ComboFix 13-05-14.01 - Philip 15/05/2013 6:47.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1269 [GMT 2:00] Gestart vanuit: c:\users\Philip\Desktop\ComboFix.exe AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Voorgaande Run ------- . c:\programdata\ConetInUyetyOsaavvea c:\programdata\ConetInUyetyOsaavvea\5190c361a2e3f.tlb c:\programdata\ConetInUyetyOsaavvea\settings.ini c:\programdata\ConetInUyetyOsaavvea\uninstall.exe c:\programdata\Microsoft\Windows\Start Menu\Programs\ConetInUyetyOsaavvea c:\programdata\Microsoft\Windows\Start Menu\Programs\ConetInUyetyOsaavvea\ConetInUyetyOsaavvea.lnk c:\programdata\Microsoft\Windows\Start Menu\Programs\ConetInUyetyOsaavvea\Uninstall.lnk c:\users\Public\myphotobook-Setup.exe c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2013-04-15 to 2013-05-15 )))))))))))))))))))))))))))))) . . 2013-05-15 05:02 . 2013-05-15 05:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-05-15 05:02 . 2013-05-15 05:02 -------- d-----w- c:\users\Katrien\AppData\Local\temp 2013-05-15 05:02 . 2013-05-15 05:02 -------- d-----w- c:\users\Gast\AppData\Local\temp 2013-05-15 05:02 . 2013-05-15 05:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-14 17:55 . 2013-05-14 17:55 -------- d-----w- c:\program files\Common Files\Java 2013-05-14 17:54 . 2013-05-14 17:53 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-05-13 18:23 . 2013-05-13 18:23 388096 ----a-r- c:\users\Philip\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-05-13 18:23 . 2013-05-13 18:23 -------- d-----w- c:\program files\Trend Micro 2013-05-13 17:35 . 2013-05-13 17:35 -------- d-----w- c:\users\Philip\AppData\Local\Apps 2013-05-13 10:17 . 2013-05-13 10:17 -------- d-----w- c:\program files\HitmanPro 2013-05-13 10:16 . 2013-05-13 10:37 -------- d-----w- c:\programdata\HitmanPro 2013-05-13 09:59 . 2013-05-13 09:59 -------- d-----w- c:\programdata\StarApp 2013-05-13 09:59 . 2013-05-13 09:59 -------- d-----w- c:\programdata\BetterSoft 2013-05-13 09:59 . 2013-05-13 10:14 -------- d-----w- c:\program files\Optimizer Pro 2013-05-13 09:59 . 2013-05-13 09:59 -------- d-----w- c:\program files\ContinueToSave 2013-05-13 09:57 . 2013-05-13 09:59 -------- d-----w- c:\programdata\InstallMate 2013-05-13 09:55 . 2013-05-13 09:55 -------- d-----w- c:\users\Philip\AppData\Roaming\ExpressFiles 2013-05-13 09:23 . 2013-05-13 09:23 -------- d-----w- c:\users\Philip\AppData\Roaming\ParetoLogic 2013-05-13 09:23 . 2013-05-13 09:23 -------- d-----w- c:\users\Philip\AppData\Roaming\DriverCure 2013-05-13 09:22 . 2013-05-13 10:14 -------- d-----w- c:\programdata\ParetoLogic 2013-04-23 17:52 . 2013-03-03 19:07 1082232 ----a-w- c:\windows\system32\drivers\ntfs.sys . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-14 17:53 . 2012-07-13 18:41 866720 ----a-w- c:\windows\system32\npdeployJava1.dll 2013-05-14 17:53 . 2010-05-21 12:48 788896 ----a-w- c:\windows\system32\deployJava1.dll 2013-05-10 13:05 . 2011-08-10 08:26 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-03-14 10:14 . 2012-09-04 09:02 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-03-14 10:14 . 2011-11-30 11:52 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-03-11 13:25 . 2013-04-11 12:45 3603816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-03-11 13:25 . 2013-04-11 12:45 3551080 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-09 03:45 . 2013-04-11 12:45 49152 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-09 01:28 . 2013-04-11 12:45 64000 ----a-w- c:\windows\system32\smss.exe 2013-03-08 03:53 . 2013-04-11 12:44 376320 ----a-w- c:\windows\system32\winsrv.dll 2013-03-08 03:52 . 2013-04-11 12:44 2067968 ----a-w- c:\windows\system32\mstscax.dll 2013-03-05 01:40 . 2013-04-11 12:44 2049024 ----a-w- c:\windows\system32\win32k.sys 2013-02-25 22:22 . 2013-02-25 22:22 1985824 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-02-25 22:22 . 2011-10-26 13:46 1017120 ----a-w- c:\windows\system32\nvdispco32.dll 2013-02-25 22:22 . 2013-02-25 22:22 6262608 ----a-w- c:\windows\system32\nvopencl.dll 2013-02-25 22:22 . 2013-02-25 22:22 12641992 ----a-w- c:\windows\system32\nvwgf2um.dll 2013-02-25 22:22 . 2012-10-10 20:14 892704 ----a-w- c:\windows\system32\nvdispgenco32.dll 2013-02-25 22:22 . 2012-10-10 20:14 2505144 ----a-w- c:\windows\system32\nvapi.dll 2013-02-25 22:22 . 2013-02-25 22:22 15129960 ----a-w- c:\windows\system32\nvd3dum.dll 2013-02-25 22:22 . 2013-02-25 22:22 7932256 ----a-w- c:\windows\system32\nvcuda.dll 2013-02-25 22:22 . 2013-02-25 22:22 17560352 ----a-w- c:\windows\system32\nvcompiler.dll 2013-02-25 22:22 . 2013-02-25 22:22 20449056 ----a-w- c:\windows\system32\nvoglv32.dll 2013-02-25 22:22 . 2013-02-25 22:22 8939296 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-02-25 22:22 . 2013-02-25 22:22 2720544 ----a-w- c:\windows\system32\nvcuvid.dll 2012-09-21 20:12 . 2012-09-21 20:12 4096000 ----a-w- c:\program files\GUTEC4E.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-03-01 4390912] "RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 232184] "toolbar_eula_launcher"="c:\program files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 28672] "ACTIVBOARD"="c:\program files\Packard Bell\FIJI\aboard.exe" [2007-01-18 79416] "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache bthsvcs REG_MULTI_SZ BthServ . Inhoud van de 'Gedeelde Taken' map . 2013-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-04 10:14] . 2013-05-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 13:12] . 2013-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 13:12] . 2013-05-14 c:\windows\Tasks\Uitgebreide garantie.job - c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-07-09 16:38] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Verzenden naar OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-Foto.com's Editor_is1 - c:\program files\Foto.com\Foto.com Editor\unins000.exe AddRemove-{C1C6816E-CBB3-A748-85F9-A8B47B68985B} - c:\programdata\ConetInUyetyOsaavvea\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-05-15 07:02 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIS] "ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\19.9.1.14\diMaster.dll\" /prefetch:1" . Voltooingstijd: 2013-05-15 07:06:31 ComboFix-quarantined-files.txt 2013-05-15 05:06 . Pre-Run: 155.627.081.728 bytes beschikbaar Post-Run: 155.326.803.968 bytes beschikbaar . - - End Of File - - 514BF85EF54993C4C0C4E5F06B769910