Hulp bij analyseren van ComboFix logs
Geplaatst: 17 mei 2017 19:55
Beste allen,
Mijn laptop met W7 ultimate, een maand geleden alles opnieuw geinstalleerd, is nu al buiten adem.
Het fysiek geheugen staat na en half uur gebruik op 95% en gaat niet meer terug.
Ik heb met combofix een scan gedaan en dit is het logbestand.
Graag wat hulp hierbij.
Dank, Paulus
--------------------------------------------------------------------------------------------------------------
ComboFix 17-05-04.01 - Gebruiker 04-05-2017 20:24:43.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.2935.1323 [GMT 2:00]
Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2017-04-04 to 2017-05-04 ))))))))))))))))))))))))))))))
.
.
2017-05-04 18:31 . 2017-05-04 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-04 18:20 . 2017-05-04 18:20 -------- d-----w- c:\programdata\SWCUTemp
2017-04-06 06:26 . 2017-04-06 06:25 41176 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-04-06 06:26 . 2017-04-06 06:25 267528 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-04-06 06:26 . 2017-04-06 06:25 255184 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-04-06 06:26 . 2017-04-06 06:25 148208 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-04-06 06:26 . 2017-04-06 06:26 330256 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-28 16:01 . 2017-01-25 15:13 472760 ----a-w- c:\windows\system32\drivers\aswsp.sys
2017-04-28 16:01 . 2017-01-25 15:13 107928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-04-06 06:26 . 2017-01-25 15:13 62152 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-04-06 06:26 . 2017-01-25 15:13 279800 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-04-06 06:26 . 2017-01-25 15:13 118800 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-04-06 06:26 . 2017-01-25 15:13 90336 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-04-06 06:26 . 2017-01-25 15:13 34136 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-04-06 06:25 . 2017-01-25 15:13 764064 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-04-06 06:25 . 2017-01-25 15:14 31064 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-03-25 07:41 . 2017-01-26 09:32 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-03-25 07:41 . 2017-01-26 09:32 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-03-09 10:47 . 2017-03-09 10:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2017-03-09 10:47 . 2017-03-09 10:47 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-06 06:25 1208704 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-12-21 7173848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 501104]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 178200]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2017-01-25 5941760]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-27 1138783]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-04-06 213824]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 840992]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2017-1-25 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 12:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-04-06 118800]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-04-06 34136]
R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 13080]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2017-01-25 691696]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-04-06 255184]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2017-04-06 31064]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-04-06 764064]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-04-28 472760]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-04-28 107928]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2017-04-07 33640]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 33832]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-05-04 05:33 1371480 ----a-w- c:\program files\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2017-05-02 c:\windows\Tasks\HPCeeScheduleForGebruiker.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12 14:40]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
AddRemove-{4780AF24-213D-4187-86F2-0014A6D6077B} - c:\program files\InstallShield Installation Information\{4780AF24-213D-4187-86F2-0014A6D6077B}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4300)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
Voltooingstijd: 2017-05-04 20:32:45
ComboFix-quarantined-files.txt 2017-05-04 18:32
.
Pre-Run: 479.294.226.432 bytes beschikbaar
Post-Run: 479.388.917.760 bytes beschikbaar
.
- - End Of File - - ADD523FFF6593D710DA9A8FD4F4523EB
A36C5E4F47E84449FF07ED3517B43A31
Mijn laptop met W7 ultimate, een maand geleden alles opnieuw geinstalleerd, is nu al buiten adem.
Het fysiek geheugen staat na en half uur gebruik op 95% en gaat niet meer terug.
Ik heb met combofix een scan gedaan en dit is het logbestand.
Graag wat hulp hierbij.
Dank, Paulus
--------------------------------------------------------------------------------------------------------------
ComboFix 17-05-04.01 - Gebruiker 04-05-2017 20:24:43.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.31.1043.18.2935.1323 [GMT 2:00]
Gestart vanuit: c:\users\Gebruiker\Downloads\ComboFix.exe
AV: Avast Antivirus *Disabled/Updated* {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
SP: Avast Antivirus *Disabled/Updated* {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2017-04-04 to 2017-05-04 ))))))))))))))))))))))))))))))
.
.
2017-05-04 18:31 . 2017-05-04 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2017-05-04 18:20 . 2017-05-04 18:20 -------- d-----w- c:\programdata\SWCUTemp
2017-04-06 06:26 . 2017-04-06 06:25 41176 ----a-w- c:\windows\system32\drivers\aswbunivx.sys
2017-04-06 06:26 . 2017-04-06 06:25 267528 ----a-w- c:\windows\system32\drivers\aswblogx.sys
2017-04-06 06:26 . 2017-04-06 06:25 255184 ----a-w- c:\windows\system32\drivers\aswbidsdriverx.sys
2017-04-06 06:26 . 2017-04-06 06:25 148208 ----a-w- c:\windows\system32\drivers\aswbidshx.sys
2017-04-06 06:26 . 2017-04-06 06:26 330256 ----a-w- c:\windows\system32\aswBoot.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2017-04-28 16:01 . 2017-01-25 15:13 472760 ----a-w- c:\windows\system32\drivers\aswsp.sys
2017-04-28 16:01 . 2017-01-25 15:13 107928 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2017-04-06 06:26 . 2017-01-25 15:13 62152 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2017-04-06 06:26 . 2017-01-25 15:13 279800 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2017-04-06 06:26 . 2017-01-25 15:13 118800 ----a-w- c:\windows\system32\drivers\aswStm.sys
2017-04-06 06:26 . 2017-01-25 15:13 90336 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2017-04-06 06:26 . 2017-01-25 15:13 34136 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2017-04-06 06:25 . 2017-01-25 15:13 764064 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2017-04-06 06:25 . 2017-01-25 15:14 31064 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2017-03-25 07:41 . 2017-01-26 09:32 802904 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2017-03-25 07:41 . 2017-01-26 09:32 144472 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2017-03-09 10:47 . 2017-03-09 10:47 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2017-03-09 10:47 . 2017-03-09 10:47 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00 asw]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2017-04-06 06:25 1208704 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2016-12-21 7173848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 501104]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-29 143384]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-29 176664]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-29 178200]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2017-01-25 5941760]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-05-27 1138783]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvLaunch.exe" [2017-04-06 213824]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-2-8 840992]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2017-1-25 50688]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2013-05-30 12:50 96056 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2017-04-06 118800]
R3 aswHwid;aswHwid;c:\windows\system32\drivers\aswHwid.sys [2017-04-06 34136]
R3 c2wts;Claims voor Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-02-03 13080]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 197224]
S0 aswbidsh;aswbidsh;c:\windows\\SystemRoot\system32\drivers\aswbidshx.sys [x]
S0 aswblog;aswblog;c:\windows\\SystemRoot\system32\drivers\aswblogx.sys [x]
S0 aswbuniv;aswbuniv;c:\windows\\SystemRoot\system32\drivers\aswbunivx.sys [x]
S0 aswRvrt;aswRvrt;c:\windows\\SystemRoot\system32\drivers\aswRvrt.sys [x]
S0 aswVmm;aswVmm;c:\windows\\SystemRoot\system32\drivers\aswVmm.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2017-01-25 691696]
S1 aswbidsdriver;aswbidsdriver;c:\windows\system32\drivers\aswbidsdriverx.sys [2017-04-06 255184]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2017-04-06 31064]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2017-04-06 764064]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2017-04-28 472760]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2009-03-02 81920]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2017-04-28 107928]
S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2017-04-07 33640]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-07-01 2533400]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-08 302120]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-08 33832]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 143968]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-02-16 340072]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2017-05-04 05:33 1371480 ----a-w- c:\program files\Google\Chrome\Application\58.0.3029.96\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2017-05-02 c:\windows\Tasks\HPCeeScheduleForGebruiker.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12 14:40]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
AddRemove-{4780AF24-213D-4187-86F2-0014A6D6077B} - c:\program files\InstallShield Installation Information\{4780AF24-213D-4187-86F2-0014A6D6077B}\setup.exe
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_25_0_0_127_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(4300)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFTaskbar.dll
.
Voltooingstijd: 2017-05-04 20:32:45
ComboFix-quarantined-files.txt 2017-05-04 18:32
.
Pre-Run: 479.294.226.432 bytes beschikbaar
Post-Run: 479.388.917.760 bytes beschikbaar
.
- - End Of File - - ADD523FFF6593D710DA9A8FD4F4523EB
A36C5E4F47E84449FF07ED3517B43A31