ComboFix 13-10-04.02 - Eigenaar 07-10-2013 20:41:49.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.2037.782 [GMT 2:00] Gestart vanuit: E:\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\ipconfig.txt c:\users\Eigenaar\AppData\Local\Google\Chrome\User Data\Default\Preferences c:\users\Jeremy\AppData\Local\Google\Chrome\User Data\Default\Preferences . . (((((((((((((((((((( Bestanden Gemaakt van 2013-09-07 to 2013-10-07 )))))))))))))))))))))))))))))) . . 2013-10-07 18:51 . 2013-10-07 18:51 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-10-07 18:51 . 2013-10-07 18:51 -------- d-----w- c:\users\Jeremy\AppData\Local\temp 2013-10-07 18:51 . 2013-10-07 18:51 -------- d-----w- c:\users\Noah Jaira\AppData\Local\temp 2013-10-07 18:05 . 2013-10-07 18:05 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67E36F6F-6973-4726-8D61-8DBCB12021AA}\offreg.dll 2013-10-07 17:45 . 2013-09-15 22:50 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{67E36F6F-6973-4726-8D61-8DBCB12021AA}\mpengine.dll 2013-10-06 19:36 . 2013-10-06 19:36 181064 ----a-w- c:\windows\PSEXESVC.EXE 2013-10-06 19:34 . 2013-10-06 19:34 -------- d-----w- C:\RegBackup 2013-10-06 19:32 . 2013-10-06 19:32 -------- d-----w- c:\program files\Tweaking.com 2013-10-06 18:24 . 2013-10-06 18:50 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-10-06 15:51 . 2013-10-06 15:51 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes 2013-10-06 15:51 . 2013-10-06 15:51 -------- d-----w- c:\programdata\Malwarebytes 2013-10-06 11:10 . 2013-10-06 11:26 -------- d-----w- C:\AdwCleaner 2013-10-06 11:05 . 2013-10-06 10:27 24064 ----a-w- c:\windows\zoek-delete.exe 2013-10-06 11:05 . 2013-10-07 18:51 -------- d-----w- c:\users\Eigenaar\AppData\Local\Temp 2013-10-06 10:45 . 2013-10-06 11:09 -------- d-----w- C:\zoek 2013-10-03 15:21 . 2013-10-03 15:21 -------- d-----w- c:\program files\trend micro 2013-10-03 15:21 . 2013-10-03 15:21 -------- d-----w- C:\rsit 2013-10-03 14:09 . 2010-04-05 20:00 221568 ----a-w- c:\windows\system32\drivers\netio.sys 2013-09-29 07:08 . 2013-09-29 07:08 -------- d-----w- c:\windows\system32\RTCOM 2013-09-29 07:05 . 2009-05-05 07:35 163328 ----a-w- c:\windows\system32\drivers\Rtlh86.sys 2013-09-29 07:05 . 2009-03-05 22:54 73728 ----a-w- c:\windows\system32\RtNicProp32.dll 2013-09-28 13:48 . 2013-09-28 13:48 -------- d-----w- c:\users\Jeremy\AppData\Roaming\RealNetworks 2013-09-28 13:12 . 2013-09-28 13:12 -------- d-----w- c:\users\Jeremy\AppData\Roaming\TuneUp Software 2013-09-28 12:54 . 2013-09-28 12:54 -------- d-----w- c:\users\Jeremy\AppData\Roaming\AVG2014 2013-09-28 12:54 . 2013-09-28 12:54 -------- d-----w- c:\users\Jeremy\AppData\Local\Avg2014 2013-09-28 12:27 . 2013-09-28 12:27 -------- d-----w- c:\program files\MSBuild 2013-09-28 11:37 . 2013-09-28 11:37 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\AVG2014 2013-09-28 11:28 . 2013-10-07 17:00 -------- d-----w- c:\programdata\AVG2014 2013-09-28 11:23 . 2013-10-07 17:01 -------- d-----w- c:\users\Eigenaar\AppData\Local\Avg2014 2013-09-11 14:01 . 2013-09-11 14:01 -------- d-----w- c:\program files\Idols TALENTBOX 2013-09-11 13:59 . 2013-09-11 13:59 -------- d-----w- c:\windows\Downloaded Installations 2013-09-11 06:22 . 2013-07-16 04:35 615936 ----a-w- c:\windows\system32\themeui.dll 2013-09-11 06:22 . 2013-08-08 01:45 2049536 ----a-w- c:\windows\system32\win32k.sys 2013-09-09 10:41 . 2013-06-21 00:07 17864 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys 2013-09-09 10:41 . 2013-06-21 00:07 15560 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys 2013-09-09 10:41 . 2013-06-21 00:07 15560 ----a-w- c:\windows\system32\drivers\ssadcm.sys 2013-09-09 10:41 . 2013-06-21 00:07 153672 ----a-w- c:\windows\system32\drivers\ssadmdm.sys 2013-09-09 10:41 . 2013-06-21 00:07 15304 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys 2013-09-09 10:41 . 2013-06-21 00:07 15304 ----a-w- c:\windows\system32\drivers\ssadwh.sys 2013-09-09 10:41 . 2013-06-21 00:07 136904 ----a-w- c:\windows\system32\drivers\ssadbus.sys 2013-09-09 10:35 . 2013-06-21 00:07 17864 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2013-09-09 10:35 . 2013-06-21 00:07 15560 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2013-09-09 10:35 . 2013-06-21 00:07 15560 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2013-09-09 10:35 . 2013-06-21 00:07 153672 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2013-09-09 10:35 . 2013-06-21 00:07 15304 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2013-09-09 10:35 . 2013-06-21 00:07 15304 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2013-09-09 10:35 . 2013-06-21 00:07 136776 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2013-09-09 10:35 . 2013-06-21 00:07 130248 ----a-w- c:\windows\system32\drivers\sscdserd.sys 2013-09-09 10:12 . 2013-09-09 10:12 -------- d-----w- c:\users\Eigenaar\AppData\Local\Samsung 2013-09-09 10:06 . 2013-09-09 10:06 -------- d-----w- c:\program files\MyFree Codec 2013-09-09 10:06 . 2013-06-14 17:57 4659712 ----a-w- c:\windows\system32\Redemption.dll 2013-09-09 10:05 . 2013-06-14 17:56 20032 ----a-w- c:\windows\system32\drivers\dgderdrv.sys 2013-09-09 10:05 . 2013-06-14 17:56 821824 ----a-w- c:\windows\system32\dgderapi.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-09-29 07:08 . 2009-09-22 09:06 319456 ----a-w- c:\windows\DIFxAPI.dll 2013-09-05 07:48 . 2009-07-31 12:47 499712 ----a-w- c:\windows\system32\msvcp71.dll 2013-09-05 07:48 . 2009-07-31 12:47 348160 ----a-w- c:\windows\system32\msvcr71.dll 2013-08-11 12:11 . 2013-06-03 17:46 235 ----a-w- c:\windows\system32\nxEuUninstall.bat 2013-08-11 12:11 . 2013-06-03 17:46 446464 ----a-w- c:\windows\NEXON_EU_DownloaderUpdater.exe 2013-08-07 02:22 . 2009-10-03 06:44 238872 ------w- c:\windows\system32\MpSigStub.exe 2013-08-02 14:38 . 2013-08-02 14:38 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-08-02 14:38 . 2013-08-02 14:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-08-02 04:09 . 2013-09-01 06:09 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL 2013-07-22 11:45 . 2013-07-22 11:45 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-07-22 11:45 . 2012-06-15 06:34 867240 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-07-22 11:45 . 2012-06-15 06:34 789416 ----a-w- c:\windows\system32\deployJava1.dll 2013-07-17 19:41 . 2013-08-15 09:46 2048 ----a-w- c:\windows\system32\tzres.dll 2013-07-10 09:47 . 2013-08-15 09:46 783360 ----a-w- c:\windows\system32\rpcrt4.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136] "AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-29 95576] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-21 19875432] "KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-06-03 438272] "COMMUNICATOR"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2007-07-23 5803368] "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2013-09-04 1564528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "ControlCenter4"="c:\program files\ControlCenter4\BrCcBoot.exe" [2012-03-01 143360] "BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2011-12-13 2678784] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-08-16 152392] "TkBellExe"="c:\program files\Real\RealPlayer\Update\realsched.exe" [2013-09-05 295512] "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2013-09-04 311152] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-03-30 7289376] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-03-30 1833504] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-03 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-03 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-03 133656] . c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Eigenaar\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968] Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /noballoononstart [2013-8-15 385024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "NPSStartup"= "aaservice"="C:\Program Files/Timeslot/servicets.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-09-21 10:51 1177552 ----a-w- c:\program files\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-13 11:46] . 2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-13 11:46] . . ------- Bijkomende Scan ------- . IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: Interfaces\{391A2AFB-51A3-482A-98BC-507C53F2C7F9}: NameServer = 192.168.1.1,8.8.8.8 DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-ilividmoviestoolbarhaCR - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\GC\uninstall.exe AddRemove-ilividmoviestoolbarhaIE - c:\progra~1\MOVIES~1\Datamngr\SRTOOL~1\IE\uninstall.exe AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-10-07 20:51 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCCUJobMgr] "ImagePath"="\"c:\program files\Norton PC Checkup\Engine\2.0.17.20\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files\Norton PC Checkup\Engine\2.0.17.20\diMaster.dll\" /prefetch:1" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Voltooingstijd: 2013-10-07 20:54:57 ComboFix-quarantined-files.txt 2013-10-07 18:54 . Pre-Run: 57.499.922.432 bytes beschikbaar Post-Run: 57.253.081.088 bytes beschikbaar . - - End Of File - - B4EDFC42F03E3D54D8E44FAE021793AA 5C616939100B85E558DA92B899A0FC36