ComboFix 13-05-01.03 - Kevin 01/05/2013 13:20:14.1.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.32.1043.18.1790.850 [GMT 2:00] Gestart vanuit: c:\users\Kevin\Downloads\ComboFix.exe AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855} FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E} SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Kevin\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))) . . 2013-05-01 11:32 . 2013-05-01 11:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-01 11:32 . 2013-05-01 11:32 -------- d-----w- c:\users\Davina\AppData\Local\temp 2013-05-01 10:07 . 2012-11-30 06:57 31584 ----a-w- c:\windows\system32\TURegOpt.exe 2013-05-01 10:07 . 2012-11-30 06:57 21344 ----a-w- c:\windows\system32\authuitu.dll 2013-05-01 10:05 . 2013-05-01 10:05 -------- d-----w- c:\users\Kevin\AppData\Roaming\TuneUp Software 2013-05-01 10:04 . 2013-05-01 10:06 -------- d-----w- c:\program files\TuneUp Utilities 2013 2013-05-01 10:04 . 2013-05-01 10:04 -------- d-----w- c:\program files\CCleaner 2013-05-01 10:04 . 2013-05-01 10:05 -------- d-----w- c:\programdata\TuneUp Software 2013-05-01 10:04 . 2013-05-01 10:04 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} 2013-05-01 10:04 . 2013-05-01 10:04 -------- d--h--w- c:\programdata\Common Files 2013-05-01 10:03 . 2013-05-01 10:03 -------- d-----w- c:\users\Kevin\AppData\Roaming\OpenCandy 2013-04-30 16:05 . 2013-04-30 16:05 -------- d-----w- c:\windows\ERUNT 2013-04-30 16:05 . 2013-04-30 16:05 -------- d-----w- C:\JRT 2013-04-26 23:09 . 2013-04-26 22:49 24064 ----a-w- c:\windows\zoek-delete.exe 2013-04-26 23:09 . 2013-05-01 11:37 -------- d-----w- c:\users\Kevin\AppData\Local\Temp 2013-04-26 18:18 . 2013-04-26 18:18 -------- d-----w- c:\users\Kevin\AppData\Roaming\McAfee 2013-04-26 18:18 . 2013-04-26 18:18 -------- d-----w- c:\program files\McAfee 2013-04-24 05:08 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-23 19:36 . 2013-04-23 19:36 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes 2013-04-23 19:35 . 2013-04-23 19:35 -------- d-----w- c:\programdata\Malwarebytes 2013-04-23 19:35 . 2013-04-23 19:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-04-23 19:35 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-04-23 18:59 . 2013-03-11 23:10 237088 ------w- c:\windows\system32\MpSigStub.exe 2013-04-23 13:46 . 2013-04-23 13:46 -------- d-----w- c:\program files\Badosoft 2013-04-22 19:57 . 2013-04-22 19:57 -------- d-----w- c:\program files\Common Files\Java 2013-04-22 19:54 . 2013-04-04 03:35 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-04-10 05:00 . 2013-03-11 13:25 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-04-10 05:00 . 2013-03-11 13:25 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-04-10 05:00 . 2013-03-09 03:45 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-04-10 05:00 . 2013-03-09 01:28 64000 ----a-w- c:\windows\system32\smss.exe 2013-04-10 05:00 . 2013-03-08 03:52 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-04-10 05:00 . 2013-03-08 03:53 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-04-10 05:00 . 2013-03-05 01:40 2049024 ----a-w- c:\windows\system32\win32k.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-04-17 04:31 . 2013-04-29 05:44 6906960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{24468E14-6BAC-4AFD-9CFF-0781CA20C249}\mpengine.dll 2013-04-15 05:24 . 2012-04-02 05:51 691592 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-04-15 05:24 . 2011-05-18 06:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-11 06:30 . 2012-07-14 16:06 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-03-11 06:30 . 2010-05-11 05:42 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-12 01:57 . 2013-03-21 17:58 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-04-12 10:01 . 2013-04-12 10:00 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-10-01 20:18 . 2013-04-12 10:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2008-02-04 1038136] "Steam"="c:\program files\Steam\Steam.exe" [2013-03-29 1631144] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-01-14 1688872] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-11 68856] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Spotify Web Helper"="c:\users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-04-18 1105408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-01 857648] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-08-17 4702208] "Skytel"="Skytel.exe" [2007-08-03 1826816] "CarboniteSetupLite"="c:\program files\Packard Bell\Carbonite\CarboniteSetupLitePBPreInstaller.exe" [2008-04-07 306112] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048] "PCMAgent"="c:\program files\CyberLink\PowerCinema\PCMAgent.exe" [2008-03-21 143360] "CLMLServer"="c:\program files\CyberLink\PowerCinema\Kernel\CLML\CLMLSvc.exe" [2008-04-11 196608] "PlayMovie"="c:\program files\CyberLink\PlayMovie\PMVService.exe" [2008-03-31 172032] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-10-01 30192] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "Ulead AutoDetector"="c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe" [2003-11-19 45056] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192] "Google Updater"="c:\program files\Google\Google Updater\GoogleUpdater.exe" [2011-09-09 161336] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify] 2013-04-18 06:48 4555776 ----a-w- c:\users\Kevin\AppData\Roaming\Spotify\spotify.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper] 2013-04-18 06:48 1105408 ----a-w- c:\users\Kevin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - COMHOST *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-04-10 05:30 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 05:24] . 2013-05-01 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-21 07:21] . 2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 16:17] . 2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 16:17] . 2013-04-29 c:\windows\Tasks\Norton Internet Security - Volledige systeemscan uitvoeren - Kevin.job - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2008-02-07 07:05] . 2013-04-30 c:\windows\Tasks\Norton Security Scan for Kevin.job - c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-04-28 07:48] . 2013-05-01 c:\windows\Tasks\Recovery DVD Creator-Kevin.job - c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-11-11 09:13] . 2013-05-01 c:\windows\Tasks\Uitgebreide garantie-Kevin.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-11-11 09:13] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 10.0.0.1 FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\7k4p75u2.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-ares - c:\program files\Ares\Ares.exe AddRemove-AutocompletePro2_is1 - c:\program files\AutocompletePro\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-01 13:37 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}] "ImagePath"="\??\c:\program files\CyberLink\PlayMovie\000.fcl" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\Ati2evxx.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\windows\system32\conime.exe c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\IoctlSvc.exe c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe c:\windows\RtHDVCpl.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\DllHost.exe . ************************************************************************** . Voltooingstijd: 2013-05-01 13:46:27 - machine werd herstart ComboFix-quarantined-files.txt 2013-05-01 11:46 . Pre-Run: 77.842.624.512 bytes beschikbaar Post-Run: 77.562.638.336 bytes beschikbaar . - - End Of File - - 1680056CDBD925A1F61BA517476CFA5C