ComboFix 15-04-28.01 - Medion 05/05/2015 17:59:48.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.32.1043.18.3326.2316 [GMT 2:00] Gestart vanuit: c:\users\Medion\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . [i] ADS - Windows: deleted 24 bytes in 1 streams. [/i] . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk c:\windows\WinRAR c:\windows\WinRAR\uninstall.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2015-04-05 to 2015-05-05 )))))))))))))))))))))))))))))) . . 2015-05-05 16:06 . 2015-05-05 16:06 -------- d-----w- c:\users\Medion\AppData\Local\temp 2015-05-05 16:06 . 2015-05-05 16:06 -------- d-----w- c:\users\Default\AppData\Local\temp 2015-05-05 15:54 . 2015-05-05 15:54 39464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBF2EF87-87BA-4E28-BB3B-A45EA1794BB2}\MpKslfe2ff414.sys 2015-05-04 16:59 . 2015-05-04 16:59 -------- d-----w- c:\program files\ESET 2015-05-04 15:45 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBF2EF87-87BA-4E28-BB3B-A45EA1794BB2}\mpengine.dll 2015-05-03 11:27 . 2015-05-03 11:30 -------- d-----w- C:\AdwCleaner 2015-05-03 10:59 . 2015-05-03 10:24 24064 ----a-w- c:\windows\zoek-delete.exe 2015-05-03 10:24 . 2015-05-04 21:00 -------- d-----w- C:\zoek_backup 2015-05-03 09:55 . 2015-04-04 06:39 9201616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2015-05-03 09:49 . 2015-05-03 09:49 -------- d-----w- c:\program files\Common Files\Java 2015-05-03 09:48 . 2015-05-03 09:47 96352 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2015-05-01 15:25 . 2015-05-01 15:26 -------- d-----w- C:\rsit 2015-04-28 15:42 . 2015-04-28 15:42 -------- d-----w- c:\users\Medion\AppData\Local\Pinnacle 2015-04-15 11:57 . 2015-04-15 11:57 -------- d-----w- c:\program files\Common Files\Skype 2015-04-14 19:56 . 2015-03-23 03:06 860160 ----a-w- c:\windows\system32\appraiser.dll 2015-04-14 19:56 . 2015-03-23 03:06 576000 ----a-w- c:\windows\system32\generaltel.dll 2015-04-14 19:56 . 2015-03-23 03:06 630784 ----a-w- c:\windows\system32\invagent.dll 2015-04-14 19:56 . 2015-03-23 03:06 331264 ----a-w- c:\windows\system32\devinv.dll 2015-04-14 19:56 . 2015-03-23 03:06 26112 ----a-w- c:\windows\system32\acmigration.dll 2015-04-14 19:56 . 2015-03-23 02:59 896000 ----a-w- c:\windows\system32\aeinv.dll 2015-04-14 19:56 . 2015-03-23 03:06 202752 ----a-w- c:\windows\system32\aepdu.dll 2015-04-14 19:56 . 2015-03-23 03:06 159744 ----a-w- c:\windows\system32\aepic.dll 2015-04-14 19:56 . 2015-03-04 04:16 249784 ----a-w- c:\windows\system32\clfs.sys 2015-04-14 19:56 . 2015-03-04 04:10 58880 ----a-w- c:\windows\system32\clfsw32.dll 2015-04-14 19:54 . 2015-03-13 03:43 772608 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2015-04-10 13:29 . 2015-04-10 13:29 -------- d-s---w- c:\windows\system32\GWX . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2015-04-19 09:51 . 2014-12-29 13:53 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10145.bin 2015-04-17 09:45 . 2012-10-24 13:43 778416 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2015-04-17 09:45 . 2012-10-24 13:43 142512 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2015-03-23 10:40 . 2015-03-31 18:14 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{65325343-CB9D-4F1A-8C81-1434F2481E46}\gapaengine.dll 2015-03-23 10:40 . 2012-10-03 11:17 908832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2015-03-03 13:16 . 2010-02-18 11:20 246920 ------w- c:\windows\system32\MpSigStub.exe 2015-02-26 03:11 . 2015-03-23 17:18 2381312 ----a-w- c:\windows\system32\win32k.sys 2015-02-20 04:13 . 2015-03-23 17:00 26624 ----a-w- c:\windows\system32\lpk.dll 2015-02-20 04:13 . 2015-03-23 17:00 70656 ----a-w- c:\windows\system32\fontsub.dll 2015-02-20 04:13 . 2015-03-23 17:00 10240 ----a-w- c:\windows\system32\dciman32.dll 2015-02-20 04:13 . 2015-03-23 17:00 34304 ----a-w- c:\windows\system32\atmlib.dll 2015-02-20 03:09 . 2015-03-23 17:00 299008 ----a-w- c:\windows\system32\atmfd.dll 2012-10-24 17:50 . 2012-10-28 10:00 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] "Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-11-25 6697752] "LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496] "Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2015-04-10 455392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-08 98304] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-12-03 8120864] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-01-30 978520] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816] "CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344] "CanonQuickMenu"="c:\program files\Canon\Quick Menu\CNQMMAIN.EXE" [2013-05-02 1282120] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2015-04-30 334896] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2012-7-11 603536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux3"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2014-12-11 315496] R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2012-09-02 37632] R3 BthAvrcp;Bluetooth AVRCP-profiel;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528] R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2014-01-04 12400] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-03-13 102912] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2014-11-15 95408] R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [2015-01-30 284472] R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-09-22 579072] R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 uxddrv;Dynamically loaded UxdDrv;i:\diagnose\WSTENG32\2PART\uxddrv86.sys [x] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-19 1343400] S1 MpKslfe2ff414;MpKslfe2ff414;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EBF2EF87-87BA-4E28-BB3B-A45EA1794BB2}\MpKslfe2ff414.sys [2015-05-05 39464] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-16 142648] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-08 172032] S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-07-14 1390176] S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-07-14 1767520] S2 DevoloNetworkService;devolo Network Service;c:\program files\devolo\dlan\devolonetsvc.exe [2013-02-04 4113400] S2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files\Hp\Common\HPSupportSolutionsFrameworkService.exe [2014-05-21 49464] S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [2012-09-07 35840] S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 CompFilter;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbusflt.sys [2012-01-18 22176] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-11-05 230912] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-06-05 27320] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSLFE2FF414 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2015-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-24 09:45] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.be/?gfe_rd=cr&ei=eehwVP6hNPDH8gee3YGIAg&gws_rd=ssl IE: E&xporteren naar Microsoft Excel - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: Verzenden naar &Bluetooth - c:\program files\DLink\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 195.130.130.132 195.130.131.132 FF - ProfilePath - c:\users\Medion\AppData\Roaming\Mozilla\Firefox\Profiles\a2zhpcqu.default\ FF - prefs.js: browser.startup.homepage - hxxps://www.google.be/?gfe_rd=cr&ei=Si5yVN3XJ_Sq8weDloCYBA&gws_rd=ssl FF - ExtSQL: !HIDDEN! 2012-09-02 11:32; belgiumeid@eid.belgium.be; c:\program files\Mozilla Firefox\extensions\belgiumeid@eid.belgium.be . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-Locked - (no file) Toolbar-10 - (no file) AddRemove-ExpressRip - c:\program files\NCH Software\ExpressRip\expressrip.exe AddRemove-Switch - c:\program files\NCH Software\Switch\switch.exe AddRemove-WavePad - c:\program files\NCH Software\WavePad\wavepad.exe AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe AddRemove-{ce085a78-074e-4823-8dc1-8a721b94b76d} - c:\programdata\Package Cache\{ce085a78-074e-4823-8dc1-8a721b94b76d}\vcredist_x86.exe AddRemove-Free mp3 Wma Converter - c:\program files\Free mp3 Wma Converter\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2015-05-05 18:07:42 ComboFix-quarantined-files.txt 2015-05-05 16:07 . Pre-Run: 1.174.789.775.360 bytes beschikbaar Post-Run: 1.174.436.802.560 bytes beschikbaar . - - End Of File - - 743F6C8D16C9632036271280E4835497 4624822E540EC83CD0819525C65846BA