ComboFix 14-04-12.01 - Rowen 17-04-2014 11:30:28.1.2 - x86 Microsoft Windows 7 Starter 6.1.7601.1.1252.31.1043.18.1014.223 [GMT 2:00] Gestart vanuit: c:\users\Rowen\Downloads\ComboFix.exe AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Common Files\Acer GameZone online.ico . . (((((((((((((((((((( Bestanden Gemaakt van 2014-03-17 to 2014-04-17 )))))))))))))))))))))))))))))) . . 2014-04-17 09:54 . 2014-04-17 09:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-04-16 22:35 . 2014-04-16 22:36 -------- d-----w- c:\users\R 2014-04-16 22:31 . 2014-04-16 22:31 -------- d-----w- c:\program files\Wajam 2014-04-16 22:26 . 2014-04-16 22:26 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2014-04-16 22:25 . 2014-04-16 22:25 -------- d-----w- C:\BlueStacks 2014-04-16 22:19 . 2014-04-16 22:28 -------- d-----w- c:\programdata\Oracle 2014-04-16 22:18 . 2014-04-16 22:18 -------- d-----w- c:\program files\Common Files\Java 2014-04-16 19:55 . 2014-04-16 19:56 -------- d-----w- c:\users\Jeanet 2014-04-16 17:16 . 2014-04-16 17:16 -------- d-----w- c:\program files\sweetpacks bundle uninstaller 2014-04-16 17:07 . 2014-04-16 23:55 -------- d-----w- c:\programdata\BlueStacksSetup 2014-04-16 15:35 . 2014-04-16 15:42 -------- d-----w- C:\AdwCleaner 2014-04-16 15:29 . 2014-04-16 19:55 -------- d-----w- c:\program files\CactusVPN 2014-04-16 14:16 . 2014-04-16 13:22 24064 ----a-w- c:\windows\zoek-delete.exe 2014-04-16 13:22 . 2014-04-16 14:07 -------- d-----w- C:\zoek_backup 2014-04-16 11:38 . 2014-04-16 11:39 -------- d-----w- c:\program files\trend micro 2014-04-16 11:38 . 2014-04-16 11:45 -------- d-----w- C:\rsit 2014-04-09 18:40 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys 2014-04-09 18:40 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys 2014-04-09 18:40 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys 2014-04-09 18:40 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll 2014-04-09 18:40 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-20 18:07 . 2012-09-04 08:10 42272 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2014-03-14 08:04 . 2012-07-03 09:45 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-03-14 08:04 . 2012-07-03 09:45 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-07 01:07 . 2014-03-14 08:26 2349056 ----a-w- c:\windows\system32\win32k.sys 2014-02-04 02:04 . 2014-03-14 08:26 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll 2014-02-04 02:04 . 2014-03-14 08:26 509440 ----a-w- c:\windows\system32\qedit.dll 2014-01-29 02:06 . 2014-03-14 08:22 381440 ----a-w- c:\windows\system32\wer.dll 2014-01-28 02:07 . 2014-03-14 08:26 185344 ----a-w- c:\windows\system32\wwansvc.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696] "Spotify Web Helper"="c:\users\Rowen\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-11-10 1140736] "Spotify"="c:\users\Rowen\AppData\Roaming\Spotify\Spotify.exe" [2013-11-10 4752384] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-01-14 20728480] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "LManager"="c:\program files\Launch Manager\LManager.exe" [2009-06-02 1130504] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 707104] "EgisTecLiveUpdate"="c:\program files\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "mwlDaemon"="c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-06 349480] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-09-03 1557800] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552] "AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-8-14 708608] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192] R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-11-10 167264] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-02-06 83864] R3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\DRIVERS\aabed2.sys [2008-03-20 23040] R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2010-10-21 81680] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 167424] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-02-06 181784] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [2011-02-22 22992] S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2011-03-16 32592] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-04 691696] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2012-11-12 255968] S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2011-04-04 297168] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [2014-03-20 42272] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 18992] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 16432] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60976] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2012-01-31 7391072] S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2011-02-08 269520] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 727584] S2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-06 311592] S2 ogmservice;Online Games Manager;c:\program files\Online Games Manager\ogmservice.exe [2014-03-27 581568] S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S2 Wajam Internet Enhancer Service;Wajam Internet Enhancer Service;c:\program files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [2014-04-09 208896] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [2011-05-27 134480] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [2011-02-10 24144] S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [2011-02-10 21968] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [2009-07-27 51712] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-04-10 15:14 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-03 08:04] . 2014-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308824793-3095694289-943633290-1000Core.job - c:\users\Rowen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-10 09:51] . 2014-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3308824793-3095694289-943633290-1000UA.job - c:\users\Rowen\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-10 09:51] . 2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:11] . 2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 20:11] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&m=aspire_one&r=27b501103005l03h4ww25w48m23588 uInternet Settings,ProxyOverride = <-loopback> uInternet Settings,ProxyServer = http=127.0.0.1:49788;https=127.0.0.1:49788 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.178.1 . - - - - ORPHANS VERWIJDERD - - - - . URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file) Toolbar-Locked - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1, 38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:96,d4,3c,5b,57,26,cd,01 . [HKEY_USERS\S-1-5-21-3308824793-3095694289-943633290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3308824793-3095694289-943633290-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2014-04-17 12:07:52 ComboFix-quarantined-files.txt 2014-04-17 10:07 . Pre-Run: 103.353.704.448 bytes beschikbaar Post-Run: 103.072.215.040 bytes beschikbaar . - - End Of File - - 13AD513AFCE1A0CDCF62F44EDD814374 A36C5E4F47E84449FF07ED3517B43A31