ComboFix 15-04-09.01 - Aniek 12/04/2015 0:26.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4002.2590 [GMT 2:00] Gestart vanuit: c:\users\Aniek\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\msdownld.tmp c:\windows\SysWow64\networkdlllsp.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2015-03-11 to 2015-04-11 )))))))))))))))))))))))))))))) . . 2015-04-09 21:47 . 2015-04-09 22:29 -------- d-----w- C:\zoek_backup 2015-04-09 12:57 . 2015-04-09 12:58 -------- d-----w- C:\rsit 2015-04-05 19:41 . 2015-04-05 20:52 -------- d-----w- c:\users\Aniek\AppData\Roaming\TS3Client 2015-04-05 19:40 . 2015-04-05 19:41 -------- d-----w- c:\users\Aniek\AppData\Local\TeamSpeak 3 Client 2015-04-05 01:27 . 2015-04-05 13:22 -------- d-s---w- c:\windows\system32\GWX 2015-04-05 01:27 . 2015-04-05 01:27 -------- d-s---w- c:\windows\SysWow64\GWX 2015-03-29 15:02 . 2015-03-30 16:16 -------- d-----w- c:\users\Aniek\AppData\Local\WinZip 2015-03-29 15:01 . 2015-03-29 15:02 -------- d-----w- c:\program files\WinZip 2015-03-29 14:42 . 2015-03-29 14:42 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-03-26 14:44 . 2015-03-26 14:44 -------- d-----w- c:\windows\SysWow64\vbox 2015-03-26 14:44 . 2015-03-26 14:44 -------- d-----w- c:\windows\system32\vbox 2015-03-26 14:31 . 2015-03-26 14:30 364472 ----a-w- c:\windows\system32\aswBoot.exe 2015-03-26 14:28 . 2015-03-26 14:28 43112 ----a-w- c:\windows\avastSS.scr 2015-03-25 14:17 . 2015-03-11 04:06 677888 ----a-w- c:\windows\system32\generaltel.dll 2015-03-25 14:17 . 2015-03-11 04:06 943616 ----a-w- c:\windows\system32\appraiser.dll 2015-03-25 14:17 . 2015-03-11 04:05 30720 ----a-w- c:\windows\system32\acmigration.dll 2015-03-25 14:17 . 2015-03-11 04:02 1107456 ----a-w- c:\windows\system32\aeinv.dll 2015-03-25 14:17 . 2015-03-11 04:06 760832 ----a-w- c:\windows\system32\invagent.dll 2015-03-25 14:17 . 2015-03-11 04:06 414720 ----a-w- c:\windows\system32\devinv.dll 2015-03-25 14:17 . 2015-03-11 04:05 227328 ----a-w- c:\windows\system32\aepdu.dll 2015-03-25 14:17 . 2015-03-11 04:05 192000 ----a-w- c:\windows\system32\aepic.dll 2015-03-19 17:21 . 2015-03-19 17:21 -------- d-----w- c:\program files (x86)\True Digital Plus . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-11 22:07 . 2014-09-02 18:40 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-03-29 14:40 . 2015-02-19 15:24 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-03-29 14:39 . 2013-10-19 21:25 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-03-29 14:39 . 2011-08-10 19:00 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-03-26 14:30 . 2013-12-28 14:57 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-03-26 14:30 . 2013-10-19 15:39 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-03-26 14:30 . 2014-05-01 12:24 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-03-26 14:30 . 2013-10-19 15:39 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-03-26 14:30 . 2013-10-19 15:39 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-03-26 14:30 . 2013-10-19 15:39 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-03-26 14:30 . 2013-10-19 15:39 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-03-26 14:27 . 2013-10-19 15:39 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-03-17 05:15 . 2014-09-02 18:40 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-03-17 05:15 . 2014-09-02 18:40 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-03-17 05:15 . 2014-09-02 18:40 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-03-12 02:07 . 2011-08-10 15:28 122905848 ----a-w- c:\windows\system32\MRT.exe 2015-03-06 05:56 . 2015-03-11 14:20 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2015-03-06 05:56 . 2015-03-11 14:20 155576 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2015-03-06 05:42 . 2015-03-11 14:20 210944 ----a-w- c:\windows\system32\wdigest.dll 2015-03-06 05:42 . 2015-03-11 14:20 86528 ----a-w- c:\windows\system32\TSpkg.dll 2015-03-06 05:42 . 2015-03-11 14:20 136192 ----a-w- c:\windows\system32\sspicli.dll 2015-03-06 05:42 . 2015-03-11 14:20 29184 ----a-w- c:\windows\system32\sspisrv.dll 2015-03-06 05:42 . 2015-03-11 14:21 341504 ----a-w- c:\windows\system32\schannel.dll 2015-03-06 05:42 . 2015-03-11 14:20 28160 ----a-w- c:\windows\system32\secur32.dll 2015-03-06 05:42 . 2015-03-11 14:20 314880 ----a-w- c:\windows\system32\msv1_0.dll 2015-03-06 05:42 . 2015-03-11 14:20 309760 ----a-w- c:\windows\system32\ncrypt.dll 2015-03-06 05:42 . 2015-03-11 14:20 1461760 ----a-w- c:\windows\system32\lsasrv.dll 2015-03-06 05:42 . 2015-03-11 14:20 728064 ----a-w- c:\windows\system32\kerberos.dll 2015-03-06 05:42 . 2015-03-11 14:20 22016 ----a-w- c:\windows\system32\credssp.dll 2015-03-06 05:41 . 2015-03-11 14:20 31232 ----a-w- c:\windows\system32\lsass.exe 2015-03-06 05:41 . 2015-03-11 14:20 64000 ----a-w- c:\windows\system32\auditpol.exe 2015-03-06 05:39 . 2015-03-11 14:20 60416 ----a-w- c:\windows\system32\msobjs.dll 2015-03-06 05:38 . 2015-03-11 14:20 146432 ----a-w- c:\windows\system32\msaudite.dll 2015-03-06 05:36 . 2015-03-11 14:20 686080 ----a-w- c:\windows\system32\adtschema.dll 2015-03-06 05:10 . 2015-03-11 14:20 172032 ----a-w- c:\windows\SysWow64\wdigest.dll 2015-03-06 05:10 . 2015-03-11 14:20 65536 ----a-w- c:\windows\SysWow64\TSpkg.dll 2015-03-06 05:10 . 2015-03-11 14:20 248832 ----a-w- c:\windows\SysWow64\schannel.dll 2015-03-06 05:10 . 2015-03-11 14:20 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2015-03-06 05:10 . 2015-03-11 14:20 259584 ----a-w- c:\windows\SysWow64\msv1_0.dll 2015-03-06 05:10 . 2015-03-11 14:20 221184 ----a-w- c:\windows\SysWow64\ncrypt.dll 2015-03-06 05:10 . 2015-03-11 14:20 550912 ----a-w- c:\windows\SysWow64\kerberos.dll 2015-03-06 05:10 . 2015-03-11 14:20 17408 ----a-w- c:\windows\SysWow64\credssp.dll 2015-03-06 05:09 . 2015-03-11 14:20 50176 ----a-w- c:\windows\SysWow64\auditpol.exe 2015-03-06 05:09 . 2015-03-11 14:20 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2015-03-06 05:07 . 2015-03-11 14:20 60416 ----a-w- c:\windows\SysWow64\msobjs.dll 2015-03-06 05:07 . 2015-03-11 14:20 146432 ----a-w- c:\windows\SysWow64\msaudite.dll 2015-03-06 05:06 . 2015-03-11 14:20 686080 ----a-w- c:\windows\SysWow64\adtschema.dll 2015-02-26 03:25 . 2015-03-11 14:20 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-24 03:15 . 2015-03-11 14:20 389800 ----a-w- c:\windows\system32\iedkcs32.dll 2015-02-21 01:16 . 2015-03-11 14:19 25021440 ----a-w- c:\windows\system32\mshtml.dll 2015-02-20 23:58 . 2015-03-11 14:19 92160 ----a-w- c:\windows\system32\mshtmled.dll 2015-02-20 04:41 . 2015-03-11 14:23 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 14:23 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 14:23 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 14:23 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 14:23 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 14:23 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 14:23 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 14:23 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 14:23 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 14:23 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-20 03:06 . 2015-03-11 14:20 2724864 ----a-w- c:\windows\system32\mshtml.tlb 2015-02-20 03:05 . 2015-03-11 14:20 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll 2015-02-20 02:50 . 2015-03-11 14:19 66560 ----a-w- c:\windows\system32\iesetup.dll 2015-02-20 02:49 . 2015-03-11 14:20 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll 2015-02-20 02:49 . 2015-03-11 14:19 584192 ----a-w- c:\windows\system32\vbscript.dll 2015-02-20 02:48 . 2015-03-11 14:19 2886144 ----a-w- c:\windows\system32\iertutil.dll 2015-02-20 02:47 . 2015-03-11 14:19 88064 ----a-w- c:\windows\system32\MshtmlDac.dll 2015-02-20 02:41 . 2015-03-11 14:19 54784 ----a-w- c:\windows\system32\jsproxy.dll 2015-02-20 02:40 . 2015-03-11 14:20 34304 ----a-w- c:\windows\system32\iernonce.dll 2015-02-20 02:36 . 2015-03-11 14:19 633856 ----a-w- c:\windows\system32\ieui.dll 2015-02-20 02:35 . 2015-03-11 14:19 144384 ----a-w- c:\windows\system32\ieUnatt.exe 2015-02-20 02:35 . 2015-03-11 14:20 114688 ----a-w- c:\windows\system32\ieetwcollector.exe 2015-02-20 02:34 . 2015-03-11 14:19 814080 ----a-w- c:\windows\system32\jscript9diag.dll 2015-02-20 02:32 . 2015-03-11 14:19 6035456 ----a-w- c:\windows\system32\jscript9.dll 2015-02-20 02:26 . 2015-03-11 14:20 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe 2015-02-20 02:22 . 2015-03-11 14:20 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb 2015-02-20 02:22 . 2015-03-11 14:19 490496 ----a-w- c:\windows\system32\dxtmsft.dll 2015-02-20 02:13 . 2015-03-11 14:20 77824 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll 2015-02-20 02:09 . 2015-03-11 14:19 503296 ----a-w- c:\windows\SysWow64\vbscript.dll 2015-02-20 02:08 . 2015-03-11 14:20 62464 ----a-w- c:\windows\SysWow64\iesetup.dll 2015-02-20 02:08 . 2015-03-11 14:19 199680 ----a-w- c:\windows\system32\msrating.dll 2015-02-20 02:08 . 2015-03-11 14:20 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll 2015-02-20 02:06 . 2015-03-11 14:20 64000 ----a-w- c:\windows\SysWow64\MshtmlDac.dll 2015-02-20 02:05 . 2015-03-11 14:20 316928 ----a-w- c:\windows\system32\dxtrans.dll 2015-02-20 01:56 . 2015-03-11 14:20 115712 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2015-02-20 01:56 . 2015-03-11 14:20 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll 2015-02-20 01:49 . 2015-03-11 14:20 718848 ----a-w- c:\windows\system32\ie4uinit.exe 2015-02-20 01:49 . 2015-03-11 14:20 801280 ----a-w- c:\windows\system32\msfeeds.dll 2015-02-20 01:47 . 2015-03-11 14:19 1359360 ----a-w- c:\windows\system32\mshtmlmedia.dll 2015-02-20 01:46 . 2015-03-11 14:19 2125824 ----a-w- c:\windows\system32\inetcpl.cpl 2015-02-20 01:43 . 2015-03-11 14:19 14398976 ----a-w- c:\windows\system32\ieframe.dll 2015-02-20 01:41 . 2015-03-11 14:20 60416 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll 2015-02-20 01:30 . 2015-03-11 14:19 4300288 ----a-w- c:\windows\SysWow64\jscript9.dll 2015-02-20 01:28 . 2015-03-11 14:19 2358784 ----a-w- c:\windows\system32\wininet.dll 2015-02-20 01:24 . 2015-03-11 14:20 2052608 ----a-w- c:\windows\SysWow64\inetcpl.cpl 2015-02-20 01:23 . 2015-03-11 14:19 1155072 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll 2015-02-20 01:16 . 2015-03-11 14:20 1548288 ----a-w- c:\windows\system32\urlmon.dll 2015-02-20 01:03 . 2015-03-11 14:19 800768 ----a-w- c:\windows\system32\ieapfltr.dll 2015-02-20 01:01 . 2015-03-11 14:19 1888256 ----a-w- c:\windows\SysWow64\wininet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-10-21 4287536] "Akamai NetSession Interface"="c:\users\Aniek\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432] "f.lux"="c:\users\Aniek\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224] "uTorrent"="c:\users\Aniek\AppData\Roaming\uTorrent\uTorrent.exe" [2015-04-08 1443920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-26 5512912] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-10 335232] . c:\users\Aniek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 hxsyol;hxsyol;c:\aeriagames\AuraKingdom\avital\hxsy64.sys;c:\aeriagames\AuraKingdom\avital\hxsy64.sys [x] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x] R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x] R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x] S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x] S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-04-03 19:57 1061704 ----a-w- c:\program files (x86)\Google\Chrome\Application\41.0.2272.118\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2015-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19 14:39] . 2015-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26 00:28] . 2015-04-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26 00:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-03-26 14:30 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-04-09 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 399856] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 442352] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-05-13 7827256] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = ;*.local Trusted Zone: aeriagames.com Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 FF - ProfilePath - c:\users\Aniek\AppData\Roaming\Mozilla\Firefox\Profiles\rym6okx5.default-1427639199444\ . - - - - ORPHANS VERWIJDERD - - - - . HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2015-04-12 00:40:46 ComboFix-quarantined-files.txt 2015-04-11 22:40 . Pre-Run: 100.824.096.768 bytes beschikbaar Post-Run: 100.752.605.184 bytes beschikbaar . - - End Of File - - A206A5C903FC74445D9222E42182E2DA