ComboFix 15-07-07.01 - RON12 07-07-2015 14:26:31.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4095.2507 [GMT 2:00] Gestart vanuit: c:\users\RON\Desktop\ComboFix.exe AV: Basis *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17} SP: Basis *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\RON12\AppData\Roaming\Common\LuaRT c:\users\RON12\AppData\Roaming\Common\LuaRT\alien.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\alien\core.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\alien\struct.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\base.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\debug_ext.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\debug_init.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\getopt.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\io_ext.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode\array.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode\calls.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode\number.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode\object.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode\others.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode\strings.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\decode\util.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\array.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\calls.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\number.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\object.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\others.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\output.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\output_utility.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\encode\strings.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\json\util.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\lfs.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\list.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\lpeg.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\ltn12.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\lua.exe c:\users\RON12\AppData\Roaming\Common\LuaRT\lua5.1.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\lua51.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\luacom.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\luasql\sqlite3.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\math_ext.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\users\RON12\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcm80.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcp80.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\Microsoft.VC80.CRT\msvcr80.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\mime.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\mime\core.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\modules.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\package_ext.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\set.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\socket.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\socket\core.dll c:\users\RON12\AppData\Roaming\Common\LuaRT\socket\http.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\socket\url.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\std.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\strbuf.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\string_ext.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\table_ext.lua c:\users\RON12\AppData\Roaming\Common\LuaRT\tree.lua c:\windows\SysWow64\Packet.dll c:\windows\SysWow64\pthreadVC.dll c:\windows\SysWow64\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_NPF -------\Service_npf . . (((((((((((((((((((( Bestanden Gemaakt van 2015-06-07 to 2015-07-07 )))))))))))))))))))))))))))))) . . 2015-07-07 12:33 . 2015-07-07 12:39 -------- d-----w- c:\users\RON12\AppData\Local\temp 2015-06-11 07:15 . 2015-06-11 07:15 -------- d-----w- c:\users\RON\AppData\Local\GWX 2015-06-10 10:00 . 2015-05-25 17:55 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2015-06-10 09:59 . 2015-04-11 03:19 69888 ----a-w- c:\windows\system32\drivers\stream.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-06-24 08:13 . 2013-02-25 22:49 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-06-24 08:13 . 2013-02-25 22:49 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-06-10 10:54 . 2009-11-08 13:22 140135120 ----a-w- c:\windows\system32\MRT.exe 2015-05-26 09:18 . 2014-05-01 08:00 55336 ----a-w- c:\windows\system32\drivers\fsbts.sys 2015-05-25 18:01 . 2015-06-10 10:01 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-01 13:17 . 2015-05-13 07:26 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll 2015-05-01 13:16 . 2015-05-13 07:26 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll 2015-04-20 03:17 . 2015-05-13 06:40 1179136 ----a-w- c:\windows\system32\FntCache.dll 2015-04-20 03:17 . 2015-05-13 06:40 1647104 ----a-w- c:\windows\system32\DWrite.dll 2015-04-20 02:56 . 2015-05-13 06:40 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll 2015-04-18 03:10 . 2015-05-13 06:46 460800 ----a-w- c:\windows\system32\certcli.dll 2015-04-18 02:56 . 2015-05-13 06:46 342016 ----a-w- c:\windows\SysWow64\certcli.dll 2015-04-13 03:28 . 2015-05-13 06:41 328704 ----a-w- c:\windows\system32\services.exe 2013-04-07 14:10 . 2013-04-07 14:10 14823424 ----a-w- c:\program files (x86)\Common Files\lpuninstall.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "uTorrent"="c:\users\RON\AppData\Roaming\uTorrent\uTorrent.exe" [2015-02-18 1742416] "SoftonicAssistant"="c:\users\RON12\AppData\Local\SoftonicAssistant\SoftonicAssistant.exe" [2014-11-11 1829832] "Obrona Block Ads"="c:\users\RON12\AppData\Local\Obrona Block Ads\ObronaBlockAds.exe" [2014-12-10 1510680] "EpicScale"="c:\programdata\EpicScale\0\EpicScale.exe" [2015-02-18 339440] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2010-02-05 128296] "F-Secure Manager"="c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSM32.EXE" [2013-08-27 310208] "F-Secure Hoster (45123)"="c:\program files (x86)\Internetbeveiliging\fshoster32.exe" [2015-02-09 187432] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableSecureUIAPath"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_Dlls"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer7"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys;c:\windows\SYSNATIVE\DRIVERS\RTL85n64.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x] R4 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe;c:\program files (x86)\Acer\Registration\GregHSRW.exe [x] R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x] R4 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x] S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x] S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x] S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2012/04/26 17:18];c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl;c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x] S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Internetbeveiliging\fshoster32.exe;c:\program files (x86)\Internetbeveiliging\fshoster32.exe [x] S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\Internetbeveiliging\apps\CCF_Reputation\fsorsp.exe [x] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [x] S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y62x64.sys [x] S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x] S3 fsni;fsni;c:\program files (x86)\Internetbeveiliging\apps\CCF_Scanning\bin\fsni64.sys;c:\program files (x86)\Internetbeveiliging\apps\CCF_Scanning\bin\fsni64.sys [x] . . Inhoud van de 'Gedeelde Taken' map . 2015-07-07 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-25 08:13] . 2015-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 08:00] . 2015-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-11 08:00] . 2015-07-07 c:\windows\Tasks\Scheduled scanning task.job - c:\progra~2\INTERN~2\apps\COMPUT~1\ANTI-V~1\fsav.exe [2014-05-01 16:19] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-06 17:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}] 2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2015-05-19 13:22 774984 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.nl/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: &Verzenden naar OneNote - c:\progra~2\MICROS~1\Office15\ONBttnIE.dll/105 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office15\EXCEL.EXE/3000 TCP: DhcpNameServer = 212.54.40.25 212.54.44.54 DPF: {D83C1BD1-DCBB-11D4-9425-0050BF33FA6E} - hxxp://www.cyclomedia.nl/download/components/CycloScopeLite.cab . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file) ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file) AddRemove-iWisoft Flash SWF to Video Converter_is1 - c:\program files (x86)\iWisoft Flash SWF to Video Converter\unins000.exe AddRemove-ObronaBlockAds - c:\users\RON12\AppData\Local\Obrona Block Ads\Uninstaller.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\fshoster] "ImagePath"="\"c:\program files (x86)\Internetbeveiliging\fshoster32.exe\" -hosterid:0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b, 27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b "{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}"=hex:51,66,7a,6c,4c,1d,38,12,e8,9b,8e, 71,5d,42,f6,01,c5,a0,09,1f,42,98,83,3b "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}"=hex:51,66,7a,6c,4c,1d,38,12,c3,d3,96, 33,cd,f1,98,02,c0,4d,e6,c7,c4,3c,ba,cd "{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,38,12,0c,7a,63, 57,46,21,3d,68,59,52,63,2d,7c,1c,0c,5b "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce, 9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b, ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3 "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a, ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49 "{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}"=hex:51,66,7a,6c,4c,1d,38,12,90,71,5e, cc,4f,af,fb,04,c4,32,35,80,2b,70,38,5a "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{21347690-EC41-4F9A-8887-1F4AEE672439}"=hex:51,66,7a,6c,4c,1d,38,12,fe,75,27, 25,73,a2,f4,0a,f7,91,5c,0a,eb,39,60,2d "{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}"=hex:51,66,7a,6c,4c,1d,38,12,35,fc,e1, 93,3e,68,a1,09,fc,5c,6e,9a,4b,77,a7,8a "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:75,75,bc,11,55,26,cd,01 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_190_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_190_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.17" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_190.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\F-Secure\My Services Agent\Protected] @Denied: ) (Everyone) "AgentIdentifier"="9f2ef64e-cad5-40f4-a0d1-941a972e47d5" "AuthorizationCode"="" "45123_AgentIdentifier"="9f2ef64e-cad5-40f4-a0d1-941a972e47d5" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Common\FSMA32.EXE c:\program files (x86)\Internetbeveiliging\apps\ComputerSecurity\Anti-Virus\fssm32.exe c:\users\RON\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe c:\program files (x86)\Google\Drive\googledrivesync.exe c:\program files (x86)\Google\Drive\googledrivesync.exe . ************************************************************************** . Voltooingstijd: 2015-07-07 14:44:22 - machine werd herstart ComboFix-quarantined-files.txt 2015-07-07 12:44 . Pre-Run: 159.964.381.184 bytes beschikbaar Post-Run: 159.628.926.976 bytes beschikbaar . - - End Of File - - 39BAEA997F07B7FEF982DF256B02BF7F A36C5E4F47E84449FF07ED3517B43A31