ComboFix 15-07-20.01 - Alain 21/07/2015 14:00:20.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.32.1043.18.8182.5550 [GMT 2:00] Gestart vanuit: c:\users\Alain\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDO9US11\ComboFix.exe AV: Norton Security *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB} FW: Norton Security *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0} SP: Norton Security *Enabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Alain\AppData\Local\assembly\tmp c:\users\Alain\AppData\Roaming\inst.exe c:\windows\EarthView.scr c:\windows\SysWow64\cseDVH.dll D:\install.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2015-06-21 to 2015-07-21 )))))))))))))))))))))))))))))) . . 2015-07-21 12:03 . 2015-07-21 12:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-07-21 04:18 . 2015-07-15 03:19 41984 ----a-w- c:\windows\system32\lpk.dll 2015-07-21 04:18 . 2015-07-15 03:19 100864 ----a-w- c:\windows\system32\fontsub.dll 2015-07-21 04:18 . 2015-07-15 03:19 14336 ----a-w- c:\windows\system32\dciman32.dll 2015-07-21 04:18 . 2015-07-15 03:19 46080 ----a-w- c:\windows\system32\atmlib.dll 2015-07-21 04:18 . 2015-07-15 02:55 70656 ----a-w- c:\windows\SysWow64\fontsub.dll 2015-07-21 04:18 . 2015-07-15 02:55 10240 ----a-w- c:\windows\SysWow64\dciman32.dll 2015-07-21 04:18 . 2015-07-15 02:55 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2015-07-21 04:18 . 2015-07-15 02:54 25600 ----a-w- c:\windows\SysWow64\lpk.dll 2015-07-21 04:18 . 2015-07-15 01:59 372224 ----a-w- c:\windows\system32\atmfd.dll 2015-07-21 04:18 . 2015-07-15 01:52 299008 ----a-w- c:\windows\SysWow64\atmfd.dll 2015-07-17 19:36 . 2015-07-17 19:36 -------- d-----w- c:\program files (x86)\Common Files\Java 2015-07-17 10:41 . 2015-07-17 10:41 -------- d-----w- c:\users\Alain\AppData\Local\PopcornTimeDesktop 2015-07-17 10:41 . 2015-07-17 10:41 -------- d-----w- c:\program files (x86)\Popcorn Time 2015-07-17 05:12 . 2015-07-17 05:22 -------- d-----w- C:\AdwCleaner 2015-07-17 04:10 . 2015-07-17 10:36 -------- d-----w- c:\users\Alain\.openvpn 2015-07-16 20:51 . 2015-07-17 10:37 -------- d-----w- c:\users\Alain\AppData\Local\Popcorn-Time 2015-07-16 20:51 . 2015-07-17 10:33 -------- d-----w- c:\users\Alain\AppData\Local\Popcorn Time 2015-07-16 08:22 . 2015-07-21 12:03 -------- d-----w- c:\users\Alain\AppData\Local\Temp 2015-07-16 07:40 . 2015-07-16 20:03 -------- d-----w- C:\zoek_backup 2015-07-15 12:23 . 2015-06-11 17:57 53248 ----a-w- c:\windows\SysWow64\tsgqec.dll 2015-07-14 20:37 . 2015-07-14 20:37 -------- d-----w- C:\rsit 2015-07-14 20:37 . 2015-07-14 20:37 -------- d-----w- c:\program files\trend micro 2015-07-12 13:11 . 2015-06-29 08:23 44856 ----a-w- c:\windows\system32\uxtuneup.dll 2015-07-12 13:11 . 2015-06-29 08:23 36664 ----a-w- c:\windows\SysWow64\uxtuneup.dll 2015-07-12 13:11 . 2015-06-29 08:23 30520 ----a-w- c:\windows\system32\authuitu.dll 2015-07-12 13:11 . 2015-06-29 08:23 25912 ----a-w- c:\windows\SysWow64\authuitu.dll 2015-07-12 13:04 . 2015-06-29 08:24 41784 ----a-w- c:\windows\system32\TURegOpt.exe 2015-07-12 13:03 . 2015-07-12 13:03 -------- d-----w- c:\users\Alain\AppData\Roaming\AVG 2015-07-12 13:03 . 2015-07-12 13:03 -------- d-----w- c:\users\Alain\AppData\Local\Avg 2015-07-12 13:02 . 2015-07-12 13:02 -------- d--h--w- c:\programdata\Common Files 2015-07-12 13:02 . 2015-07-12 13:11 -------- d-----w- c:\programdata\AVG 2015-07-12 03:39 . 2015-07-12 03:39 -------- d-----w- c:\users\Alain\AppData\Roaming\BANDISOFT 2015-07-08 09:45 . 2015-07-08 12:02 -------- d-----w- c:\windows\system32\drivers\NSx64\1605000.07C 2015-07-04 13:53 . 2015-07-04 13:53 82816 ----a-w- c:\users\Alain\AppData\Roaming\pcouffin.sys 2015-07-04 03:24 . 2015-07-04 03:24 -------- d-----w- c:\users\Alain\AppData\Roaming\SolidDocuments 2015-06-27 07:08 . 2015-06-27 07:08 -------- d-----w- c:\program files (x86)\MarkAny 2015-06-22 04:05 . 2015-06-22 04:14 -------- d-----w- c:\programdata\Malwarebytes . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-07-17 19:36 . 2015-05-06 07:34 97888 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2015-07-14 06:02 . 2015-02-22 21:15 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2015-07-14 06:02 . 2015-02-22 21:15 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2015-07-03 06:43 . 2015-02-22 09:43 130333168 ----a-w- c:\windows\system32\MRT.exe 2015-06-16 23:01 . 2015-06-16 23:01 1202856 ----a-w- c:\windows\SysWow64\FM20.DLL 2015-05-25 18:24 . 2015-06-10 07:36 5569984 ----a-w- c:\windows\system32\ntoskrnl.exe 2015-05-25 18:21 . 2015-06-10 07:36 1728960 ----a-w- c:\windows\system32\ntdll.dll 2015-05-25 18:19 . 2015-06-10 07:36 362496 ----a-w- c:\windows\system32\wow64win.dll 2015-05-25 18:19 . 2015-06-10 07:36 243712 ----a-w- c:\windows\system32\wow64.dll 2015-05-25 18:19 . 2015-06-10 07:36 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2015-05-25 18:19 . 2015-06-10 07:36 215040 ----a-w- c:\windows\system32\winsrv.dll 2015-05-25 18:19 . 2015-06-10 07:36 1255424 ----a-w- c:\windows\system32\diagtrack.dll 2015-05-25 18:19 . 2015-06-10 07:36 879104 ----a-w- c:\windows\system32\tdh.dll 2015-05-25 18:19 . 2015-06-10 07:36 503808 ----a-w- c:\windows\system32\srcore.dll 2015-05-25 18:19 . 2015-06-10 07:36 50176 ----a-w- c:\windows\system32\srclient.dll 2015-05-25 18:19 . 2015-06-10 07:36 113664 ----a-w- c:\windows\system32\sechost.dll 2015-05-25 18:19 . 2015-06-10 07:36 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2015-05-25 18:19 . 2015-06-10 07:36 424960 ----a-w- c:\windows\system32\KernelBase.dll 2015-05-25 18:19 . 2015-06-10 07:36 1162752 ----a-w- c:\windows\system32\kernel32.dll 2015-05-25 18:18 . 2015-06-10 07:36 43520 ----a-w- c:\windows\system32\csrsrv.dll 2015-05-25 18:18 . 2015-06-10 07:36 879104 ----a-w- c:\windows\system32\advapi32.dll 2015-05-25 18:18 . 2015-06-10 07:36 47104 ----a-w- c:\windows\system32\typeperf.exe 2015-05-25 18:18 . 2015-06-10 07:36 404992 ----a-w- c:\windows\system32\tracerpt.exe 2015-05-25 18:18 . 2015-06-10 07:36 112640 ----a-w- c:\windows\system32\smss.exe 2015-05-25 18:18 . 2015-06-10 07:36 296960 ----a-w- c:\windows\system32\rstrui.exe 2015-05-25 18:18 . 2015-06-10 07:36 43008 ----a-w- c:\windows\system32\relog.exe 2015-05-25 18:18 . 2015-06-10 07:36 104448 ----a-w- c:\windows\system32\logman.exe 2015-05-25 18:18 . 2015-06-10 07:36 19456 ----a-w- c:\windows\system32\diskperf.exe 2015-05-25 18:18 . 2015-06-10 07:36 338432 ----a-w- c:\windows\system32\conhost.exe 2015-05-25 18:11 . 2015-06-10 07:36 6656 ----a-w- c:\windows\system32\apisetschema.dll 2015-05-25 18:11 . 2015-06-10 07:36 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-05-25 18:11 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-05-25 18:07 . 2015-06-10 07:36 3989440 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2015-05-25 18:07 . 2015-06-10 07:36 3934144 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2015-05-25 18:04 . 2015-06-10 07:36 1310744 ----a-w- c:\windows\SysWow64\ntdll.dll 2015-05-25 18:01 . 2015-06-10 07:36 635392 ----a-w- c:\windows\SysWow64\tdh.dll 2015-05-25 18:01 . 2015-06-10 07:36 43008 ----a-w- c:\windows\SysWow64\srclient.dll 2015-05-25 18:01 . 2015-06-10 07:36 92160 ----a-w- c:\windows\SysWow64\sechost.dll 2015-05-25 18:01 . 2015-06-10 07:36 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2015-05-25 18:01 . 2015-06-10 07:36 641536 ----a-w- c:\windows\SysWow64\advapi32.dll 2015-05-25 18:01 . 2015-06-10 07:36 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2015-05-25 18:00 . 2015-06-10 07:36 40448 ----a-w- c:\windows\SysWow64\typeperf.exe 2015-05-25 18:00 . 2015-06-10 07:36 364544 ----a-w- c:\windows\SysWow64\tracerpt.exe 2015-05-25 18:00 . 2015-06-10 07:36 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2015-05-25 18:00 . 2015-06-10 07:36 37888 ----a-w- c:\windows\SysWow64\relog.exe 2015-05-25 18:00 . 2015-06-10 07:36 82944 ----a-w- c:\windows\SysWow64\logman.exe 2015-05-25 18:00 . 2015-06-10 07:36 17408 ----a-w- c:\windows\SysWow64\diskperf.exe 2015-05-25 17:59 . 2015-06-10 07:36 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2015-05-25 17:59 . 2015-06-10 07:36 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2015-05-25 17:55 . 2015-06-10 07:36 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2015-05-25 17:55 . 2015-06-10 07:36 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2015-05-25 17:55 . 2015-06-10 07:36 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MEDION NAS TOOL"="e:\medin nas tool\MEDION NAS TOOL\MEDION NAS TOOL.exe" [2012-09-27 1834496] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Cobian Backup 11"="c:\program files (x86)\Cobian Backup 11\Cobian.exe" [2013-03-07 720896] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-06-08 334896] . c:\users\Alain\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ EOS Utility.lnk - c:\program files (x86)\Canon\EOS Utility\EOS Utility.exe /AutoStartUp [2015-2-10 1590272] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer9"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x] R3 cxbu0x64;OMNIKEY 3x21;c:\windows\system32\DRIVERS\cxbu0x64.sys;c:\windows\SYSNATIVE\DRIVERS\cxbu0x64.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 DIRECTIO;DIRECTIO;e:\performancetest\DirectIo64.sys;e:\performancetest\DirectIo64.sys [x] R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x] R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys;c:\windows\SYSNATIVE\DRIVERS\LEqdUsb.Sys [x] R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys;c:\windows\SYSNATIVE\DRIVERS\LHidEqd.Sys [x] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x] R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys;c:\windows\SYSNATIVE\DRIVERS\Ph3xIB64.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys;c:\windows\SYSNATIVE\DRIVERS\asahci64.sys [x] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NSx64\1602000.01F\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1602000.01F\SYMDS64.SYS [x] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NSx64\1602000.01F\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1602000.01F\SYMEFA64.SYS [x] S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150706.001\BHDrvx64.sys;c:\program files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\BASHDefs\20150706.001\BHDrvx64.sys [x] S1 ccSet_NS;NS Settings Manager;c:\windows\system32\drivers\NSx64\1602000.01F\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NSx64\1602000.01F\ccSetx64.sys [x] S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x] S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150720.001\IDSvia64.sys;c:\program files (x86)\Norton Security\NortonData\22.1.0.9\Definitions\IPSDefs\20150720.001\IDSvia64.sys [x] S1 nltdi;nltdi;e:\netlimiter pro\nltdi.sys;e:\netlimiter pro\nltdi.sys [x] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NSx64\1602000.01F\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NSx64\1602000.01F\Ironx64.SYS [x] S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NSx64\1602000.01F\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NSx64\1602000.01F\SYMNETS.SYS [x] S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x] S2 CronService;Cron Service;e:\prey\wpxsvc.exe;e:\prey\wpxsvc.exe [x] S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 hasplms;Sentinel LDK License Manager;c:\windows\system32\hasplms.exe;c:\windows\SYSNATIVE\hasplms.exe [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NS;Norton Security;c:\program files (x86)\Norton Security\Engine\22.2.0.31\NS.exe;c:\program files (x86)\Norton Security\Engine\22.2.0.31\NS.exe [x] S2 ss_conn_service;SAMSUNG Mobile Connectivity Service;e:\usb drivers\25_escape\conn\ss_conn_service.exe;e:\usb drivers\25_escape\conn\ss_conn_service.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S2 Update service;Update service;c:\program files (x86)\Popcorn Time\Updater.exe;c:\program files (x86)\Popcorn Time\Updater.exe [x] S3 e1yexpress;Stuurprogramma voor Intel(R) Gigabit-netwerkverbindingen;c:\windows\system32\DRIVERS\e1y60x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1y60x64.sys [x] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x] S3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys;c:\windows\SYSNATIVE\DRIVERS\nlndis.sys [x] S3 VMHybrid64;VMHybrid service;c:\windows\system32\DRIVERS\VMHybr64.sys;c:\windows\SYSNATIVE\DRIVERS\VMHybr64.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 11:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Inhoud van de 'Gedeelde Taken' map . 2015-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24 06:26] . 2015-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-02-24 06:26] . . --------- X64 Entries ----------- . . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.hln.be/ mStart Page = www.google.com mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 195.130.131.5 195.130.130.133 DPF: {53049A9A-1122-4673-B8D4-12F545AE3285} - hxxp://avm565a-sn.ddns.eagleeyes.tw:85/AVC_AX_764.cab DPF: {971FC730-55F1-461F-83FD-B3BF5E1F039E} - hxxp://178.118.209.245:8910/AVC_AX_742.cab . - - - - ORPHANS VERWIJDERD - - - - . Wow6432Node-HKLM-Run- - (no file) Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe AddRemove-{050d4fc8-5d48-4b8f-8972-47c82c46020f} - c:\programdata\Package Cache\{050d4fc8-5d48-4b8f-8972-47c82c46020f}\vcredist_x64.exe AddRemove-{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f} - c:\programdata\Package Cache\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\vcredist_x86.exe AddRemove-{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6} - c:\programdata\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe AddRemove-{f65db027-aff3-4070-886a-0d87064aabb1} - c:\programdata\Package Cache\{f65db027-aff3-4070-886a-0d87064aabb1}\vcredist_x86.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NS] "ImagePath"="\"c:\program files (x86)\Norton Security\Engine\22.2.0.31\NS.exe\" /s \"NS\" /m \"c:\program files (x86)\Norton Security\Engine\22.2.0.31\diMaster.dll\" /prefetch:1" "ImagePath"="\SystemRoot\System32\Drivers\NSx64\1602000.01F\SYMNETS.SYS" "TrustedImagePaths"="c:\program files (x86)\Norton Security\Engine\22.2.0.31;c:\program files (x86)\Norton Security\Engine64\22.2.0.31" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="PhotoManager10Deluxe.8.alb" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_203_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_203_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_203_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.18" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_203.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}] @Denied: (A 2) (Everyone) @="IFlashBroker6" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2015-07-21 14:04:38 ComboFix-quarantined-files.txt 2015-07-21 12:04 . Pre-Run: 29.946.851.328 bytes beschikbaar Post-Run: 29.611.745.280 bytes beschikbaar . - - End Of File - - 20BCC414E47CD2AB63786A41716F1878 8F558EB6672622401DA993E1E865C861