ComboFix 14-11-25.01 - user 25/11/2014  22:30:58.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.32.1043.18.4008.2904 [GMT 1:00]
Gestart vanuit: c:\users\user\Desktop\ComboFix.exe.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\livesafer
c:\program files (x86)\livesafer\LiveSaferAPI.dll
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-10-25 to 2014-11-25  ))))))))))))))))))))))))))))))
.
.
2014-11-25 21:35 . 2014-11-25 21:35	--------	d-----w-	c:\users\TEMP.user-PC\AppData\Local\temp
2014-11-25 21:35 . 2014-11-25 21:35	--------	d-----w-	c:\users\TEMP.user-PC.000\AppData\Local\temp
2014-11-25 21:25 . 2014-11-25 21:25	4443312	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-11-25 16:28 . 2014-11-25 16:28	--------	d-----w-	c:\program files (x86)\Tweaking.com
2014-11-24 22:04 . 2014-11-24 22:04	--------	d-----w-	c:\programdata\Doctor Web
2014-11-24 21:51 . 2014-11-24 21:51	--------	d-----w-	c:\users\user\Doctor Web
2014-11-24 17:40 . 2014-11-24 17:42	--------	d-----w-	C:\AdwCleaner
2014-11-23 21:39 . 2014-11-25 21:35	--------	d-----w-	c:\users\user\AppData\Local\Temp
2014-11-23 21:39 . 2014-11-23 21:24	24064	----a-w-	c:\windows\zoek-delete.exe
2014-11-21 18:29 . 2014-11-23 21:35	--------	d-----w-	C:\zoek_backup
2014-11-20 21:51 . 2014-11-20 21:51	--------	d-s---w-	c:\windows\SysWow64\Microsoft
2014-11-19 17:58 . 2014-11-21 11:21	--------	d-----w-	C:\rsit
2014-11-19 17:58 . 2014-11-21 11:21	--------	d-----w-	c:\program files\trend micro
2014-11-19 16:58 . 2014-11-19 16:58	--------	d-----w-	c:\program files (x86)\Trend Micro
2014-11-18 22:02 . 2014-11-11 03:08	241152	----a-w-	c:\windows\system32\pku2u.dll
2014-11-18 22:02 . 2014-11-11 03:08	728064	----a-w-	c:\windows\system32\kerberos.dll
2014-11-18 22:02 . 2014-11-11 02:44	186880	----a-w-	c:\windows\SysWow64\pku2u.dll
2014-11-18 22:02 . 2014-11-11 02:44	550912	----a-w-	c:\windows\SysWow64\kerberos.dll
2014-11-17 18:02 . 2014-11-17 18:02	--------	d-----w-	c:\users\user\AppData\Roaming\Panda Security
2014-11-17 17:13 . 2014-11-17 17:13	--------	d-----w-	c:\program files (x86)\Panda Security
2014-11-17 17:06 . 2014-11-17 18:02	--------	d-----w-	c:\programdata\Panda Security
2014-11-13 23:40 . 2014-11-05 17:56	304640	----a-w-	c:\windows\system32\generaltel.dll
2014-11-13 23:40 . 2014-11-05 17:56	228864	----a-w-	c:\windows\system32\aepdu.dll
2014-11-13 23:40 . 2014-11-05 17:52	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-11-13 23:40 . 2014-10-14 02:16	155064	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2014-11-13 23:40 . 2014-10-14 02:13	683520	----a-w-	c:\windows\system32\termsrv.dll
2014-11-13 23:40 . 2014-10-14 02:12	1460736	----a-w-	c:\windows\system32\lsasrv.dll
2014-11-13 23:40 . 2014-10-14 02:09	146432	----a-w-	c:\windows\system32\msaudite.dll
2014-11-13 23:40 . 2014-10-14 02:07	681984	----a-w-	c:\windows\system32\adtschema.dll
2014-11-13 23:40 . 2014-10-14 01:50	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2014-11-13 23:40 . 2014-10-14 01:49	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2014-11-13 23:40 . 2014-10-14 01:47	146432	----a-w-	c:\windows\SysWow64\msaudite.dll
2014-11-13 23:40 . 2014-10-14 01:46	681984	----a-w-	c:\windows\SysWow64\adtschema.dll
2014-11-13 23:38 . 2014-09-19 09:42	210944	----a-w-	c:\windows\system32\wdigest.dll
2014-11-13 23:37 . 2014-10-14 02:13	3241984	----a-w-	c:\windows\system32\msi.dll
2014-11-13 23:37 . 2014-10-14 01:50	2363904	----a-w-	c:\windows\SysWow64\msi.dll
2014-11-13 23:37 . 2014-10-18 02:05	861696	----a-w-	c:\windows\system32\oleaut32.dll
2014-11-13 23:37 . 2014-10-18 01:33	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2014-11-13 21:56 . 2014-11-13 21:56	--------	d-----w-	c:\users\user\AppData\Local\MFAData
2014-11-12 20:12 . 2014-11-12 20:12	--------	d-sh--w-	c:\users\dirk\AppData\Local\EmieBrowserModeList
2014-11-12 20:10 . 2014-11-12 20:10	--------	d-sh--w-	c:\users\bernadette.user-PC\AppData\Local\EmieBrowserModeList
2014-11-12 17:58 . 2014-11-12 17:58	--------	d-sh--w-	c:\users\user\AppData\Local\EmieUserList
2014-11-12 17:58 . 2014-11-12 17:58	--------	d-sh--w-	c:\users\user\AppData\Local\EmieSiteList
2014-11-12 17:58 . 2014-11-12 17:58	--------	d-sh--w-	c:\users\user\AppData\Local\EmieBrowserModeList
2014-11-11 19:47 . 2014-11-11 19:47	--------	d-----w-	c:\users\bernadette.user-PC\AppData\Local\Diagnostics
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-25 21:25 . 2013-04-11 20:42	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-25 21:25 . 2013-04-11 20:42	701104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-14 00:41 . 2012-06-18 08:25	103374192	----a-w-	c:\windows\system32\MRT.exe
2014-09-25 02:08 . 2014-10-01 07:06	371712	----a-w-	c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 07:06	519680	----a-w-	c:\windows\SysWow64\qdvd.dll
2014-09-09 22:11 . 2014-09-24 17:23	2048	----a-w-	c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 17:23	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2014-09-04 05:23 . 2014-10-15 06:32	424448	----a-w-	c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 06:32	372736	----a-w-	c:\windows\SysWow64\rastls.dll
2014-08-30 10:07 . 2014-08-30 10:07	50976	----a-w-	c:\windows\system32\drivers\avgtpx64.sys
2014-08-29 03:18 . 2010-06-24 19:33	23256	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveSafer;LiveSafer Service;c:\program files\LiveSafer\LiveSafer.exe;c:\program files\LiveSafer\LiveSafer.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\drivers\dc3d.sys;c:\windows\SYSNATIVE\drivers\dc3d.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\drivers\point64.sys;c:\windows\SYSNATIVE\drivers\point64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - 458758BE3491530E
*NewlyCreated* - 4F975BA23E815012
*Deregistered* - 458758BE3491530E
*Deregistered* - 4F975BA23E815012
.
Inhoud van de 'Gedeelde Taken' map
.
2014-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-11 21:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LiveSafer Blue]
@="{00DE0404-4D5D-4821-8ED2-230C43F07E84}"
[HKEY_CLASSES_ROOT\CLSID\{00DE0404-4D5D-4821-8ED2-230C43F07E84}]
2012-07-24 12:00	2892712	----a-w-	c:\program files\LiveSafer\LiveSaferAPI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LiveSafer Green]
@="{00DE0401-4D5D-4821-8ED2-230C43F07E84}"
[HKEY_CLASSES_ROOT\CLSID\{00DE0401-4D5D-4821-8ED2-230C43F07E84}]
2012-07-24 12:00	2892712	----a-w-	c:\program files\LiveSafer\LiveSaferAPI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LiveSafer Red]
@="{00DE0403-4D5D-4821-8ED2-230C43F07E84}"
[HKEY_CLASSES_ROOT\CLSID\{00DE0403-4D5D-4821-8ED2-230C43F07E84}]
2012-07-24 12:00	2892712	----a-w-	c:\program files\LiveSafer\LiveSaferAPI.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\LiveSafer Yellow]
@="{00DE0402-4D5D-4821-8ED2-230C43F07E84}"
[HKEY_CLASSES_ROOT\CLSID\{00DE0402-4D5D-4821-8ED2-230C43F07E84}]
2012-07-24 12:00	2892712	----a-w-	c:\program files\LiveSafer\LiveSaferAPI.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-08-15 7288424]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-20 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-20 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-20 439064]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
.
------- Bijkomende Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\zgm9jccl.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.
- - - - ORPHANS VERWIJDERD - - - -
.
ShellIconOverlayIdentifiers-{00DE0404-4D5D-4821-8ED2-230C43F07E84} - c:\program files (x86)\LiveSafer\LiveSaferAPI.dll
ShellIconOverlayIdentifiers-{00DE0401-4D5D-4821-8ED2-230C43F07E84} - c:\program files (x86)\LiveSafer\LiveSaferAPI.dll
ShellIconOverlayIdentifiers-{00DE0403-4D5D-4821-8ED2-230C43F07E84} - c:\program files (x86)\LiveSafer\LiveSaferAPI.dll
ShellIconOverlayIdentifiers-{00DE0402-4D5D-4821-8ED2-230C43F07E84} - c:\program files (x86)\LiveSafer\LiveSaferAPI.dll
SafeBoot-TweakingRunAsSystem0001
SafeBoot-TweakingRunAsSystem0002
SafeBoot-TweakingRunAsSystem0003
SafeBoot-TweakingRunAsSystem0004
SafeBoot-TweakingRunAsSystem0005
SafeBoot-TweakingRunAsSystem0006
SafeBoot-TweakingRunAsSystem0007
SafeBoot-TweakingRunAsSystem0008
SafeBoot-TweakingRunAsSystem0009
SafeBoot-TweakingRunAsSystem0010
SafeBoot-TweakingRunAsSystem0011
SafeBoot-TweakingRunAsSystem0012
SafeBoot-TweakingRunAsSystem0013
SafeBoot-TweakingRunAsSystem0014
SafeBoot-TweakingRunAsSystem0015
SafeBoot-TweakingRunAsSystem0016
SafeBoot-TweakingRunAsSystem0017
SafeBoot-TweakingRunAsSystem0018
SafeBoot-TweakingRunAsSystem0019
SafeBoot-TweakingRunAsSystem0020
SafeBoot-TweakingRunAsSystem0021
SafeBoot-TweakingRunAsSystem0022
SafeBoot-TweakingRunAsSystem0023
SafeBoot-TweakingRunAsSystem0024
SafeBoot-TweakingRunAsSystem0025
SafeBoot-TweakingRunAsSystem0026
SafeBoot-TweakingRunAsSystem0027
SafeBoot-TweakingRunAsSystem0028
SafeBoot-TweakingRunAsSystem0029
SafeBoot-TweakingRunAsSystem0030
SafeBoot-TweakingRunAsSystem0031
SafeBoot-TweakingRunAsSystem0032
SafeBoot-TweakingRunAsSystem0033
SafeBoot-TweakingRunAsSystem0034
SafeBoot-TweakingRunAsSystem0035
SafeBoot-TweakingRunAsSystem0036
SafeBoot-TweakingRunAsSystem0037
SafeBoot-TweakingRunAsSystem0038
SafeBoot-TweakingRunAsSystem0039
SafeBoot-TweakingRunAsSystem0040
SafeBoot-TweakingRunAsSystem0041
SafeBoot-TweakingRunAsSystem0042
SafeBoot-TweakingRunAsSystem0043
SafeBoot-TweakingRunAsSystem0044
SafeBoot-TweakingRunAsSystem0045
SafeBoot-TweakingRunAsSystem0046
SafeBoot-TweakingRunAsSystem0047
SafeBoot-TweakingRunAsSystem0048
SafeBoot-TweakingRunAsSystem0049
SafeBoot-TweakingRunAsSystem0050
SafeBoot-TweakingRunAsSystem0051
SafeBoot-TweakingRunAsSystem0052
SafeBoot-TweakingRunAsSystem0053
SafeBoot-TweakingRunAsSystem0054
SafeBoot-TweakingRunAsSystem0055
SafeBoot-TweakingRunAsSystem0056
SafeBoot-TweakingRunAsSystem0057
SafeBoot-TweakingRunAsSystem0058
SafeBoot-TweakingRunAsSystem0059
SafeBoot-TweakingRunAsSystem0060
SafeBoot-TweakingRunAsSystem0061
SafeBoot-TweakingRunAsSystem0062
SafeBoot-TweakingRunAsSystem0063
SafeBoot-TweakingRunAsSystem0064
SafeBoot-TweakingRunAsSystem0065
SafeBoot-TweakingRunAsSystem0066
SafeBoot-TweakingRunAsSystem0067
SafeBoot-TweakingRunAsSystem0068
SafeBoot-TweakingRunAsSystem0069
SafeBoot-TweakingRunAsSystem0070
SafeBoot-TweakingRunAsSystem0071
SafeBoot-TweakingRunAsSystem0072
SafeBoot-TweakingRunAsSystem0073
SafeBoot-TweakingRunAsSystem0074
SafeBoot-TweakingRunAsSystem0075
SafeBoot-TweakingRunAsSystem0076
SafeBoot-TweakingRunAsSystem0077
SafeBoot-TweakingRunAsSystem0078
SafeBoot-TweakingRunAsSystem0079
SafeBoot-TweakingRunAsSystem0080
SafeBoot-TweakingRunAsSystem0081
SafeBoot-TweakingRunAsSystem0082
SafeBoot-TweakingRunAsSystem0083
SafeBoot-TweakingRunAsSystem0084
SafeBoot-TweakingRunAsSystem0085
SafeBoot-TweakingRunAsSystem0086
SafeBoot-TweakingRunAsSystem0087
SafeBoot-TweakingRunAsSystem0088
SafeBoot-TweakingRunAsSystem0089
SafeBoot-TweakingRunAsSystem0090
SafeBoot-TweakingRunAsSystem0091
SafeBoot-TweakingRunAsSystem0092
SafeBoot-TweakingRunAsSystem0093
SafeBoot-TweakingRunAsSystem0094
SafeBoot-TweakingRunAsSystem0095
SafeBoot-TweakingRunAsSystem0096
SafeBoot-TweakingRunAsSystem0097
SafeBoot-TweakingRunAsSystem0098
SafeBoot-TweakingRunAsSystem0099
SafeBoot-TweakingRunAsSystem0100
SafeBoot-TweakingRunAsTrustedInstaller0001
SafeBoot-TweakingRunAsTrustedInstaller0002
SafeBoot-TweakingRunAsTrustedInstaller0003
SafeBoot-TweakingRunAsTrustedInstaller0004
SafeBoot-TweakingRunAsTrustedInstaller0005
SafeBoot-TweakingRunAsTrustedInstaller0006
SafeBoot-TweakingRunAsTrustedInstaller0007
SafeBoot-TweakingRunAsTrustedInstaller0008
SafeBoot-TweakingRunAsTrustedInstaller0009
SafeBoot-TweakingRunAsTrustedInstaller0010
SafeBoot-TweakingRunAsTrustedInstaller0011
SafeBoot-TweakingRunAsTrustedInstaller0012
SafeBoot-TweakingRunAsTrustedInstaller0013
SafeBoot-TweakingRunAsTrustedInstaller0014
SafeBoot-TweakingRunAsTrustedInstaller0015
SafeBoot-TweakingRunAsTrustedInstaller0016
SafeBoot-TweakingRunAsTrustedInstaller0017
SafeBoot-TweakingRunAsTrustedInstaller0018
SafeBoot-TweakingRunAsTrustedInstaller0019
SafeBoot-TweakingRunAsTrustedInstaller0020
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2014-11-25  22:36:44
ComboFix-quarantined-files.txt  2014-11-25 21:36
.
Pre-Run: 91.017.306.112 bytes beschikbaar
Post-Run: 90.561.908.736 bytes beschikbaar
.
- - End Of File - - EA2C17A09C2232286394CE4666F72FB1
A36C5E4F47E84449FF07ED3517B43A31