ComboFix 12-10-18.03 - Greet 19-10-2012 14:59:01.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4008.2403 [GMT 2:00] Gestart vanuit: c:\users\Greet\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\Greet\Desktop\CFScript.txt.txt AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\SysWow64\shoA9F9.tmp" . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\programdata\hpe2319.dll c:\programdata\hpe43B5.dll c:\programdata\hpe44C3.dll c:\programdata\hpe6152.dll c:\programdata\hpeAF08.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCall.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla2.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla21.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla31.exe c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla32.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla33.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla34.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla36.dll c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseCustomCalla36.exe c:\windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP\WiseData.ini c:\windows\IsUn0413.exe c:\windows\msvcr71.dll c:\windows\SysWow64\shoA9F9.tmp . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NVSvc . . (((((((((((((((((((( Bestanden Gemaakt van 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))) . . 2012-10-19 13:11 . 2012-10-19 13:11 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-10-19 13:11 . 2012-10-19 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-17 10:15 . 2012-10-17 10:15 -------- d-----w- C:\AVGTemp 2012-10-16 21:33 . 2012-10-16 21:33 -------- d-----w- c:\users\Greet\AppData\Local\Ares 2012-10-16 05:11 . 2012-10-16 05:11 -------- d-----w- c:\program files (x86)\ASM104xUSB3 2012-10-16 05:08 . 2012-10-16 05:08 -------- d-----w- C:\Documenten 2012-10-15 19:32 . 2012-10-15 19:32 -------- d-----w- c:\program files\Enigma Software Group 2012-10-15 19:31 . 2012-10-15 19:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-10-13 08:57 . 2012-10-13 08:57 -------- d-----w- c:\programdata\UAB 2012-10-13 08:57 . 2012-10-13 08:57 -------- d-----w- c:\programdata\Driver Mender 2012-10-13 08:46 . 2012-10-13 22:28 -------- d-----w- c:\users\Greet\AppData\Roaming\driveridentifier 2012-10-13 06:41 . 2012-10-13 06:41 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software 2012-10-10 07:35 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-10-10 07:35 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-10-10 07:35 . 2012-09-14 19:19 2048 ----a-w- c:\windows\system32\tzres.dll 2012-10-10 07:35 . 2012-09-14 18:28 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-10-10 07:35 . 2012-08-11 00:56 715776 ----a-w- c:\windows\system32\kerberos.dll 2012-10-10 07:35 . 2012-08-10 23:56 542208 ----a-w- c:\windows\SysWow64\kerberos.dll 2012-10-10 07:35 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-10-10 07:30 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll 2012-10-10 07:30 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-10-10 07:30 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-10-10 07:30 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-10-10 07:30 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-10-10 07:30 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-10-09 21:53 . 2012-10-09 21:53 -------- d-----w- C:\SkyDriveTemp 2012-10-09 18:18 . 2012-10-09 18:18 -------- d-----w- C:\NVIDIA 2012-10-08 19:19 . 2012-10-08 19:19 -------- d-----w- c:\program files (x86)\Common Files\Microsoft 2012-10-08 19:17 . 2012-10-08 19:17 -------- d-----w- c:\program files (x86)\Windows Kits 2012-10-08 12:49 . 2012-10-08 12:52 -------- d-----w- c:\programdata\AVG 2012-10-07 08:39 . 2012-10-07 08:39 -------- d-----w- c:\program files (x86)\Oxford Semiconductor 2012-10-07 08:39 . 2012-10-07 08:39 -------- d-----w- c:\program files\LaCie 2012-10-05 23:11 . 2012-10-09 22:02 -------- d-----w- c:\users\Greet\AppData\Roaming\NCH Software 2012-10-05 23:07 . 2012-10-05 23:07 -------- d-----w- c:\users\Greet\AppData\Roaming\ProgSense 2012-10-05 23:06 . 2012-10-05 23:18 -------- d-----w- c:\users\Greet\AppData\Roaming\Orbit 2012-10-05 13:04 . 2012-10-05 23:11 -------- d-----w- c:\programdata\NCH Software 2012-10-05 13:04 . 2012-10-09 22:02 -------- d-----w- c:\program files (x86)\NCH Software 2012-10-05 12:11 . 2012-10-05 12:11 -------- d-----w- c:\users\Greet\AppData\Roaming\AVG2013 2012-10-05 12:08 . 2012-10-05 12:08 -------- d-----w- c:\users\Greet\AppData\Roaming\TuneUp Software 2012-10-05 12:08 . 2012-10-05 12:08 -------- d-----w- c:\users\Greet\AppData\Local\AVG Secure Search 2012-10-05 12:08 . 2012-10-05 12:17 -------- d-----w- c:\programdata\AVG Secure Search 2012-10-05 12:07 . 2012-10-05 12:07 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2012-10-05 12:07 . 2012-10-14 08:40 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-10-05 12:07 . 2012-10-09 21:24 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-10-05 11:54 . 2012-10-05 12:12 -------- d-----w- c:\users\Greet\AppData\Local\Avg2013 2012-10-05 11:54 . 2012-10-05 11:54 -------- d-----w- c:\users\Greet\AppData\Local\MFAData 2012-10-04 22:07 . 2012-05-17 15:36 2468520 ----a-w- c:\windows\SysWow64\BootMan.exe 2012-10-04 22:07 . 2012-05-15 09:13 3316736 ----a-w- c:\windows\system32\BootMan.exe 2012-10-04 22:07 . 2011-07-29 11:54 9096 ----a-w- c:\windows\system32\EuGdiDrv.sys 2012-10-04 22:07 . 2011-07-29 11:54 86408 ----a-w- c:\windows\SysWow64\setupempdrv03.exe 2012-10-04 22:07 . 2011-07-29 11:54 8456 ----a-w- c:\windows\SysWow64\EuGdiDrv.sys 2012-10-04 22:07 . 2011-07-29 11:54 16776 ----a-w- c:\windows\system32\epmntdrv.sys 2012-10-04 22:07 . 2011-07-29 11:54 100232 ----a-w- c:\windows\system32\setupempdrvx64.exe 2012-10-04 22:07 . 2011-07-29 11:54 19840 ----a-w- c:\windows\SysWow64\EuEpmGdi.dll 2012-10-04 22:07 . 2011-07-29 11:54 16256 ----a-w- c:\windows\system32\EuEpmGdi.dll 2012-10-04 22:07 . 2011-07-29 11:54 14216 ----a-w- c:\windows\SysWow64\epmntdrv.sys 2012-10-04 12:28 . 2012-08-20 12:48 2966720 ----a-w- c:\windows\system32\pwNative.exe 2012-10-04 12:28 . 2012-08-20 12:48 19032 ----a-w- c:\windows\system32\pwdrvio.sys 2012-10-04 12:28 . 2012-08-20 12:48 12384 ----a-w- c:\windows\system32\pwdspio.sys 2012-10-03 08:55 . 2012-10-03 08:55 -------- d--h--w- c:\program files\CanonBJ 2012-10-02 06:07 . 2012-10-19 06:16 -------- d-----w- c:\users\Gastaccount 2012-10-01 21:10 . 2012-09-04 18:30 38912 ----a-w- c:\windows\SysWow64\identprv.dll 2012-10-01 14:26 . 2012-10-01 14:26 -------- d-----w- c:\users\Greet\AppData\Roaming\Gmail Notifier Plus 2012-09-26 06:39 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe 2012-09-24 19:32 . 2012-10-04 11:35 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive 2012-09-24 19:32 . 2012-10-09 22:34 -------- d-----r- c:\users\Greet\SkyDrive 2012-09-24 19:31 . 2012-10-07 15:07 -------- d-----w- c:\programdata\Microsoft SkyDrive 2012-09-23 17:28 . 2012-09-23 17:28 -------- d-----w- c:\program files (x86)\SystemRequirementsLab 2012-09-23 14:05 . 2012-09-23 14:05 -------- d-----w- C:\swsetup 2012-09-21 21:16 . 2005-10-19 06:34 15872 ----a-w- c:\windows\SysWow64\drivers\LaCieUSBFilter.sys 2012-09-21 21:16 . 2005-10-18 05:28 14848 ----a-w- c:\windows\SysWow64\drivers\LaCieFWFilter.sys 2012-09-21 20:52 . 2012-09-21 20:52 7367200 ----a-w- c:\windows\SysWow64\RtsUVStoricon.dll 2012-09-21 04:45 . 2012-09-21 20:52 290920 ----a-w- c:\windows\system32\drivers\rtsuvstor.sys 2012-09-20 06:32 . 2012-09-20 06:32 -------- d-----w- c:\program files (x86)\LaCie . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-19 13:15 . 2011-03-24 11:30 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-10-19 13:15 . 2011-06-03 15:08 58288 ----a-w- c:\windows\SysWow64\rpcnet.dll 2012-10-19 13:14 . 2011-03-24 13:21 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-10-16 05:08 . 2011-03-24 12:57 53248 ----a-w- c:\windows\SysWow64\CSVer.dll 2012-10-10 07:25 . 2012-03-28 21:27 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-10-10 07:25 . 2011-06-11 04:48 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-10 07:22 . 2011-06-05 22:53 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-08 09:42 . 2011-03-24 12:59 973672 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-10-08 09:42 . 2011-03-24 12:59 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-10-08 09:42 . 2011-03-24 12:59 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-02 19:51 . 2011-01-29 00:34 3536817 ----a-w- c:\windows\system32\nvcoproc.bin 2012-10-02 19:51 . 2011-01-29 00:33 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-02 19:51 . 2011-01-29 00:34 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-02 19:50 . 2011-01-29 00:34 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-02 19:50 . 2011-01-29 00:34 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-02 19:50 . 2011-01-29 00:34 866664 ----a-w- c:\windows\system32\nv3dappshext.dll 2012-10-02 19:50 . 2011-01-29 00:34 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-02 19:50 . 2011-01-29 00:34 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll 2012-10-02 19:50 . 2011-01-29 00:34 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-09-21 20:52 . 2011-03-24 13:07 15464 ----a-w- c:\windows\system32\drivers\diskperf64.sys 2012-09-17 16:58 . 2012-09-17 16:58 56672 ----a-w- c:\windows\system32\drivers\avgidsha.sys 2012-09-14 03:34 . 2012-09-14 03:34 105312 ----a-w- c:\windows\system32\drivers\avgmfx64.sys 2012-09-13 08:23 . 2012-08-31 19:00 1259888 ----a-w- c:\windows\system32\dmwu.exe 2012-09-13 08:22 . 2012-08-31 19:00 35328 ----a-w- c:\windows\system32\ImHttpComm.dll 2012-09-12 09:47 . 2012-09-12 09:47 199520 ----a-w- c:\windows\system32\drivers\avgtdia.sys 2012-09-12 09:47 . 2012-09-12 09:47 175968 ----a-w- c:\windows\system32\drivers\avgldx64.sys 2012-09-07 15:04 . 2012-06-10 16:36 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-06 20:27 . 2012-09-06 20:27 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-06 20:27 . 2012-05-10 06:37 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-06 20:27 . 2011-08-25 18:52 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-06 20:26 . 2012-09-06 20:26 0 ----a-w- c:\windows\SysWow64\REN671C.tmp 2012-09-06 20:26 . 2012-09-06 20:26 0 ----a-w- c:\windows\SysWow64\REN671B.tmp 2012-09-05 22:12 . 2012-09-05 22:12 0 ----a-w- c:\windows\SysWow64\sho22F7.tmp 2012-08-22 18:12 . 2012-09-17 21:20 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-08-22 18:12 . 2012-09-17 21:20 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-13 12:50 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-17 21:20 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-20 17:38 . 2012-10-10 07:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-08-13 14:40 . 2012-08-13 14:40 150880 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys 2012-08-10 02:52 . 2012-08-10 02:52 40288 ----a-w- c:\windows\system32\drivers\avgrkx64.sys 2012-08-09 11:56 . 2012-08-09 11:56 230240 ----a-w- c:\windows\system32\drivers\avgloga.sys 2012-08-04 12:59 . 2011-03-28 16:36 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-08-02 17:58 . 2012-09-13 12:50 574464 ----a-w- c:\windows\system32\d3d10level9.dll 2012-08-02 16:57 . 2012-09-13 12:50 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll 2012-07-29 23:28 . 2012-07-29 23:28 0 ----a-w- c:\windows\SysWow64\sho1FB9.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-10-05 12:07 1734240 ----a-w- c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{e7b9b609-19ad-40a4-a288-b300a3087465}] 2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-09-24 19:31 220608 ----a-w- c:\users\Greet\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-09-24 19:31 220608 ----a-w- c:\users\Greet\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-09-24 19:31 220608 ----a-w- c:\users\Greet\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ares"="f:\ares\Ares.exe" [BU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "AVG_UI"="d:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-05 947808] "ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-10-05 856160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 AVGIDSAgent;AVGIDSAgent;d:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 135664] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808] R3 bsitf;bsitf;c:\program files (x86)\ASUS\WinFlash\bsitf64.sys [2010-01-05 13440] R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248] R3 cpuz135;cpuz135;c:\users\Greet\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096] R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 135664] R3 LaCieFWFilter;Silver 1394 Filter (1394 BUS Filter Driver);c:\windows\system32\DRIVERS\LaCieFWFilter.sys [x] R3 LaCieUSBFilter;Silver USB Filter (USB BUS Filter Driver);c:\windows\system32\DRIVERS\LaCieUSBFilter.sys [x] R3 OMSI download service;Sony Ericsson OMSI download service;d:\program files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2012-08-20 19032] R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2012-08-20 12384] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [2012-09-21 290920] R3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\DRIVERS\s0016bus.sys [2008-05-16 115240] R3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0016mdfl.sys [2008-05-16 19496] R3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0016mdm.sys [2008-05-16 158760] R3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0016mgmt.sys [2008-05-16 137256] R3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\DRIVERS\s0016nd5.sys [2008-05-16 34344] R3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0016obex.sys [2008-05-16 136744] R3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\DRIVERS\s0016unic.sys [2008-05-16 151592] R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832] R3 Suite Service;Suite Service;c:\program files (x86)\Fighters\FighterSuiteService.exe [2012-01-23 1324680] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-09-08 13312] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-04 1255736] R4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] R4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-17 56672] S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-08 30056] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-09-12 175968] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-09-14 105312] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-12 199520] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-10-05 31080] S1 SASDIFSV;SASDIFSV;d:\\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;d:\\SASKUTIL64.SYS [2011-07-12 12368] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416] S2 avgwd;AVG WatchDog;d:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-10-05 722528] S2 WebOptimizer;WebOptimizer;c:\windows\system32\dmwu.exe [2012-09-13 1259888] S3 !SASCORE;SAS Core Service;D:\SASCORE64.EXE [2012-09-25 140672] S3 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-12-13 138024] S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440] S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344] S3 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-03-24 2009704] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 34032] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 TomTomHOMEService;TomTomHOMEService;d:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-01-23 92592] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}] start [BU] . Inhoud van de 'Gedeelde Taken' map . 2012-10-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 07:25] . 2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 12:09] . 2012-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-24 12:09] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1] @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}] 2012-09-24 19:31 244672 ----a-w- c:\users\Greet\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2] @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}] 2012-09-24 19:31 244672 ----a-w- c:\users\Greet\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3] @="{BBACC218-34EA-4666-9D7A-C78F2274A524}" [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}] 2012-09-24 19:31 244672 ----a-w- c:\users\Greet\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-16 2226280] "CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SYSTEM32\blank.htm uInternet Settings,ProxyOverride = ;*.local uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=NL&userid=775300c1-1c9d-4557-8a54-c8e7d17ff7eb&searchtype=ds&q={searchTerms} TCP: DhcpNameServer = 192.168.1.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll . - - - - ORPHANS VERWIJDERD - - - - . BHO-{B939CF93-F2CB-443d-956C-DC523D85C9DB} - (no file) BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - (no file) Toolbar-Locked - (no file) Toolbar-10 - (no file) WebBrowser-{EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe AddRemove-{520C1D80-935C-42B9-9340-E883849D804F}_is1 - d:\drivertuner\unins000.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe c:\windows\AsScrPro.exe c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE c:\windows\SysWOW64\rpcnet.exe . ************************************************************************** . Voltooingstijd: 2012-10-19 15:36:17 - machine werd herstart ComboFix-quarantined-files.txt 2012-10-19 13:36 ComboFix2.txt 2012-10-19 05:55 . Pre-Run: 57.914.822.656 bytes beschikbaar Post-Run: 57.682.907.136 bytes beschikbaar . - - End Of File - - 3979BCF8A9B9F95C1301366A697669A3