ComboFix 15-04-19.01 - Hilario 25/04/2015  15:45:31.2.2 - x86
Gestart vanuit: c:\users\Hilario\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Hilario\Desktop\CFScript.txt
.
FILE ::
"c:\users\Hilario\AppData\Local\Temp\cis12D7.exe"
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Avira
c:\users\Hilario\AppData\Roaming\McAfee TechCheck
c:\users\Hilario\AppData\Roaming\McAfee TechCheck\error.log
c:\users\Hilario\AppData\Roaming\McAfee TechCheck\FreeFixList.txt
c:\users\Hilario\AppData\Roaming\McAfee TechCheck\MTC1495220.xml
c:\users\Hilario\AppData\Roaming\McAfee TechCheck\TotErrList.txt
c:\users\Hilario\AppData\Roaming\McAfee TechCheck\TotNoErrList.txt
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2015-03-25 to 2015-04-25  ))))))))))))))))))))))))))))))
.
.
2015-04-25 14:00 . 2015-04-25 14:00	--------	d-----w-	c:\users\Hilario\AppData\Local\temp
2015-04-25 14:00 . 2015-04-25 14:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-04-25 08:11 . 2015-04-25 08:11	--------	d-----w-	c:\program files\Common Files\Java
2015-04-24 17:07 . 2015-04-24 17:07	--------	d-----w-	c:\program files\CCleaner
2015-04-24 16:19 . 2015-04-24 16:26	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-24 16:18 . 2015-04-24 16:24	--------	d-----w-	c:\program files\Malwarebytes Anti-Malware
2015-04-24 16:18 . 2014-11-21 04:14	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-04-24 16:18 . 2014-11-21 04:14	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-04-24 16:18 . 2014-11-21 04:14	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-04-24 15:15 . 2015-04-24 15:16	--------	d-----w-	c:\users\Hilario\AppData\Roaming\Disk Cleaner
2015-04-24 14:41 . 2015-04-24 14:41	--------	d-----w-	c:\users\Hilario\AppData\Roaming\DriverCure
2015-04-24 14:41 . 2015-04-24 14:41	--------	d-----w-	c:\users\Hilario\AppData\Roaming\ParetoLogic
2015-04-24 14:40 . 2015-04-24 15:07	--------	d-----w-	c:\programdata\ParetoLogic
2015-04-23 14:54 . 2015-04-23 14:54	--------	d-----w-	c:\program files\DIFX
2015-04-23 14:52 . 2015-04-23 14:52	--------	d-----w-	c:\windows\system32\siscardplugins
2015-04-22 16:21 . 2015-04-22 16:28	--------	d-----w-	c:\users\Hilario\AppData\Roaming\ISP Monitor
2015-04-21 13:38 . 2015-04-04 06:39	9201616	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5497AF72-A49D-4081-A4BC-2292A462785B}\mpengine.dll
2015-04-15 09:35 . 2015-03-09 01:01	1249280	----a-w-	c:\windows\system32\msxml3.dll
2015-04-15 09:29 . 2015-03-05 02:24	297984	----a-w-	c:\windows\system32\gdi32.dll
2015-04-15 09:29 . 2015-03-05 02:32	244152	----a-w-	c:\windows\system32\clfs.sys
2015-04-15 09:29 . 2015-03-05 02:23	57344	----a-w-	c:\windows\system32\clfsw32.dll
2015-04-15 09:28 . 2015-03-14 02:21	1205168	----a-w-	c:\windows\system32\ntdll.dll
2015-04-15 09:28 . 2015-03-13 01:51	3604920	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-04-15 09:28 . 2015-03-13 01:51	3552184	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-04-13 16:40 . 2015-04-13 16:42	--------	d-----w-	c:\users\Hilario\AppData\Roaming\ASCOMP Software
2015-04-13 15:13 . 2015-04-13 15:13	26096	----a-w-	c:\windows\system32\drivers\aswKbd.sys
2015-04-13 15:13 . 2015-04-13 15:13	253728	----a-w-	c:\windows\system32\drivers\aswNdis2.sys
2015-04-13 15:13 . 2015-03-27 17:17	291312	----a-w-	c:\windows\system32\aswBoot.exe
2015-04-13 15:13 . 2015-04-13 15:13	12112	----a-w-	c:\windows\system32\drivers\aswNdis.sys
2015-04-06 15:21 . 2015-04-06 15:23	--------	d-----w-	c:\users\Hilario\AppData\Roaming\WiseUpdate
2015-03-27 17:20 . 2015-03-27 17:20	--------	d-----w-	c:\users\Hilario\AppData\Roaming\AVAST Software
2015-03-27 17:20 . 2015-03-27 17:21	--------	d-----w-	c:\windows\system32\vbox
2015-03-27 17:18 . 2015-03-27 17:17	57888	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2015-03-27 17:18 . 2015-03-27 17:17	208024	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2015-03-27 17:18 . 2015-03-27 17:17	49904	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2015-03-27 17:18 . 2015-03-27 17:17	427736	----a-w-	c:\windows\system32\drivers\aswSP.sys
2015-03-27 17:18 . 2015-03-27 17:17	73440	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2015-03-27 17:18 . 2015-03-27 17:17	55200	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2015-03-27 17:18 . 2015-03-27 17:17	24144	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2015-03-27 17:18 . 2015-03-27 17:17	788272	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2015-03-27 17:17 . 2015-03-27 17:17	43112	----a-w-	c:\windows\avastSS.scr
2015-03-27 16:57 . 2015-03-27 16:57	--------	d-----w-	c:\program files\AVAST Software
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-25 08:10 . 2014-10-29 17:49	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-04-15 09:05 . 2013-06-10 16:57	778416	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-04-15 09:05 . 2013-06-10 16:57	142512	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-03-06 04:01 . 2015-03-11 10:14	279040	----a-w-	c:\windows\system32\schannel.dll
2015-02-26 00:18 . 2015-03-11 10:21	2064384	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 02:23 . 2013-06-10 17:21	246920	------w-	c:\windows\system32\MpSigStub.exe
2015-02-20 02:03 . 2015-03-11 10:16	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 00:28 . 2015-03-11 10:16	296960	----a-w-	c:\windows\system32\atmfd.dll
2015-02-04 10:23 . 2015-02-04 10:23	875688	----a-w-	c:\windows\system32\msvcr120_clr0400.dll
2015-01-29 01:35 . 2015-03-11 10:22	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2015-01-29 01:35 . 2015-03-11 10:22	975360	----a-w-	c:\windows\system32\WindowsCodecs.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-03-27 17:17	644608	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-04-23 6278424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech BT Wizard"="LBTWiz.exe -silent" [X]
"Memeo Instant Backup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]
"Logitech Hardware Abstraction Layer"="c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE" [2007-01-11 101136]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-11 101136]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-03-27 5512912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCleaner Monitoring]
2015-04-23 14:56	6278424	----a-w-	c:\program files\CCleaner\CCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-04 23:40	144608	----a-w-	c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-05-04 21:04	136416	----a-w-	c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSrv.exe [2013-12-20 87968]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2015-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-10 09:05]
.
2015-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 12:27]
.
2015-04-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-08-24 12:27]
.
.
------- Bijkomende Scan -------
.
uStart Page = https://www.ixquick.com/ned/
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{FD5D0F06-3095-4DD1-AF2C-3A9FD4CD3145}: NameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-04-25 16:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2015-04-25  16:03:31
ComboFix-quarantined-files.txt  2015-04-25 14:03
ComboFix2.txt  2015-04-25 09:56
ComboFix3.txt  2013-05-04 14:45
.
Pre-Run: 148,640,964,608 bytes beschikbaar
Post-Run: 148,626,907,136 bytes beschikbaar
.
- - End Of File - - 13BCF78113399C67C9F789596D3DE5E7
5C616939100B85E558DA92B899A0FC36