ComboFix 15-05-31.01 - MY NAME 06-06-2015 10:00:45.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4007.1314 [GMT 2:00] Gestart vanuit: C:\Users\MY NAME\Downloads\ComboFix.exe AV: Bitdefender Antivirus *Enabled/Updated* {9A0813D8-CED6-F86B-072E-28D2AF25A83D} SP: Bitdefender Antispyware *Enabled/Updated* {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ProgramData\1380282050.bdinstall.bin C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk C:\Users\MY NAME\Favorites\bookmarks 01112011.html C:\Users\MY NAME\Favorites\bookmarks 08052012.html E:\MY NAME\Mijn documenten\~WRD0005.tmp E:\MY NAME\Mijn documenten\~WRD1654.tmp E:\MY NAME\Mijn documenten\~WRL0003.tmp E:\MY NAME\Mijn documenten\~WRL0161.tmp E:\MY NAME\Mijn documenten\~WRL1054.tmp E:\MY NAME\Mijn documenten\~WRL1126.tmp E:\MY NAME\Mijn documenten\~WRL1673.tmp E:\MY NAME\Mijn documenten\~WRL2409.tmp E:\MY NAME\Mijn documenten\~WRL3377.tmp (((((((((((((((((((( Bestanden Gemaakt van 2015-05-06 to 2015-06-06 )))))))))))))))))))))))))))))) 2015-06-06 08:15:44 . 2015-06-06 08:15:44 -------- d-----w- C:\Users\UpdatusUser\AppData\Local\temp 2015-06-06 08:15:44 . 2015-06-06 08:15:44 -------- d-----w- C:\Users\Default\AppData\Local\temp 2015-06-06 08:10:20 . 2015-06-06 08:10:21 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC01BB48-6575-4700-8138-22DD354FE621}\offreg.dll 2015-06-03 08:59:05 . 2015-06-03 07:41:48 24064 ----a-w- C:\windows\zoek-delete.exe 2015-06-03 08:59:04 . 2015-06-06 08:15:44 -------- d-----w- C:\Users\MY NAME\AppData\Local\Temp 2015-05-31 19:39:22 . 2015-05-31 19:45:20 -------- d-----w- C:\AdwCleaner 2015-05-31 13:31:05 . 2015-05-31 14:25:41 -------- d-----w- C:\zoek_backup 2015-05-31 09:48:29 . 2008-02-03 15:00:00 648656 ------w- C:\windows\SysWow64\ipworks6.dll 2015-05-26 18:14:00 . 2015-05-26 18:14:00 -------- d-----w- C:\Users\MY NAME\AppData\Local\CyberLink 2015-05-25 07:33:15 . 2015-05-25 07:33:47 -------- d-----w- C:\rsit 2015-05-25 07:33:15 . 2015-05-25 07:33:33 -------- d-----w- C:\Program Files\trend micro 2015-05-20 09:30:17 . 2003-03-18 20:12:12 1047552 ----a-w- C:\windows\SysWow64\MFC71u.dll 2015-05-20 09:30:17 . 2003-03-18 19:44:38 57344 ----a-w- C:\windows\SysWow64\MFC71ENU.DLL 2015-05-20 09:30:17 . 2003-03-18 19:44:38 49152 ----a-w- C:\windows\SysWow64\MFC71KOR.DLL 2015-05-20 09:30:17 . 2003-03-18 19:44:36 61440 ----a-w- C:\windows\SysWow64\MFC71ITA.DLL 2015-05-20 09:30:17 . 2003-03-18 19:44:36 61440 ----a-w- C:\windows\SysWow64\MFC71ESP.DLL 2015-05-20 09:30:17 . 2003-03-18 19:44:36 45056 ----a-w- C:\windows\SysWow64\MFC71CHT.DLL 2015-05-20 09:30:17 . 2003-03-18 19:44:36 40960 ----a-w- C:\windows\SysWow64\MFC71CHS.DLL 2015-05-20 09:30:17 . 2003-03-18 19:44:34 65536 ----a-w- C:\windows\SysWow64\MFC71DEU.DLL 2015-05-20 09:30:17 . 2003-03-18 19:44:34 49152 ----a-w- C:\windows\SysWow64\MFC71JPN.DLL 2015-05-20 09:30:16 . 2003-03-18 20:20:00 1060864 ----a-w- C:\windows\SysWow64\MFC71.dll 2015-05-20 09:30:16 . 2003-03-18 18:05:50 89088 ----a-w- C:\windows\SysWow64\atl71.dll 2015-05-20 09:28:09 . 2015-05-20 11:55:50 -------- d-----w- C:\Program Files (x86)\Logitech . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2015-05-31 09:17:54 . 2014-01-18 12:59:52 535576 ----a-w- C:\windows\system32\drivers\RapportKE64.sys ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" [2014-04-20 16:45:26 567888] "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-04-20 16:45:12 614232] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Bitdefender Wallet Agent"="C:\Program Files\Bitdefender\Bitdefender\pmbxag.exe" [2014-04-20 16:45:26 567888] "Bitdefender Wallet"="C:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" [2014-04-20 16:45:11 1001536] "Bitdefender Agent Wallet-toepassing"="C:\Program Files\Bitdefender\Bitdefender\antispam32\bdapppassmgr.exe" [2014-04-20 16:45:12 614232] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-10-22 1133856] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=C:\Windows\SysWOW64\nvinit.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x] R3 avckf;avckf;C:\windows\system32\DRIVERS\avckf.sys;C:\windows\SYSNATIVE\DRIVERS\avckf.sys [x] R3 BDSandBox;BDSandBox;C:\windows\system32\drivers\bdsandbox.sys;C:\windows\SYSNATIVE\drivers\bdsandbox.sys [x] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys;C:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x] R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\system32\IEEtwCollector.exe;C:\windows\SYSNATIVE\IEEtwCollector.exe [x] R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys;C:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys;C:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x] R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys;C:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys;C:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [x] R3 WatAdminSvc;Windows Activation Technologies-service;C:\windows\system32\Wat\WatAdminSvc.exe;C:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [x] S0 avc3;avc3;C:\windows\system32\DRIVERS\avc3.sys;C:\windows\SYSNATIVE\DRIVERS\avc3.sys [x] S0 gzflt;gzflt;C:\windows\system32\DRIVERS\gzflt.sys;C:\windows\SYSNATIVE\DRIVERS\gzflt.sys [x] S0 nvpciflt;nvpciflt;C:\windows\system32\DRIVERS\nvpciflt.sys;C:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x] S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys;C:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S0 RapportKE64;RapportKE64;C:\windows\System32\Drivers\RapportKE64.sys;C:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x] S1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [x] S1 RapportCerberus_80128;RapportCerberus_80128;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [x] S1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x] S1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x] S1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\system32\Drivers\SABI.sys;C:\windows\SYSNATIVE\Drivers\SABI.sys [x] S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [x] S2 EkaProt6;Ekahau User Protocol Driver for NDIS 6;C:\windows\system32\DRIVERS\ekaprot6.sys;C:\windows\SYSNATIVE\DRIVERS\ekaprot6.sys [x] S2 NPF;NetGroup Packet Filter Driver;C:\windows\system32\drivers\npf.sys;C:\windows\SYSNATIVE\drivers\npf.sys [x] S2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x] S2 SSPORT;SSPORT;C:\windows\system32\Drivers\SSPORT.sys;C:\windows\SYSNATIVE\Drivers\SSPORT.sys [x] S2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys;C:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x] S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe;C:\Program Files\Bitdefender\Bitdefender\updatesrv.exe [x] S3 avchv;avchv Function Driver;C:\windows\system32\DRIVERS\avchv.sys;C:\windows\SYSNATIVE\DRIVERS\avchv.sys [x] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys;C:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys;C:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys;C:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x] S3 ETD;ELAN PS/2 Port Input Device;C:\windows\system32\DRIVERS\ETD.sys;C:\windows\SYSNATIVE\DRIVERS\ETD.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\windows\system32\DRIVERS\nusb3hub.sys;C:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\windows\system32\DRIVERS\nusb3xhc.sys;C:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x] S3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys;C:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2015-05-26 15:25:16 986440 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.81\Installer\chrmstp.exe Inhoud van de 'Gedeelde Taken' map 2015-06-06 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 20:45:24 . 2013-09-26 20:45:24] 2015-06-05 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-26 20:45:24 . 2013-09-26 20:45:24] --------- X64 Entries ----------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-17 02:52:26 11613288] "Bdagent"="C:\Program Files\Bitdefender\Bitdefender\bdagent.exe" [2014-04-20 16:45:26 1742064] "HotKeysCmds"="C:\windows\system32\hkcmd.exe" [2012-02-02 20:00:44 392984] "CDAServer"="C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 20:23:34 456704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=C:\Windows\System32\nvinitx.dll ------- Bijkomende Scan ------- uLocal Page = C:\windows\system32\blank.htm mStart Page = about:blank mLocal Page = C:\Windows\SysWOW64\blank.htm IE: Afbeelding verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Pagina verzenden naar &Bluetooth-apparaat... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm TCP: DhcpNameServer = 192.168.2.254 195.121.1.34 195.121.1.66 ------- Bestandsassociaties ------- inifile="%SystemRoot%\system32\NOTEPAD.EXE" %1 txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1 - - - - ORPHANS VERWIJDERD - - - - Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-Ad-Aware Browsing Protection - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - C:\Program Files (x86)\Elantech\ETDCtrl.exe AddRemove-Ad-Aware Browsing Protection - C:\ProgramData\Ad-Aware Browsing Protection\uninstall.exe