ComboFix 15-11-05.01 - aby mehdy 11/07/2015   4:24.1.2 - x86
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.31.1033.18.3005.2186 [GMT 1:00]
Gestart vanuit: c:\users\aby mehdy\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
FW: avast! Antivirus *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\aby mehdy\AppData\Roaming\03000200-1434276770-0500-0006-000700080009
c:\users\aby mehdy\AppData\Roaming\03000200-1434276770-0500-0006-000700080009\Uninstall.exe
c:\windows\msdownld.tmp
c:\windows\system32\logs
c:\windows\system32\logs\ngtool.log
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2015-10-07 to 2015-11-07  ))))))))))))))))))))))))))))))
.
.
2015-11-07 03:35 . 2015-11-07 03:36	--------	d-----w-	c:\users\aby mehdy\AppData\Local\temp
2015-11-07 03:35 . 2015-11-07 03:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-11-07 03:30 . 2015-11-07 03:30	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{96A0345F-753C-4DA1-8F43-E017116F4DB2}\offreg.2508.dll
2015-11-07 03:20 . 2015-10-13 09:30	8985080	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{96A0345F-753C-4DA1-8F43-E017116F4DB2}\mpengine.dll
2015-11-07 03:20 . 2015-11-07 03:20	--------	d-----w-	C:\b6612c7d9ebdd2e6879903518a1859
2015-11-06 13:12 . 2013-08-21 14:16	53248	----a-w-	c:\windows\system32\CSVer.dll
2015-11-06 12:36 . 2015-11-06 12:36	--------	d-----w-	c:\program files\Realtek
2015-11-06 12:36 . 2015-11-06 13:04	--------	d--h--w-	c:\program files\Temp
2015-11-06 12:36 . 2014-02-26 22:16	2080472	----a-w-	c:\windows\RtlExUpd.dll
2015-11-06 12:36 . 2015-11-06 12:36	--------	d-----w-	c:\program files\Common Files\InstallShield
2015-11-05 15:03 . 2015-11-05 15:03	--------	d-----w-	C:\$WINDOWS.~BT
2015-11-05 14:34 . 2015-11-05 14:34	--------	d-----w-	C:\$Windows.~WS
2015-11-02 15:59 . 2015-11-02 18:27	--------	d-----w-	c:\program files\BlueStacks
2015-11-02 15:59 . 2015-11-02 18:27	--------	d-----w-	c:\programdata\BlueStacks
2015-10-29 16:02 . 2015-10-29 16:02	--------	d-----w-	c:\users\aby mehdy\AppData\Roaming\Publish Providers
2015-10-28 14:48 . 2015-10-28 14:48	--------	d-----w-	C:\New_Folder(1)
2015-10-28 14:41 . 2015-10-28 14:41	--------	d-----w-	C:\render
2015-10-28 10:35 . 2015-10-28 10:35	--------	d-----w-	c:\users\aby mehdy\AppData\Roaming\Blender Foundation
2015-10-28 10:01 . 2015-10-28 10:01	--------	d-----w-	c:\users\aby mehdy\.thumbnails
2015-10-28 09:56 . 2015-10-28 09:56	--------	d-----w-	c:\program files\Blender Foundation
2015-10-23 18:09 . 2015-10-23 18:09	--------	d-----w-	c:\users\aby mehdy\AppData\Local\Gameforge4d
2015-10-23 18:08 . 2015-10-23 18:08	--------	d-----w-	c:\program files\GameforgeLive
2015-10-20 22:28 . 2015-10-20 22:28	--------	d-----w-	c:\users\aby mehdy\AppData\Local\TempTaskUpdateDetectionA70C7F15-07A0-41AF-9D83-AB700D69BBAD
2015-10-18 18:30 . 2015-10-18 18:28	632432	----a-w-	c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-10-18 18:29 . 2015-10-28 08:44	--------	d-----w-	c:\programdata\regid.1991-06.com.microsoft
2015-10-18 18:22 . 2015-10-28 08:41	--------	d-----w-	c:\program files\Microsoft Office 15
2015-10-10 19:21 . 2015-10-15 05:12	--------	d-----w-	c:\users\aby mehdy\AppData\Local\VMware
2015-10-10 19:21 . 2015-10-18 18:29	--------	d-----w-	c:\users\aby mehdy\AppData\Roaming\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-11-07 01:47 . 2015-03-26 14:54	170200	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-10-18 13:38 . 2015-10-18 13:38	64621	----a-w-	C:\CrashReport.zip
2015-10-05 07:50 . 2015-03-26 14:53	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-10-05 07:50 . 2015-03-26 14:53	94936	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-10-05 07:50 . 2015-03-26 14:53	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-09-23 08:32 . 2015-09-23 08:32	98520	----a-w-	c:\windows\system32\drivers\4A204B89.sys
2015-09-20 07:49 . 2015-09-20 07:49	98520	----a-w-	c:\windows\system32\drivers\6F413FE2.sys
2015-09-14 07:45 . 2015-09-14 07:45	98520	----a-w-	c:\windows\system32\drivers\391D688B.sys
2015-09-09 06:38 . 2015-09-09 06:38	98520	----a-w-	c:\windows\system32\drivers\45CB2E93.sys
2015-09-02 02:48 . 2015-09-09 14:07	26624	----a-w-	c:\windows\system32\lpk.dll
2015-09-02 02:48 . 2015-09-09 14:07	70656	----a-w-	c:\windows\system32\fontsub.dll
2015-09-02 02:48 . 2015-09-09 14:07	10240	----a-w-	c:\windows\system32\dciman32.dll
2015-09-02 02:48 . 2015-09-09 14:07	34304	----a-w-	c:\windows\system32\atmlib.dll
2015-09-02 01:36 . 2015-09-09 14:07	2384896	----a-w-	c:\windows\system32\win32k.sys
2015-09-02 01:33 . 2015-09-09 14:07	299520	----a-w-	c:\windows\system32\atmfd.dll
2015-08-27 17:58 . 2015-09-09 14:07	1391104	----a-w-	c:\windows\system32\msxml6.dll
2015-08-27 17:58 . 2015-09-09 14:07	1241088	----a-w-	c:\windows\system32\msxml3.dll
2015-08-27 17:51 . 2015-09-09 14:07	2048	----a-w-	c:\windows\system32\msxml6r.dll
2015-08-27 17:51 . 2015-09-09 14:07	2048	----a-w-	c:\windows\system32\msxml3r.dll
2015-08-12 13:18 . 2014-07-09 19:01	778440	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-08-12 13:18 . 2014-07-09 19:01	142536	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2015-10-18 18:34	1733240	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2015-10-18 18:34	1733240	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2015-10-18 18:34	1733240	----a-w-	c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-24 12:23	645144	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NexonPlug"="c:\nexon\NexonPlug\NexonPlug.exe" [2015-09-07 1721688]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2015-03-13 5529880]
"BingSvc"="c:\users\aby mehdy\AppData\Local\Microsoft\BingSvc\BingSvc.exe" [2015-04-07 144008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-11 5515496]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-13 138784]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-13 172064]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-13 173600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2014-07-11 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2015-04-24 106912]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes Anti-Malware\mbamservice.exe [2015-10-05 1135416]
R2 ss_conn_service;SAMSUNG Mobile Connectivity Service;c:\program files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [x]
R3 cpuz134;cpuz134;c:\users\ABYMEH~1\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2015-05-21 89984]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 DrvAgent32;DrvAgent32;c:\windows\system32\Drivers\DrvAgent32.sys [2014-07-27 23456]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-09-16 102912]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2015-10-05 51928]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2012-05-12 99400]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2015-04-01 3534784]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-06-11 15872]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2015-05-21 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub; [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2015-04-24 787760]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2015-06-26 428120]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2015-04-24 24144]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2015-04-24 74976]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [2015-10-07 1883320]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes Anti-Malware\mbamscheduler.exe [2015-10-05 1513784]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [2015-04-24 3207800]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2015-10-05 23256]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - NPPTNT2
*Deregistered* - dump_wmimmc
*Deregistered* - NPPTNT2
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
utcsvc	REG_MULTI_SZ   	DiagTrack
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-10-24 21:54	997704	----a-w-	c:\program files\Google\Chrome\Application\46.0.2490.80\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2015-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09 13:18]
.
2015-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-04 11:43]
.
2015-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e2508d5090de.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-04 11:43]
.
2015-08-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-04 11:43]
.
2015-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d0e250940cd630.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-09-04 11:43]
.
.
------- Bijkomende Scan -------
.
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58
FF - ProfilePath - c:\users\aby mehdy\AppData\Roaming\Mozilla\Firefox\Profiles\79gc7y3r.default-1432000874082\
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{056D528D-CE28-4194-9BA3-BA2E9197FF8C} - c:\users\aby mehdy\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{05B38830-F4E9-4329-978B-1DD28605D202} - c:\users\aby mehdy\AppData\Local\MEGAsync\ShellExtX32.dll
ShellIconOverlayIdentifiers-{0596C850-7BDD-4C9D-AFDF-873BE6890637} - c:\users\aby mehdy\AppData\Local\MEGAsync\ShellExtX32.dll
HKCU-Run-DriverTurbo - c:\program files\DriverTurbo\DriverTurbo.exe
HKLM-Run-BlueStacks Agent - c:\program files\BlueStacks\HD-Agent.exe
AddRemove-WinLiveSuite - c:\program files\Windows Live\Installer\wlarp.exe
AddRemove-{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} - c:\program files\Samsung\USB Drivers\Uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2015-11-07  04:39:10
ComboFix-quarantined-files.txt  2015-11-07 03:39
.
Pre-Run: 258,505,818,112 bytes free
Post-Run: 259,904,024,576 bytes free
.
- - End Of File - - 2CA2FF34BF1FF4518BD5C8C62DD88F25
A36C5E4F47E84449FF07ED3517B43A31