ComboFix 15-05-09.01 - Gido 09-05-2015  11:22:53.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.31.1043.18.4095.1403 [GMT 2:00]
Gestart vanuit: c:\users\Gido\Downloads\ComboFix.exe
AV: Avira Antivirus *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Antivirus *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
[i] ADS - Windows: deleted 24 bytes in 1 streams. [/i]
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Gido\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B07057F5-FEE2-49B4-909F-551CFF8C23E8}.xps
c:\users\Gido\AppData\Local\Temp\_MEI30042\_ctypes.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\_elementtree.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\_hashlib.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\_multiprocessing.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\_socket.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\_ssl.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\_yappi.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\hashobjs_ext.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\pyexpat.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\pysqlite2._sqlite.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\python27.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\pythoncom27.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\PyWinTypes27.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\select.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\unicodedata.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32api.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32com.shell.shell.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32crypt.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32event.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32file.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32gui.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32inet.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32pdh.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32pipe.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32process.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32profile.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32security.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\win32ts.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\windows._lib_cacheinvalidation.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._animate.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._controls_.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._core_.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._gdi_.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._html2.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._misc_.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._windows_.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wx._wizard.pyd
c:\users\Gido\AppData\Local\Temp\_MEI30042\wxbase294u_net_vc90.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\wxbase294u_vc90.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\wxmsw294u_adv_vc90.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\wxmsw294u_core_vc90.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\wxmsw294u_html_vc90.dll
c:\users\Gido\AppData\Local\Temp\_MEI30042\wxmsw294u_webview_vc90.dll
c:\users\Gido\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\users\Gido\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Gido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk
c:\windows\msdownld.tmp
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2015-04-09 to 2015-05-09  ))))))))))))))))))))))))))))))
.
.
2015-05-09 09:40 . 2015-05-09 09:40	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-05-09 09:14 . 2015-04-19 22:58	12032440	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{8D00CA4C-FF29-4FE5-8289-632AE0070F23}\mpengine.dll
2015-05-05 08:23 . 2015-05-05 08:25	--------	d-----w-	C:\AdwCleaner
2015-05-05 08:20 . 2015-05-05 08:25	--------	d-----w-	C:\054ee6715f15e61b185b00351d9a
2015-05-04 18:03 . 2015-05-04 17:46	24064	----a-w-	c:\windows\zoek-delete.exe
2015-05-04 18:03 . 2015-05-09 09:47	--------	d-----w-	c:\users\Gido\AppData\Local\Temp
2015-05-03 11:41 . 2015-05-03 12:11	--------	d-----w-	C:\zoek_backup
2015-05-03 08:45 . 2015-03-23 03:25	726528	----a-w-	c:\windows\system32\generaltel.dll
2015-05-03 08:44 . 2015-02-25 03:18	754688	----a-w-	c:\windows\system32\drivers\http.sys
2015-05-03 08:42 . 2015-03-04 04:55	367552	----a-w-	c:\windows\system32\clfs.sys
2015-05-03 08:42 . 2015-03-04 04:41	79360	----a-w-	c:\windows\system32\clfsw32.dll
2015-05-03 08:42 . 2015-03-04 04:10	58880	----a-w-	c:\windows\SysWow64\clfsw32.dll
2015-05-02 12:21 . 2015-05-02 18:14	--------	d-----w-	c:\program files\trend micro
2015-05-02 12:21 . 2015-05-02 12:21	--------	d-----w-	C:\rsit
2015-04-18 08:41 . 2015-03-05 05:12	404480	----a-w-	c:\windows\system32\gdi32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-05 10:08 . 2014-08-22 10:20	132120	----a-w-	c:\windows\system32\drivers\avipbb.sys
2015-05-05 10:08 . 2014-08-22 10:20	152744	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2015-05-05 08:20 . 2011-02-10 20:56	128913832	----a-w-	c:\windows\system32\MRT.exe
2015-04-18 10:06 . 2012-04-06 08:51	778416	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-18 10:06 . 2011-09-07 11:21	142512	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-03-17 04:56 . 2015-05-03 08:45	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2015-03-10 17:43 . 2014-08-22 10:20	44088	----a-w-	c:\windows\system32\drivers\avnetflt.sys
2015-02-27 15:48 . 2015-02-27 15:48	42152	----a-w-	c:\windows\system32\drivers\cnnctfy3.sys
2015-02-26 03:25 . 2015-03-10 19:56	3204096	----a-w-	c:\windows\system32\win32k.sys
2015-02-24 02:17 . 2010-11-21 03:27	295552	------w-	c:\windows\system32\MpSigStub.exe
2015-02-20 04:41 . 2015-03-10 19:59	41984	----a-w-	c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-10 19:59	100864	----a-w-	c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-10 19:59	14336	----a-w-	c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-10 19:59	46080	----a-w-	c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-10 19:59	70656	----a-w-	c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-10 19:59	10240	----a-w-	c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-10 19:59	34304	----a-w-	c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-10 19:59	25600	----a-w-	c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-10 19:59	372224	----a-w-	c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-10 19:59	299008	----a-w-	c:\windows\SysWow64\atmfd.dll
2015-02-17 14:26 . 2015-02-17 14:26	1217184	----a-w-	c:\windows\SysWow64\FM20.DLL
2015-02-13 05:22 . 2015-03-10 19:57	14177280	----a-w-	c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-13 18:34	329376	----a-w-	c:\users\Gido\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-13 18:34	329376	----a-w-	c:\users\Gido\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-13 18:34	329376	----a-w-	c:\users\Gido\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Gido\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Gido\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	152544	----a-w-	c:\users\Gido\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-11-21 43816]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-11-21 43816]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2015-02-19 26232152]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2015-01-28 3619160]
"uTorrent"="c:\users\Gido\AppData\Roaming\uTorrent\uTorrent.exe" [2015-01-23 1374032]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2015-01-23 31087200]
"OneDrive"="c:\users\Gido\AppData\Local\Microsoft\OneDrive\OneDrive.exe" [2015-03-13 281248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-10-11 60712]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2011-11-15 312376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2015-05-05 728312]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2015-03-16 129272]
.
c:\users\Gido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Gido\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-5-5 43374104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 AntiVirMailService;Avira Mail Protection;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avmailc7.exe [x]
R2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Origin Client Service;Origin Client Service;c:\program files (x86)\Origin\OriginClientService.exe;c:\program files (x86)\Origin\OriginClientService.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys;c:\windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - AVNETFLT
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-03 08:46	988488	----a-w-	c:\program files (x86)\Google\Chrome\Application\42.0.2311.135\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2015-05-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:06]
.
2015-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 19:19]
.
2015-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-07-23 19:19]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-13 18:34	358056	----a-w-	c:\users\Gido\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-13 18:34	358056	----a-w-	c:\users\Gido\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-13 18:34	358056	----a-w-	c:\users\Gido\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Gido\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Gido\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Gido\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12	185824	----a-w-	c:\users\Gido\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2015-02-19 13:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2015-02-19 13:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2015-02-19 13:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2015-02-19 13:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2015-02-19 13:24	774472	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-13 11774568]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-10-01 825184]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: &Verzenden naar OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{b5675cc4-ab8b-4945-8c1d-4c5479556d6a} - c:\programdata\Package Cache\{b5675cc4-ab8b-4945-8c1d-4c5479556d6a}\Avira.OE.Setup.Bundle.exe
AddRemove-{bd538030-07d4-4999-a525-7fafa2483f56} - c:\programdata\Package Cache\{bd538030-07d4-4999-a525-7fafa2483f56}\Avira.OE.Setup.Bundle.exe
AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3902010895-3865875327-1742431247-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*@�
K]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3902010895-3865875327-1742431247-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*@�
K\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3902010895-3865875327-1742431247-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*5��h]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3902010895-3865875327-1742431247-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*5��h\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3902010895-3865875327-1742431247-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*���h]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-3902010895-3865875327-1742431247-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*���h\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Voltooingstijd: 2015-05-09  12:00:50 - machine werd herstart
ComboFix-quarantined-files.txt  2015-05-09 10:00
.
Pre-Run: 140.261.044.224 bytes beschikbaar
Post-Run: 139.602.792.448 bytes beschikbaar
.
- - End Of File - - 01624D510A8F0F04C1D30625981E27EB
C79B30CB8852157F6F908E4698CFE0D0