ComboFix 14-01-29.01 - Véronique 31/01/2014 13:04:54.1.4 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.3936.2353 [GMT 1:00] Gestart vanuit: c:\users\Dokter\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\windows\IsUn0413.exe Q:\Autorun.inf . . (((((((((((((((((((( Bestanden Gemaakt van 2013-12-28 to 2014-01-31 )))))))))))))))))))))))))))))) . . 2014-01-31 12:10 . 2014-01-31 12:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-31 08:41 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{29BE1D03-BBBE-43FB-8D88-EE66940C1E65}\mpengine.dll 2014-01-30 23:13 . 2014-01-31 12:10 -------- d-----w- c:\users\Dokter\AppData\Local\Temp 2014-01-30 23:08 . 2014-01-30 23:13 -------- d-----w- C:\zoek 2014-01-30 22:08 . 2014-01-30 22:08 -------- d-----w- C:\rsit 2014-01-30 22:08 . 2014-01-30 22:08 -------- d-----w- c:\program files\trend micro 2014-01-30 22:00 . 2014-01-30 22:00 -------- d-----w- c:\users\Dokter\AppData\Local\Macromedia 2014-01-30 21:31 . 2014-01-30 21:31 -------- d-----w- c:\users\Dokter\AppData\Roaming\SUPERAntiSpyware.com 2014-01-30 21:31 . 2014-01-30 21:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2014-01-30 21:31 . 2014-01-30 21:31 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2014-01-30 21:05 . 2014-01-30 21:05 -------- d-----w- c:\windows\Migration 2014-01-30 21:03 . 2014-01-30 21:03 -------- d-----w- c:\program files\AuthenTec 2014-01-30 21:00 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2014-01-30 21:00 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2014-01-28 15:42 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys 2014-01-28 15:42 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys 2014-01-28 15:42 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys 2014-01-28 15:42 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys 2014-01-28 15:42 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys 2014-01-28 15:42 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys 2014-01-28 15:42 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys 2014-01-28 15:42 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys 2014-01-28 15:42 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys 2014-01-09 08:05 . 2014-01-09 08:05 -------- d-----w- c:\users\Dokter\AppData\Local\2BrightSparks 2014-01-01 18:56 . 2014-01-01 18:56 79672 ----a-w- c:\windows\system32\drivers\aswstm.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-01-30 22:02 . 2012-04-13 15:53 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2014-01-30 22:02 . 2011-07-22 09:48 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2014-01-29 02:02 . 2011-07-22 12:13 86054176 ----a-w- c:\windows\system32\MRT.exe 2014-01-16 08:59 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe 2014-01-01 18:55 . 2013-04-26 08:47 422216 ----a-w- c:\windows\system32\drivers\aswsp.sys 2014-01-01 18:55 . 2013-04-26 08:47 1034464 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2014-01-01 18:55 . 2013-04-26 08:47 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2014-01-01 18:55 . 2013-04-26 08:47 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2014-01-01 18:55 . 2013-04-26 08:47 334136 ----a-w- c:\windows\system32\aswBoot.exe 2014-01-01 18:55 . 2013-04-26 08:46 43152 ----a-w- c:\windows\avastSS.scr 2013-12-10 19:33 . 2013-09-02 15:51 35640 ----a-w- c:\windows\system32\TURegOpt.exe 2013-12-10 19:33 . 2013-10-31 18:59 38200 ----a-w- c:\windows\system32\uxtuneup.dll 2013-12-10 19:33 . 2013-10-31 18:59 38200 ----a-w- c:\windows\system32\uxtuneup(2).dll 2013-12-10 19:33 . 2013-10-31 18:59 30520 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2013-12-10 19:33 . 2013-09-02 15:51 26936 ----a-w- c:\windows\system32\authuitu.dll 2013-12-10 19:33 . 2013-09-02 15:51 26936 ----a-w- c:\windows\system32\authuitu(1).dll 2013-12-10 19:33 . 2013-09-02 15:51 22328 ----a-w- c:\windows\SysWow64\authuitu.dll 2013-11-27 17:43 . 2013-11-27 17:43 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2013-11-27 17:43 . 2013-11-27 17:43 194048 ----a-w- c:\windows\SysWow64\elshyph.dll 2013-11-27 17:43 . 2013-11-27 17:43 942592 ----a-w- c:\windows\system32\jsIntl.dll 2013-11-27 17:43 . 2013-11-27 17:43 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2013-11-27 17:43 . 2013-11-27 17:43 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll 2013-11-27 17:43 . 2013-11-27 17:43 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2013-11-27 17:43 . 2013-11-27 17:43 84992 ----a-w- c:\windows\system32\mshtmled.dll 2013-11-27 17:43 . 2013-11-27 17:43 83968 ----a-w- c:\windows\system32\MshtmlDac.dll 2013-11-27 17:43 . 2013-11-27 17:43 81408 ----a-w- c:\windows\system32\icardie.dll 2013-11-27 17:43 . 2013-11-27 17:43 774144 ----a-w- c:\windows\system32\jscript.dll 2013-11-27 17:43 . 2013-11-27 17:43 77312 ----a-w- c:\windows\system32\tdc.ocx 2013-11-27 17:43 . 2013-11-27 17:43 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2013-11-27 17:43 . 2013-11-27 17:43 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2013-11-27 17:43 . 2013-11-27 17:43 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll 2013-11-27 17:43 . 2013-11-27 17:43 626176 ----a-w- c:\windows\system32\msfeeds.dll 2013-11-27 17:43 . 2013-11-27 17:43 62464 ----a-w- c:\windows\SysWow64\tdc.ocx 2013-11-27 17:43 . 2013-11-27 17:43 62464 ----a-w- c:\windows\system32\pngfilt.dll 2013-11-27 17:43 . 2013-11-27 17:43 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2013-11-27 17:43 . 2013-11-27 17:43 61952 ----a-w- c:\windows\SysWow64\iesetup.dll 2013-11-27 17:43 . 2013-11-27 17:43 616104 ----a-w- c:\windows\system32\ieapfltr.dat 2013-11-27 17:43 . 2013-11-27 17:43 548352 ----a-w- c:\windows\system32\vbscript.dll 2013-11-27 17:43 . 2013-11-27 17:43 52224 ----a-w- c:\windows\system32\msfeedsbs.dll 2013-11-27 17:43 . 2013-11-27 17:43 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2013-11-27 17:43 . 2013-11-27 17:43 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2013-11-27 17:43 . 2013-11-27 17:43 48640 ----a-w- c:\windows\system32\mshtmler.dll 2013-11-27 17:43 . 2013-11-27 17:43 48128 ----a-w- c:\windows\system32\imgutil.dll 2013-11-27 17:43 . 2013-11-27 17:43 454656 ----a-w- c:\windows\SysWow64\vbscript.dll 2013-11-27 17:43 . 2013-11-27 17:43 453120 ----a-w- c:\windows\system32\dxtmsft.dll 2013-11-27 17:43 . 2013-11-27 17:43 413696 ----a-w- c:\windows\system32\html.iec 2013-11-27 17:43 . 2013-11-27 17:43 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2013-11-27 17:43 . 2013-11-27 17:43 36352 ----a-w- c:\windows\SysWow64\imgutil.dll 2013-11-27 17:43 . 2013-11-27 17:43 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2013-11-27 17:43 . 2013-11-27 17:43 337408 ----a-w- c:\windows\SysWow64\html.iec 2013-11-27 17:43 . 2013-11-27 17:43 30208 ----a-w- c:\windows\system32\licmgr10.dll 2013-11-27 17:43 . 2013-11-27 17:43 296960 ----a-w- c:\windows\system32\dxtrans.dll 2013-11-27 17:43 . 2013-11-27 17:43 263376 ----a-w- c:\windows\system32\iedkcs32.dll 2013-11-27 17:43 . 2013-11-27 17:43 247808 ----a-w- c:\windows\system32\msls31.dll 2013-11-27 17:43 . 2013-11-27 17:43 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll 2013-11-27 17:43 . 2013-11-27 17:43 243200 ----a-w- c:\windows\system32\webcheck.dll 2013-11-27 17:43 . 2013-11-27 17:43 235520 ----a-w- c:\windows\system32\url.dll 2013-11-27 17:43 . 2013-11-27 17:43 235008 ----a-w- c:\windows\system32\elshyph.dll 2013-11-27 17:43 . 2013-11-27 17:43 195584 ----a-w- c:\windows\system32\msrating.dll 2013-11-27 17:43 . 2013-11-27 17:43 182272 ----a-w- c:\windows\SysWow64\msls31.dll 2013-11-27 17:43 . 2013-11-27 17:43 167424 ----a-w- c:\windows\system32\iexpress.exe 2013-11-27 17:43 . 2013-11-27 17:43 151552 ----a-w- c:\windows\SysWow64\iexpress.exe 2013-11-27 17:43 . 2013-11-27 17:43 147968 ----a-w- c:\windows\system32\occache.dll 2013-11-27 17:43 . 2013-11-27 17:43 143872 ----a-w- c:\windows\system32\wextract.exe 2013-11-27 17:43 . 2013-11-27 17:43 139264 ----a-w- c:\windows\SysWow64\wextract.exe 2013-11-27 17:43 . 2013-11-27 17:43 13824 ----a-w- c:\windows\system32\mshta.exe 2013-11-27 17:43 . 2013-11-27 17:43 135680 ----a-w- c:\windows\system32\iepeers.dll 2013-11-27 17:43 . 2013-11-27 17:43 13312 ----a-w- c:\windows\SysWow64\mshta.exe 2013-11-27 17:43 . 2013-11-27 17:43 13312 ----a-w- c:\windows\system32\msfeedssync.exe 2013-11-27 17:43 . 2013-11-27 17:43 131072 ----a-w- c:\windows\system32\IEAdvpack.dll 2013-11-27 17:43 . 2013-11-27 17:43 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll 2013-11-27 17:43 . 2013-11-27 17:43 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2013-11-27 17:43 . 2013-11-27 17:43 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2013-11-27 17:43 . 2013-11-27 17:43 105984 ----a-w- c:\windows\system32\iesysprep.dll 2013-11-27 17:43 . 2013-11-27 17:43 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2013-11-27 17:43 . 2013-11-27 17:43 101376 ----a-w- c:\windows\system32\inseng.dll 2013-11-26 11:54 . 2013-12-13 19:09 23183360 ----a-w- c:\windows\system32\mshtml.dll 2013-11-26 10:19 . 2013-12-13 19:09 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-26 10:18 . 2013-12-13 19:09 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2013-11-26 09:48 . 2013-12-13 19:09 66048 ----a-w- c:\windows\system32\iesetup.dll 2013-11-26 09:46 . 2013-12-13 19:09 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2013-11-26 09:41 . 2013-12-13 19:09 2764288 ----a-w- c:\windows\system32\iertutil.dll 2013-11-26 09:29 . 2013-12-13 19:09 53760 ----a-w- c:\windows\system32\jsproxy.dll 2013-11-26 09:27 . 2013-12-13 19:09 33792 ----a-w- c:\windows\system32\iernonce.dll 2013-11-26 09:23 . 2013-12-13 19:09 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2013-11-26 09:21 . 2013-12-13 19:09 574976 ----a-w- c:\windows\system32\ieui.dll 2013-11-26 09:18 . 2013-12-13 19:09 139264 ----a-w- c:\windows\system32\ieUnatt.exe 2013-11-26 09:18 . 2013-12-13 19:09 111616 ----a-w- c:\windows\system32\ieetwcollector.exe 2013-11-26 09:16 . 2013-12-13 19:09 708608 ----a-w- c:\windows\system32\jscript9diag.dll 2013-11-26 08:57 . 2013-12-13 19:09 218624 ----a-w- c:\windows\system32\ie4uinit.exe 2013-11-26 08:35 . 2013-12-13 19:08 5769216 ----a-w- c:\windows\system32\jscript9.dll 2013-11-26 08:28 . 2013-12-13 19:09 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2013-11-26 08:16 . 2013-12-13 19:09 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-11-26 08:02 . 2013-12-13 19:09 1995264 ----a-w- c:\windows\system32\inetcpl.cpl 2013-11-26 07:48 . 2013-12-13 19:09 12996608 ----a-w- c:\windows\system32\ieframe.dll 2013-11-26 07:32 . 2013-12-13 19:09 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2013-11-26 07:07 . 2013-12-13 19:09 2334208 ----a-w- c:\windows\system32\wininet.dll 2013-11-26 06:40 . 2013-12-13 19:09 1395200 ----a-w- c:\windows\system32\urlmon.dll 2013-11-26 06:34 . 2013-12-13 19:09 817664 ----a-w- c:\windows\system32\ieapfltr.dll 2013-11-26 06:33 . 2013-12-13 19:09 1820160 ----a-w- c:\windows\SysWow64\wininet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-27 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-01-25 3764024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli c:\program files\ThinkVantage Fingerprint Software\psqlpwd.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "MSU"=c:\program files\MedSecure\MSU.exe . R2 CardReaderServer;OmegaSoft Card Reader Server;c:\program files (x86)\OmegaSoft\Card Reader\OSCRDSVC.EXE;c:\program files (x86)\OmegaSoft\Card Reader\OSCRDSVC.EXE [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R2 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMEWSVC.EXE [x] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys;c:\windows\SYSNATIVE\DRIVERS\a38usb.sys [x] R3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x] R3 DozeSvc;Lenovo Doze Mode Service;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE;c:\program files (x86)\ThinkPad\Utilities\DZSVC64.EXE [x] R3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\DRIVERS\EuDisk.sys;c:\windows\SYSNATIVE\DRIVERS\EuDisk.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 Power Manager DBC Service;Power Manager DBC Service;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE;c:\program files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x] R4 EaseUS Agent;EaseUS Agent;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EaseUS\Todo Backup\bin\Agent.exe [x] R4 HyperW7Svc;HyperW7 Service;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe;c:\program files\Lenovo\RapidBoot\HyperW7Svc64.exe [x] R4 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x] R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 DzHDD64;DzHDD64;c:\windows\System32\DRIVERS\DzHDD64.sys;c:\windows\SYSNATIVE\DRIVERS\DzHDD64.sys [x] S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x] S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x] S0 TPDIGIMN;TPDIGIMN;c:\windows\System32\DRIVERS\ApsHM64.sys;c:\windows\SYSNATIVE\DRIVERS\ApsHM64.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x] S1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys;c:\windows\SYSNATIVE\drivers\EuFdDisk.sys [x] S1 PHCORE;PHCORE;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS;c:\program files\Lenovo\RapidBoot\PHCORE64.SYS [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe;c:\program files\Lenovo\Communications Utility\CAMMUTE.exe [x] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\LENOVO\HOTKEY\MICMUTE.exe;c:\program files\LENOVO\HOTKEY\MICMUTE.exe [x] S2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe;c:\program files\Lenovo\Communications Utility\TPKNRSVC.exe [x] S2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe;c:\program files\LENOVO\VIRTSCRL\lvvsst.exe [x] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x] S2 smihlp;SMI Helper Driver (smihlp);c:\program files\ThinkVantage Fingerprint Software\smihlp.sys;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [x] S2 TPHKSVC;On Screen Display;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe;c:\program files\LENOVO\HOTKEY\TPHKSVC.exe [x] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 5U877;USB Video Device;c:\windows\system32\DRIVERS\5U877.sys;c:\windows\SYSNATIVE\DRIVERS\5U877.sys [x] S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-01-30 21:01 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-01-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 22:02] . 2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 19:17] . 2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-27 19:17] . 2014-01-31 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . 2014-01-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 116113a7-dcee-479f-9532-427cbb746199.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08] . 2014-01-31 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task f1eee142-26a3-4d1f-899f-4abd7b9f7d30.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2013-11-07 20:08] . 2014-01-31 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\PC-Doctor\uaclauncher.exe [2011-06-27 15:06] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2014-01-25 14:07 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.be/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 195.130.130.130 195.130.131.130 FF - ProfilePath - c:\users\Dokter\AppData\Roaming\Mozilla\Firefox\Profiles\8tghpy5z.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-01-31 13:12:16 ComboFix-quarantined-files.txt 2014-01-31 12:12 . Pre-Run: 245.918.498.816 bytes beschikbaar Post-Run: 245.761.675.264 bytes beschikbaar . - - End Of File - - 49D27003F57C6A6E4102B815E2A3A268