FlashFactory.FlashFactory.1”
.
@=“c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1”
.
@=“{D27CDB6B-AE6D-11cf-96B8-444553540000}”
.
@=“1.0”
.
@=“FlashFactory.FlashFactory”
.
@Denied: (A 2) (Everyone)
@=“IFlashBroker5”
.
@=“{00020424-0000-0000-C000-000000000046}”
.
@=“{FAB3E735-69C7-453B-A446-B6823C6DF1C9}”
“Version”=“1.0”
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2013-02-06 22:19:23
ComboFix-quarantined-files.txt 2013-02-06 21:19
.
Pre-Run: 33.603.141.632 bytes beschikbaar
Post-Run: 34.598.526.976 bytes beschikbaar
.
- - End Of File - - C4ECE8AE835B93A3729EEB804423B951
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
