ComboFix 15-04-19.01 - Aniek 23/04/2015 14:35:47.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.4002.1180 [GMT 2:00] Gestart vanuit: c:\users\Aniek\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B} SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2015-03-23 to 2015-04-23 )))))))))))))))))))))))))))))) . . 2015-04-23 12:45 . 2015-04-23 12:45 -------- d-----w- c:\users\Public\AppData\Local\temp 2015-04-23 12:45 . 2015-04-23 12:45 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-04-22 14:13 . 2015-04-22 14:29 -------- d-----w- c:\program files (x86)\Intel Driver Update Utility 2015-04-22 13:46 . 2015-04-22 13:56 -------- d--h--w- c:\windows\system32\WLANProfiles 2015-04-22 13:10 . 2015-04-22 13:10 -------- d-----w- c:\programdata\IntelDLM 2015-04-22 13:06 . 2015-04-22 14:13 -------- d-----w- c:\programdata\Package Cache 2015-04-15 20:58 . 2015-04-15 20:50 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-04-15 20:54 . 2015-04-15 20:54 0 ----a-w- c:\windows\SysWow64\REN2967.tmp 2015-04-15 20:53 . 2015-04-15 20:53 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-04-15 15:29 . 2015-03-05 05:12 404480 ----a-w- c:\windows\system32\gdi32.dll 2015-04-15 15:28 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys 2015-04-15 15:26 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys 2015-04-15 15:26 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-15 15:26 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll 2015-04-09 23:29 . 2015-04-23 12:45 -------- d-----w- c:\users\Aniek\AppData\Local\Temp 2015-04-09 21:47 . 2015-04-09 22:29 -------- d-----w- C:\zoek_backup 2015-04-09 12:57 . 2015-04-09 12:58 -------- d-----w- C:\rsit 2015-04-05 19:41 . 2015-04-17 15:12 -------- d-----w- c:\users\Aniek\AppData\Roaming\TS3Client 2015-04-05 19:40 . 2015-04-05 19:41 -------- d-----w- c:\users\Aniek\AppData\Local\TeamSpeak 3 Client 2015-04-05 01:27 . 2015-04-05 13:22 -------- d-s---w- c:\windows\system32\GWX 2015-04-05 01:27 . 2015-04-05 01:27 -------- d-s---w- c:\windows\SysWow64\GWX 2015-03-29 15:02 . 2015-04-14 16:26 -------- d-----w- c:\users\Aniek\AppData\Local\WinZip 2015-03-29 15:01 . 2015-03-29 15:02 -------- d-----w- c:\program files\WinZip 2015-03-26 14:44 . 2015-03-26 14:44 -------- d-----w- c:\windows\SysWow64\vbox 2015-03-26 14:44 . 2015-03-26 14:44 -------- d-----w- c:\windows\system32\vbox 2015-03-26 14:31 . 2015-03-26 14:30 364472 ----a-w- c:\windows\system32\aswBoot.exe 2015-03-26 14:28 . 2015-03-26 14:28 43112 ----a-w- c:\windows\avastSS.scr . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-23 12:29 . 2014-09-02 18:40 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys 2015-04-16 17:11 . 2013-10-19 21:25 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-04-16 17:11 . 2011-08-10 19:00 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-04-15 21:05 . 2011-08-10 15:28 128913832 ----a-w- c:\windows\system32\MRT.exe 2015-04-15 20:51 . 2015-02-19 15:24 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2015-03-26 14:30 . 2013-12-28 14:57 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys 2015-03-26 14:30 . 2013-10-19 15:39 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2015-03-26 14:30 . 2014-05-01 12:24 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys 2015-03-26 14:30 . 2013-10-19 15:39 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2015-03-26 14:30 . 2013-10-19 15:39 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2015-03-26 14:30 . 2013-10-19 15:39 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys 2015-03-26 14:30 . 2013-10-19 15:39 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2015-03-26 14:27 . 2013-10-19 15:39 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2015-03-17 05:15 . 2014-09-02 18:40 63704 ----a-w- c:\windows\system32\drivers\mwac.sys 2015-03-17 05:15 . 2014-09-02 18:40 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2015-03-17 05:15 . 2014-09-02 18:40 25816 ----a-w- c:\windows\system32\drivers\mbam.sys 2015-03-17 04:56 . 2015-04-15 15:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-02-26 03:25 . 2015-03-11 14:20 3204096 ----a-w- c:\windows\system32\win32k.sys 2015-02-20 04:41 . 2015-03-11 14:23 41984 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:40 . 2015-03-11 14:23 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:40 . 2015-03-11 14:23 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:40 . 2015-03-11 14:23 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 04:13 . 2015-03-11 14:23 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-02-20 04:13 . 2015-03-11 14:23 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-02-20 04:13 . 2015-03-11 14:23 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-02-20 04:12 . 2015-03-11 14:23 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-02-20 03:29 . 2015-03-11 14:23 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-02-20 03:09 . 2015-03-11 14:23 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-02-17 15:04 . 2015-02-17 15:04 1202848 ----a-w- c:\windows\SysWow64\FM20.DLL 2015-02-13 05:22 . 2015-03-11 14:21 14177280 ----a-w- c:\windows\system32\shell32.dll 2015-02-04 10:23 . 2015-02-04 10:23 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll 2015-02-04 10:13 . 2015-02-04 10:13 869536 ----a-w- c:\windows\system32\msvcr120_clr0400.dll 2015-02-04 03:16 . 2015-03-11 14:19 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2015-02-04 02:54 . 2015-03-11 14:19 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2015-02-03 03:34 . 2015-03-11 14:22 693176 ----a-w- c:\windows\system32\winload.efi 2015-02-03 03:34 . 2015-03-11 14:22 94656 ----a-w- c:\windows\system32\drivers\mountmgr.sys 2015-02-03 03:33 . 2015-03-11 14:22 616360 ----a-w- c:\windows\system32\winresume.efi 2015-02-03 03:31 . 2015-03-11 14:22 14632960 ----a-w- c:\windows\system32\wmp.dll 2015-02-03 03:31 . 2015-03-11 14:22 782848 ----a-w- c:\windows\system32\wmdrmsdk.dll 2015-02-03 03:31 . 2015-03-11 14:22 229376 ----a-w- c:\windows\system32\wintrust.dll 2015-02-03 03:31 . 2015-03-11 14:23 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll 2015-02-03 03:31 . 2015-03-11 14:21 215552 ----a-w- c:\windows\system32\ubpm.dll 2015-02-03 03:31 . 2015-03-11 14:22 5120 ----a-w- c:\windows\system32\msdxm.ocx 2015-02-03 03:31 . 2015-03-11 14:22 5120 ----a-w- c:\windows\system32\dxmasf.dll 2015-02-03 03:31 . 2015-03-11 14:22 63488 ----a-w- c:\windows\system32\setbcdlocale.dll 2015-02-03 03:31 . 2015-03-11 14:22 1574400 ----a-w- c:\windows\system32\quartz.dll 2015-02-03 03:31 . 2015-03-11 14:22 500224 ----a-w- c:\windows\system32\AUDIOKSE.dll 2015-02-03 03:31 . 2015-03-11 14:22 371712 ----a-w- c:\windows\system32\qdvd.dll 2015-02-03 03:31 . 2015-03-11 14:22 188416 ----a-w- c:\windows\system32\pcasvc.dll 2015-02-03 03:31 . 2015-03-11 14:22 37376 ----a-w- c:\windows\system32\pcadm.dll 2015-02-03 03:31 . 2015-03-11 14:22 9728 ----a-w- c:\windows\system32\spwmp.dll 2015-02-03 03:31 . 2015-03-11 14:22 641024 ----a-w- c:\windows\system32\msscp.dll 2015-02-03 03:31 . 2015-03-11 14:22 325632 ----a-w- c:\windows\system32\msnetobj.dll 2015-02-03 03:31 . 2015-03-11 14:22 11264 ----a-w- c:\windows\system32\msmmsp.dll 2015-02-03 03:31 . 2015-03-11 14:22 432128 ----a-w- c:\windows\system32\mfplat.dll 2015-02-03 03:31 . 2015-03-11 14:22 4121600 ----a-w- c:\windows\system32\mf.dll 2015-02-03 03:31 . 2015-03-11 14:22 206848 ----a-w- c:\windows\system32\mfps.dll 2015-02-03 03:30 . 2015-03-11 14:22 631808 ----a-w- c:\windows\system32\evr.dll 2015-02-03 03:30 . 2015-03-11 14:22 284672 ----a-w- c:\windows\system32\EncDump.dll 2015-02-03 03:30 . 2015-03-11 14:23 1202176 ----a-w- c:\windows\system32\drmv2clt.dll 2015-02-03 03:30 . 2015-03-11 14:22 497664 ----a-w- c:\windows\system32\drmmgrtn.dll 2015-02-03 03:30 . 2015-03-11 14:22 1480192 ----a-w- c:\windows\system32\crypt32.dll 2015-02-03 03:30 . 2015-03-11 14:22 1069056 ----a-w- c:\windows\system32\cryptui.dll 2015-02-03 03:30 . 2015-03-11 14:22 82432 ----a-w- c:\windows\system32\cryptsp.dll 2015-02-03 03:30 . 2015-03-11 14:22 140288 ----a-w- c:\windows\system32\cryptnet.dll 2015-02-03 03:30 . 2015-03-11 14:22 187904 ----a-w- c:\windows\system32\cryptsvc.dll 2015-02-03 03:30 . 2015-03-11 14:23 842240 ----a-w- c:\windows\system32\blackbox.dll 2015-02-03 03:30 . 2015-03-11 14:22 680960 ----a-w- c:\windows\system32\audiosrv.dll 2015-02-03 03:30 . 2015-03-11 14:22 296448 ----a-w- c:\windows\system32\AudioSes.dll 2015-02-03 03:30 . 2015-03-11 14:22 440832 ----a-w- c:\windows\system32\AudioEng.dll 2015-02-03 03:30 . 2015-03-11 14:22 32256 ----a-w- c:\windows\system32\appidsvc.dll 2015-02-03 03:30 . 2015-03-11 14:22 58880 ----a-w- c:\windows\system32\appidapi.dll 2015-02-03 03:30 . 2015-03-11 14:22 55808 ----a-w- c:\windows\system32\rrinstaller.exe 2015-02-03 03:30 . 2015-03-11 14:22 11264 ----a-w- c:\windows\system32\pcawrk.exe 2015-02-03 03:30 . 2015-03-11 14:22 9728 ----a-w- c:\windows\system32\pcalua.exe 2015-02-03 03:30 . 2015-03-11 14:22 24576 ----a-w- c:\windows\system32\mfpmp.exe 2015-02-03 03:30 . 2015-03-11 14:22 126464 ----a-w- c:\windows\system32\audiodg.exe 2015-02-03 03:30 . 2015-03-11 14:22 146944 ----a-w- c:\windows\system32\appidpolicyconverter.exe 2015-02-03 03:30 . 2015-03-11 14:22 17920 ----a-w- c:\windows\system32\appidcertstorecheck.exe 2015-02-03 03:30 . 2015-03-11 14:22 12625920 ----a-w- c:\windows\system32\wmploc.DLL 2015-02-03 03:29 . 2015-03-11 14:22 8704 ----a-w- c:\windows\system32\pcaevts.dll 2015-02-03 03:28 . 2015-03-11 14:22 2048 ----a-w- c:\windows\system32\mferror.dll 2015-02-03 03:19 . 2015-03-11 14:22 663552 ----a-w- c:\windows\system32\drivers\PEAuth.sys 2015-02-03 03:12 . 2015-03-11 14:22 617984 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll 2015-02-03 03:12 . 2015-03-11 14:22 179200 ----a-w- c:\windows\SysWow64\wintrust.dll 2015-02-03 03:12 . 2015-03-11 14:23 1230848 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll 2015-02-03 03:12 . 2015-03-11 14:21 171520 ----a-w- c:\windows\SysWow64\ubpm.dll 2015-02-03 03:12 . 2015-03-11 14:22 4096 ----a-w- c:\windows\SysWow64\msdxm.ocx 2015-02-03 03:12 . 2015-03-11 14:22 4096 ----a-w- c:\windows\SysWow64\dxmasf.dll 2015-02-03 03:12 . 2015-03-11 14:22 1329664 ----a-w- c:\windows\SysWow64\quartz.dll 2015-02-03 03:12 . 2015-03-11 14:22 519680 ----a-w- c:\windows\SysWow64\qdvd.dll 2015-02-03 03:12 . 2015-03-11 14:22 442880 ----a-w- c:\windows\SysWow64\AUDIOKSE.dll 2015-02-03 03:12 . 2015-03-11 14:22 8192 ----a-w- c:\windows\SysWow64\spwmp.dll 2015-02-03 03:12 . 2015-03-11 14:22 504320 ----a-w- c:\windows\SysWow64\msscp.dll 2015-02-03 03:12 . 2015-03-11 14:22 265216 ----a-w- c:\windows\SysWow64\msnetobj.dll 2015-02-03 03:12 . 2015-03-11 14:22 3209728 ----a-w- c:\windows\SysWow64\mf.dll 2015-02-03 03:12 . 2015-03-11 14:22 354816 ----a-w- c:\windows\SysWow64\mfplat.dll 2015-02-03 03:12 . 2015-03-11 14:22 103424 ----a-w- c:\windows\SysWow64\mfps.dll 2015-02-03 03:12 . 2015-03-11 14:22 489984 ----a-w- c:\windows\SysWow64\evr.dll 2015-02-03 03:12 . 2015-03-11 14:23 988160 ----a-w- c:\windows\SysWow64\drmv2clt.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-10-21 4287536] "Akamai NetSession Interface"="c:\users\Aniek\AppData\Local\Akamai\netsession_win.exe" [2014-10-29 4673432] "f.lux"="c:\users\Aniek\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224] "uTorrent"="c:\users\Aniek\AppData\Roaming\uTorrent\uTorrent.exe" [2015-04-22 1699920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-26 5512912] "DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2014-11-17 448856] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2014-01-10 1861968] . c:\users\Aniek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "SoftwareSASGeneration"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x] R3 AMPPALP;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x] R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x] R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x] R3 hxsyol;hxsyol;c:\aeriagames\AuraKingdom\avital\hxsy64.sys;c:\aeriagames\AuraKingdom\avital\hxsy64.sys [x] R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x] R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys;c:\windows\SYSNATIVE\Drivers\IT9135BDA.sys [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x] R3 mod7764;Tv Tuner device;c:\windows\system32\DRIVERS\mod77-64.sys;c:\windows\SYSNATIVE\DRIVERS\mod77-64.sys [x] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x] R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x] R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R3 WisLMSvc;WisLMSvc;c:\program files (x86)\Launch Manager\WisLMSvc.exe;c:\program files (x86)\Launch Manager\WisLMSvc.exe [x] R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x] R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x] R4 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 aswRvrt;avast! Revert; [x] S0 aswVmm;avast! VM Monitor; [x] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x] S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x] S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x] S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x] S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x] S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x] S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x] S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x] S3 AMPPAL;Intel(R) Centrino(R) Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x] S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\drivers\iwdbus.sys;c:\windows\SYSNATIVE\drivers\iwdbus.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x] S3 tihub3;TI USB3 Hub Service;c:\windows\system32\drivers\tihub3.sys;c:\windows\SYSNATIVE\drivers\tihub3.sys [x] S3 tixhci;TI XHCI Service;c:\windows\system32\drivers\tixhci.sys;c:\windows\SYSNATIVE\drivers\tixhci.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-04-17 12:55 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.90\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2015-04-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-19 17:11] . 2015-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26 00:28] . 2015-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-07-26 00:28] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2015-03-26 14:30 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-04-09 172016] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 399856] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-01 12661352] "RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168] "Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 442352] "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760] "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-05-13 7827256] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = ;*.local Trusted Zone: aeriagames.com Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 195.130.130.131 195.130.131.131 FF - ProfilePath - c:\users\Aniek\AppData\Roaming\Mozilla\Firefox\Profiles\rym6okx5.default-1427639199444\ . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va015] "ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ChromeHTML" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip] "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2015-04-23 14:49:03 ComboFix-quarantined-files.txt 2015-04-23 12:49 ComboFix2.txt 2015-04-11 22:40 . Pre-Run: 76.188.860.416 bytes beschikbaar Post-Run: 75.690.917.888 bytes beschikbaar . - - End Of File - - 7A5B7A44463BCE61D21266E2EB46EAFE