Hier is het log:
ComboFix 18-08-08.01 - Eigenaar 27-02-2019 22:44:10.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.6120.2239 [GMT 1:00]
Gestart vanuit: d:\bureaublad\ComboFix.exe
AV: Malwarebytes Enabled/Updated {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Norton Security Enabled/Updated {A2708B76-6835-6565-CB96-694212954A75}
FW: Norton Security Enabled {9A4B0A53-225A-643D-E0C9-C077EC460D0E}
SP: Malwarebytes Enabled/Updated {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Norton Security Enabled/Updated {19116A92-4E0F-6AEB-F126-5230691200C8}
SP: Windows Defender Disabled/Updated {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\MixPad Multitrack Recording Software.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk
c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\u582ddig.default-1472642198637-1541841428139\extensions\staged
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\TEMP\sqlite-3.7.151-amd64-sqlitejdbc.dll
d:\mijn documenten\~WRL3271.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2019-01-27 to 2019-02-27 ))))))))))))))))))))))))))))))
.
.
2019-02-27 22:28 . 2019-02-27 22:28 72864 ----a-w- c:\windows\system32\drivers\mbam.sys
2019-02-27 22:28 . 2019-02-27 22:28 127136 ----a-w- c:\windows\system32\drivers\farflt.sys
2019-02-27 22:28 . 2019-02-27 22:28 104784 ----a-w- c:\windows\system32\drivers\mwac.sys
2019-02-25 12:05 . 2019-02-25 12:05 -------- d-----w- C:\tmpMerge
2019-02-25 12:03 . 2019-02-25 12:04 -------- d-----w- C:\Output
2019-02-20 09:47 . 2019-02-20 09:47 198512 ----a-w- c:\windows\system32\drivers\MbamChameleon.sys
2019-02-20 09:47 . 2019-01-08 14:32 153328 ----a-w- c:\windows\system32\drivers\mbae64.sys
2019-02-19 18:02 . 2019-02-19 18:01 14779504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57BA1281-05A4-4043-B1C0-3A20C5913925}\mpengine.dll
2019-02-19 16:55 . 2019-02-19 16:55 -------- d-----w- c:\users\Eigenaar\AppData\Local\eM Client
2019-02-19 16:55 . 2019-02-27 06:42 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\eM Client
2019-02-19 16:54 . 2019-02-19 16:54 -------- d-----w- c:\program files (x86)\eM Client
2019-02-17 00:05 . 2019-02-17 00:05 -------- d-----w- c:\users\Eigenaar\AppData\Local\mbam
2019-02-16 14:15 . 2019-02-16 14:15 -------- d-----w- c:\program files\Common Files\AVAST Software
2019-02-15 23:11 . 2019-02-15 23:13 -------- d-----w- C:\AdwCleaner
2019-02-14 20:25 . 2019-02-14 20:25 -------- d-----w- c:\program files\Tracktion 7
2019-02-12 09:17 . 2019-02-13 12:05 -------- d-----w- c:\windows\system32\drivers\NGCx64\1610040.00F
2019-02-09 13:34 . 2019-02-14 08:58 114128 ----a-w- c:\program files\Mozilla Firefox\gmp-clearkey\0.1\clearkey.dll
2019-02-09 13:34 . 2019-02-14 08:58 904016 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2019-02-05 21:57 . 2019-02-05 21:57 12894720 ----a-r- c:\users\Eigenaar\AppData\Roaming\Microsoft\Installer\{C31045F1-6C82-4AB8-A8D0-0CC1B4734B52}\RigManagerIcon.exe
2019-02-03 08:57 . 2019-02-16 13:54 -------- d-----w- C:\FRST
2019-02-03 08:47 . 2019-02-03 08:47 -------- d-----w- c:\users\Eigenaar\AppData\Local\FNativeWebEngineExe
2019-02-02 20:44 . 2019-02-02 20:44 -------- d-----w- c:\program files\WinPcap
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2019-02-13 06:32 . 2015-03-11 10:39 129330784 -c--a-w- c:\windows\system32\MRT.exe
2019-02-12 20:52 . 2018-01-17 10:49 842240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2019-02-12 20:52 . 2018-01-17 10:49 175104 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2019-01-09 02:55 . 2019-02-13 06:07 44544 ----a-w- c:\windows\apppatch\acwow64.dll
2018-12-28 20:02 . 2019-01-09 05:35 1680616 ----a-w- c:\windows\system32\drivers\ntfs.sys
2018-12-10 22:04 . 2010-11-21 03:27 592616 ------w- c:\windows\system32\MpSigStub.exe
2018-12-08 03:08 . 2019-01-09 05:35 95744 ----a-w- c:\windows\system32\rascfg.dll
2018-12-08 03:08 . 2019-01-09 05:35 76288 ----a-w- c:\windows\system32\rasdiag.dll
2018-12-08 03:08 . 2019-01-09 05:35 41472 ----a-w- c:\windows\system32\rasmxs.dll
2018-12-08 03:08 . 2019-01-09 05:35 29696 ----a-w- c:\windows\system32\rasser.dll
2018-12-08 03:08 . 2019-01-09 05:35 60928 ----a-w- c:\windows\system32\ndptsp.tsp
2018-12-08 03:08 . 2019-01-09 05:35 47104 ----a-w- c:\windows\system32\kmddsp.tsp
2018-12-08 02:56 . 2019-01-09 05:35 81408 ----a-w- c:\windows\SysWow64\rascfg.dll
2018-12-08 02:56 . 2019-01-09 05:35 61952 ----a-w- c:\windows\SysWow64\rasdiag.dll
2018-12-08 02:56 . 2019-01-09 05:35 50688 ----a-w- c:\windows\SysWow64\ndptsp.tsp
2018-12-08 02:47 . 2019-01-09 05:35 88576 ----a-w- c:\windows\system32\drivers\wanarp.sys
2018-12-08 02:47 . 2019-01-09 05:35 58368 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2018-12-08 02:47 . 2019-01-09 05:35 24064 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2018-12-08 02:41 . 2019-01-09 05:35 38912 ----a-w- c:\windows\SysWow64\kmddsp.tsp
2018-12-08 02:41 . 2019-01-09 05:35 33280 ----a-w- c:\windows\SysWow64\rasmxs.dll
2018-12-08 02:41 . 2019-01-09 05:35 22528 ----a-w- c:\windows\SysWow64\rasser.dll
2018-01-15 11:47 . 2015-05-12 22:19 84618 ----a-w- c:\program files (x86)\Uninstall MultiCommander.exe
2017-12-25 15:45 . 2017-12-25 15:45 7761408 ----a-w- c:\program files (x86)\MultiCommander.exe
2017-12-25 15:41 . 2017-12-25 15:41 317952 ----a-w- c:\program files (x86)\MCAdmin.exe
2017-12-25 15:41 . 2017-12-25 15:41 821248 ----a-w- c:\program files (x86)\MultiUpdate.exe
2017-12-25 15:41 . 2017-12-25 15:41 424448 ----a-w- c:\program files (x86)\MultiCrashReport.exe
2017-11-04 17:02 . 2017-11-04 17:02 1161216 ----a-w- c:\program files (x86)\MCIcons.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nota lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-11 10:15 223432 ----a-w- c:\users\Eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-11 10:15 223432 ----a-w- c:\users\Eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-11 10:15 223432 ----a-w- c:\users\Eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\epmntdrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EuGdiDrv]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EraserSvc11720;Symantec Eraser Service;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\NS.exe;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\NS.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 DxVGrb;DxVGrb;c:\windows\system32\drivers\DxVGrb.sys;c:\windows\SYSNATIVE\drivers\DxVGrb.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys;c:\windows\SYSNATIVE\DRIVERS\ffusb2audio.sys [x]
R3 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [x]
R3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe;c:\program files (x86)\Google\Chrome\Application\72.0.3626.119\elevation_service.exe [x]
R3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 kemper;Profiling Amplifier Service;c:\windows\system32\DRIVERS\kemper.sys;c:\windows\SYSNATIVE\DRIVERS\kemper.sys [x]
R3 KemperProfiler;Kemper Profiler;c:\windows\system32\DRIVERS\KemperProfiler.sys;c:\windows\SYSNATIVE\DRIVERS\KemperProfiler.sys [x]
R3 MADFUMIDISPORT2010;Service for M-Audio MIDISPORT DFU;c:\windows\system32\DRIVERS\MAudioMIDISPORT_DFU.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioMIDISPORT_DFU.sys [x]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys;c:\windows\SYSNATIVE\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys;c:\windows\SYSNATIVE\pwdspio.sys [x]
R3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys;c:\windows\SYSNATIVE\DRIVERS\qcusbser.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
R3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 wpCtrlDrv_NGC;Symantec Webcam Control functional driver;c:\windows\System32\drivers\NGCx64\1610040.00F\wpCtrlDrv.sys;c:\windows\SYSNATIVE\drivers\NGCx64\1610040.00F\wpCtrlDrv.sys [x]
R3 WsDrvInst;Wondershare Driver Install Service;c:\program files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe;c:\program files (x86)\Wondershare\Video Converter Ultimate\Transfer\DriverInstall.exe [x]
R3 XSplit_Dummy;XSplit Stream Audio Renderer;c:\windows\system32\drivers\xspltspk.sys;c:\windows\SYSNATIVE\drivers\xspltspk.sys [x]
R4 SymEvnt;Symantec Eventing Platform;c:\program files\Norton Security\NortonData\22.9.3.13\SymPlatform\SymEvnt.sys;c:\program files\Norton Security\NortonData\22.9.3.13\SymPlatform\SymEvnt.sys [x]
S0 ambakdrv;ambakdrv;c:\windows\system32\ambakdrv.sys;c:\windows\SYSNATIVE\ambakdrv.sys [x]
S0 file_tracker;file_tracker;c:\windows\system32\DRIVERS\file_tracker.sys;c:\windows\SYSNATIVE\DRIVERS\file_tracker.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymEFASI;Symantec Extended File Attributes (SI);c:\windows\System32\drivers\NGCx64\1610040.00F\SYMEFASI64.SYS;c:\windows\SYSNATIVE\drivers\NGCx64\1610040.00F\SYMEFASI64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files\Norton Security\NortonData\22.9.3.13\Definitions\BASHDefs\20190225.002\BHDrvx64.sys;c:\program files\Norton Security\NortonData\22.9.3.13\Definitions\BASHDefs\20190225.002\BHDrvx64.sys [x]
S1 ccSet_NGC;NGC Settings Manager;c:\windows\System32\drivers\NGCx64\1610040.00F\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NGCx64\1610040.00F\ccSetx64.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\windows\system32\drivers\mbae64.sys;c:\windows\SYSNATIVE\drivers\mbae64.sys [x]
S1 IDSVia64;IDSVia64;c:\program files\Norton Security\NortonData\22.9.3.13\Definitions\IPSDefs\20190226.061\IDSvia64.sys;c:\program files\Norton Security\NortonData\22.9.3.13\Definitions\IPSDefs\20190226.061\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\System32\drivers\NGCx64\1610040.00F\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NGCx64\1610040.00F\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\drivers\NGCx64\1610040.00F\symnets.sys;c:\windows\SYSNATIVE\drivers\NGCx64\1610040.00F\symnets.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 AGMService;Adobe Genuine Monitor Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe [x]
S2 AGSService;Adobe Genuine Software Integrity Service;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe;c:\program files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ammntdrv;ammntdrv;c:\windows\system32\ammntdrv.sys;c:\windows\SYSNATIVE\ammntdrv.sys [x]
S2 amwrtdrv;amwrtdrv;c:\windows\system32\amwrtdrv.sys;c:\windows\SYSNATIVE\amwrtdrv.sys [x]
S2 Backupper Service;AOMEI Backupper Scheduler Service;c:\program files (x86)\AOMEI Backupper\ABService.exe;c:\program files (x86)\AOMEI Backupper\ABService.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 FreemakeVideoCapture;FreemakeVideoCapture;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe;c:\program files (x86)\Freemake\CaptureLib\CaptureLibService.exe [x]
S2 MBAMChameleon;MBAMChameleon;c:\windows\System32\Drivers\MbamChameleon.sys;c:\windows\SYSNATIVE\Drivers\MbamChameleon.sys [x]
S2 MBAMService;Malwarebytes Service;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe;c:\program files\Malwarebytes\Anti-Malware\mbamservice.exe [x]
S2 MIDISPORTAudioDevMon;MIDISPORT Audio Device Monitor;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe;c:\program files (x86)\M-Audio\MIDISPORT\AudioDevMon.exe [x]
S2 NortonSecurity;Norton Security;c:\program files\Norton Security\Engine\22.16.4.15\NortonSecurity.exe;c:\program files\Norton Security\Engine\22.16.4.15\NortonSecurity.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [x]
S2 Samsung Link Service;Samsung Link Service;c:\program files\Samsung\Samsung Link\Samsung Link.exe;c:\program files\Samsung\Samsung Link\Samsung Link.exe [x]
S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe;c:\program files\Tablet\Pen\Pen_Tablet.exe [x]
S2 tib;Acronis TIB Manager;c:\windows\system32\DRIVERS\tib.sys;c:\windows\SYSNATIVE\DRIVERS\tib.sys [x]
S2 tib_mounter;Acronis TIB Mounter;c:\windows\system32\DRIVERS\tib_mounter.sys;c:\windows\SYSNATIVE\DRIVERS\tib_mounter.sys [x]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe;c:\program files\Tablet\Pen\Pen_TouchService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 MAUSBMIDISPORT;Service for M-Audio MIDISPORT;c:\windows\system32\DRIVERS\MAudioMIDISPORT.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioMIDISPORT.sys [x]
S3 MBAMFarflt;MBAMFarflt;c:\windows\system32\DRIVERS\farflt.sys;c:\windows\SYSNATIVE\DRIVERS\farflt.sys [x]
S3 MBAMProtection;MBAMProtection;c:\windows\system32\DRIVERS\mbam.sys;c:\windows\SYSNATIVE\DRIVERS\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\Drivers\mbamswissarmy.sys;c:\windows\SYSNATIVE\Drivers\mbamswissarmy.sys [x]
S3 MBAMWebProtection;MBAMWebProtection;c:\windows\system32\DRIVERS\mwac.sys;c:\windows\SYSNATIVE\DRIVERS\mwac.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys;c:\windows\SYSNATIVE\DRIVERS\RTL8192su.sys [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
NewlyCreated - MBAMFARFLT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
.
Inhoud van de 'Gedeelde Taken' map
.
2019-02-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04 14:31]
.
2015-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0e216148a7959.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04 14:31]
.
2015-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d0f086a60a9f09.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04 14:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2015-03-11 10:15 262344 ----a-w- c:\users\Eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2015-03-11 10:15 262344 ----a-w- c:\users\Eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2015-03-11 10:15 262344 ----a-w- c:\users\Eigenaar\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncError]
@="{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}"
[HKEY_CLASSES_ROOT\CLSID\{934BC6C0-FEC2-4df5-A100-961DE2C8A0ED}]
2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncInProgress]
@="{00F848DC-B1D4-4892-9C25-CAADC86A215D}"
[HKEY_CLASSES_ROOT\CLSID\{00F848DC-B1D4-4892-9C25-CAADC86A215D}]
2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AcronisSyncOk]
@="{71573297-552E-46fc-BE3D-3DFAF88D47B7}"
[HKEY_CLASSES_ROOT\CLSID\{71573297-552E-46fc-BE3D-3DFAF88D47B7}]
2014-09-09 09:00 2825312 ----a-w- c:\program files (x86)\Acronis\TrueImageHome\tishell64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-02-24 13667032]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Bar = hxxp://www.google.com
Trusted Zone: localhost
TCP: DhcpNameServer = 89.101.251.229 89.101.251.228
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\u582ddig.default-1472642198637-1541841428139\
FF - prefs.js: browser.search.selectedEngine - Bing Search Engine
FF - prefs.js: browser.startup.homepage - hxxp://google.nl/
.
- - - - ORPHANS VERWIJDERD - - - -
.
Wow6432Node-HKLM-Run-AvastUI.exe - c:\program files\AVAST Software\Avast\AvLaunch.exe
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
AddRemove-WinDirStat - d:\bureaublad\WinDirStat\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NortonSecurity]
"ImagePath"="\"c:\program files\Norton Security\Engine\22.16.4.15\NortonSecurity.exe\" /s \"NortonSecurity\" /m \"c:\program files\Norton Security\Engine\22.16.4.15\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\drivers\NGCx64\1610040.00F\symnets.sys"
"TrustedImagePaths"="c:\program files\Norton Security\Engine32\22.16.4.15;c:\program files\Norton Security\Engine\22.16.4.15"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-3003377172-2765754124-3774478947-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):a9,1a,b4,86,28,e0,fd,bb,4e,63,ec,9f,66,33,98,b5,3c,83,0b,c6,37,
6b,2e,1c,4d,bf,77,39,60,12,57,03,c3,4d,01,ad,6c,75,08,2d,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3003377172-2765754124-3774478947-1000_Classes\Wow6432Node\CLSID\{e053142e-7305-4311-993b-3868cf97450b}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000ad
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,d1,0d,22,7f,20,62,20,20,c3,92,c7,7d,7b,c8,33,e0,18,d3,ab,b2,88,36,\
.
[HKEY_LOCAL_MACHINE\software\AVAST Software]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_142_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_32_0_0_142_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_142_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_32_0_0_142_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_142.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.32"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_142.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_142.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_32_0_0_142.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=""
"0"="ActionsPane Schema for Add-Ins"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Wondershare\Wondershare Helper Compact\1919381362\am Files (x86)ProgramW6432=c:\program filespsmodulepath=c:\Windows\system32\WindowsPowerShell\v1.0\Modules\PUBLIC=c:\users\PublicSystemDrive=C:SystemRoot=c:\windowstemp=c:\Users\Eigenaar\AppData\Local\TempTMP=c:\users\Eigenaar\AppData\Local\Temp*USE]
"JoinUserExperience"=dword:00000001
"LastStopTime"=hex:0d,9f,fd,57,56,b3,e4,40
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Google\Update\1.3.33.23\GoogleCrashHandler.exe
c:\program files\Malwarebytes\Anti-Malware\mbamtray.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\DllHost.exe
.
**
.
Voltooingstijd: 2019-02-27 23:35:09 - machine werd herstart
ComboFix-quarantined-files.txt 2019-02-27 22:35
.
Pre-Run: 49.735.274.496 bytes beschikbaar
Post-Run: 49.436.622.848 bytes beschikbaar
.
- - End Of File - - 157B429AC6E0B2BF954D920FD840F21B
A36C5E4F47E84449FF07ED3517B43A31