ofComboFix 15-01-08.01 - Minecraft server 17/01/2015   8:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.3582.2191 [GMT 1:00]
Gestart vanuit: c:\users\Minecraft server\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Microsoft Security Essentials *Disabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Microsoft Security Essentials *Disabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\bo
c:\users\Hoofdgebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\yr1iud36.default\extensions\6tjf6o@ioyihvynmw.net
c:\users\Hoofdgebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\yr1iud36.default\extensions\6tjf6o@ioyihvynmw.net\content\bg.js
c:\users\Hoofdgebruiker\AppData\Roaming\Origin
c:\users\Hoofdgebruiker\AppData\Roaming\Origin\Cloud Saves\blacklist
c:\users\Hoofdgebruiker\AppData\Roaming\Origin\local.xml
c:\windows\iun6002.exe
c:\windows\msdownld.tmp
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\security\Syslogs
c:\windows\security\Syslogs\bl.dat
c:\windows\security\Syslogs\config.xml
c:\windows\security\Syslogs\core32_1.dll
c:\windows\security\Syslogs\help.html
c:\windows\security\Syslogs\LanguageD
c:\windows\security\Syslogs\report.html
c:\windows\security\Syslogs\reportscheme.html
c:\windows\security\Syslogs\reporttemplate.txt
c:\windows\security\Syslogs\screenreportscheme.html
c:\windows\system32\AppInitHook321.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2014-12-17 to 2015-01-17  ))))))))))))))))))))))))))))))
.
.
2015-01-17 07:28 . 2015-01-17 07:28	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2015-01-17 07:28 . 2015-01-17 07:28	--------	d-----w-	c:\users\Gast.VIPC\AppData\Local\temp
2015-01-17 07:28 . 2015-01-17 07:35	--------	d-----w-	c:\users\Hoofdgebruiker\AppData\Local\temp
2015-01-17 07:28 . 2015-01-17 07:28	--------	d-----w-	c:\users\Minecraft server\AppData\Local\temp
2015-01-16 17:41 . 2014-09-17 04:45	908840	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E725C189-4448-4882-B9DD-04826EE459AB}\gapaengine.dll
2015-01-16 17:34 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E5446E06-F2D2-4735-9C3F-F4A1E6DFBE47}\mpengine.dll
2015-01-15 18:21 . 2015-01-15 18:25	--------	d-----w-	c:\users\Minecraft server\AppData\Local\NBTExplorer
2015-01-15 15:41 . 2014-12-02 11:01	9054624	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-01-14 14:37 . 2015-01-14 14:37	--------	d-----w-	c:\users\Hoofdgebruiker\AppData\Local\Echobit
2015-01-13 18:51 . 2015-01-13 18:51	--------	d-----w-	C:\Riot Games
2015-01-13 18:48 . 2015-01-13 18:53	--------	d-----w-	c:\users\Minecraft server\AppData\Roaming\Riot Games
2015-01-11 08:27 . 2015-01-11 08:27	--------	d-----w-	c:\users\Minecraft server\AppData\Local\Vitalwerks
2015-01-11 08:27 . 2015-01-11 08:27	--------	d-----w-	c:\program files\No-IP
2015-01-04 15:23 . 2015-01-04 15:23	--------	d-----w-	c:\users\Hoofdgebruiker\AppData\Roaming\Sony Creative Software Inc
2015-01-04 13:41 . 2015-01-04 13:41	--------	d-----w-	C:\zoek_backup
2015-01-04 10:52 . 2015-01-04 10:52	114904	----a-w-	c:\windows\system32\drivers\19A23FA4.sys
2015-01-04 10:16 . 2015-01-04 10:17	--------	d-----w-	C:\rsit
2015-01-04 10:16 . 2015-01-04 10:17	--------	d-----w-	c:\program files\trend micro
2015-01-03 20:42 . 2015-01-03 20:42	--------	d-----w-	c:\programdata\Sony
2015-01-03 20:42 . 2015-01-03 20:42	--------	d-----w-	c:\users\Hoofdgebruiker\AppData\Roaming\Publish Providers
2015-01-03 20:42 . 2015-01-04 15:11	--------	d-----w-	c:\users\Hoofdgebruiker\AppData\Roaming\Sony
2015-01-03 17:19 . 2015-01-07 10:52	--------	d-----w-	c:\windows\system32\CatRoot2
2015-01-03 17:09 . 2015-01-17 07:35	--------	d-----w-	c:\windows\system32\wbem\repository
2015-01-03 16:55 . 2015-01-03 16:55	--------	d-----w-	C:\RegBackup
2015-01-03 16:54 . 2015-01-03 16:54	--------	d-----w-	c:\program files\Tweaking.com
2015-01-03 09:51 . 2015-01-03 09:51	--------	d-----w-	c:\users\Minecraft server\AppData\Local\IsolatedStorage
2015-01-03 09:43 . 2015-01-03 16:43	--------	d-----w-	c:\users\Minecraft server\AppData\Roaming\Skype
2015-01-02 15:01 . 2015-01-02 15:01	--------	d-----w-	c:\programdata\Malwarebytes
2015-01-02 08:22 . 2015-01-02 08:22	--------	d-----w-	c:\users\Minecraft server\AppData\Local\ElevatedDiagnostics
2015-01-02 08:10 . 2015-01-03 07:36	--------	d-----w-	C:\AdwCleaner
2015-01-01 20:33 . 2015-01-01 20:33	--------	d-----w-	c:\program files\Common Files\Skype
2015-01-01 06:39 . 2015-01-01 06:39	--------	d-sh--w-	c:\programdata\SecuROM
2015-01-01 06:14 . 2015-01-01 06:14	--------	d-----w-	c:\users\Minecraft server\AppData\Roaming\New Technology Studio
2015-01-01 06:14 . 2015-01-01 06:14	--------	d-----w-	c:\users\Minecraft server\AppData\Local\New Technology Studio
2014-12-31 21:17 . 2014-12-31 21:17	--------	d-----w-	c:\program files\Universal Extractor
2014-12-31 20:43 . 2015-01-02 19:13	--------	d-----w-	c:\users\Minecraft server\AppData\Local\Rockstar Games
2014-12-31 20:30 . 2014-12-31 20:30	107888	----a-w-	c:\windows\system32\CmdLineExt.dll
2014-12-31 19:56 . 2015-01-02 19:13	--------	d-----w-	c:\program files\Rockstar Games
2014-12-28 17:51 . 2014-12-28 17:51	--------	d-----w-	c:\programdata\dllescort
2014-12-28 17:51 . 2014-12-28 17:54	--------	d-----w-	c:\program files\DLLEscort
2014-12-19 19:12 . 2014-12-19 19:12	--------	d-----w-	C:\Games
2014-12-18 16:35 . 2010-05-26 10:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2014-12-18 16:34 . 2014-12-18 16:34	--------	d-----w-	c:\program files\Echobit
2014-12-18 16:34 . 2014-12-18 16:34	--------	d-----w-	c:\programdata\Echobit
2014-12-18 16:34 . 2014-12-18 16:34	--------	d-----w-	c:\users\Minecraft server\AppData\Local\Echobit
2014-12-18 14:44 . 2014-12-18 14:44	--------	d--h--r-	c:\users\Minecraft server\AppData\Roaming\SecuROM
2014-12-18 13:38 . 2014-12-18 13:38	--------	d-----w-	c:\users\Minecraft server\AppData\Local\SKIDROW
2014-12-18 13:37 . 2014-12-18 13:37	--------	d-----w-	c:\program files\redacted
2014-12-18 13:36 . 2014-12-18 13:37	--------	d-----w-	c:\program files\sound
2014-12-18 13:36 . 2014-12-18 13:37	--------	d-----w-	c:\program files\zone
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-31 11:13 . 2012-06-04 15:24	249488	------w-	c:\windows\system32\MpSigStub.exe
2014-12-17 18:44 . 2014-12-13 19:00	139424	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2014-12-17 18:44 . 2014-12-13 19:00	282104	----a-w-	c:\windows\system32\PnkBstrB.exe
2014-12-17 18:44 . 2013-06-28 14:53	282104	----a-w-	c:\windows\system32\PnkBstrB.xtr
2014-12-17 18:40 . 2013-06-28 11:29	234768	----a-w-	c:\windows\system32\PnkBstrB.ex0
2014-12-14 20:33 . 2012-06-16 16:56	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2014-12-14 20:33 . 2012-06-16 16:56	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2014-12-13 19:22 . 2014-12-13 19:00	76888	----a-w-	c:\windows\system32\PnkBstrA.exe
2014-12-13 19:00 . 2014-12-13 19:00	138056	----a-w-	c:\users\Minecraft server\AppData\Roaming\PnkBstrK.sys
2014-11-30 16:28 . 2014-11-30 11:40	112832	----a-w-	c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2014-11-22 08:02 . 2014-01-28 17:16	787800	----a-w-	c:\windows\system32\drivers\aswsnx.sys
2014-11-20 20:27 . 2014-01-28 17:16	423784	----a-w-	c:\windows\system32\drivers\aswsp.sys
2014-11-08 19:12 . 2014-01-28 17:16	57928	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2014-11-08 19:12 . 2014-01-28 17:16	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2014-11-08 19:12 . 2014-01-28 17:16	206248	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2014-11-08 19:12 . 2014-01-28 17:16	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2014-11-08 19:12 . 2014-11-09 20:26	291352	----a-w-	c:\windows\system32\aswBoot.exe
2014-11-08 19:12 . 2014-11-08 19:12	43152	----a-w-	c:\windows\avastSS.scr
2014-11-08 19:12 . 2014-05-10 17:15	24184	----a-w-	c:\windows\system32\drivers\aswHwid.sys
2014-11-08 19:12 . 2014-01-28 17:16	55240	----a-w-	c:\windows\system32\drivers\aswrdr.sys
2014-10-31 22:27 . 2014-12-15 15:24	20416	----a-w-	c:\windows\system32\drivers\rzpmgrk.sys
2014-10-30 16:03 . 2014-10-30 16:03	65536	----a-r-	c:\users\Minecraft server\AppData\Roaming\Microsoft\Installer\{199127DC-7BDB-41AB-825B-4229A86F8F0D}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-11-08 19:12	723976	----a-w-	c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-12-12 5489944]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Application Restart CAC9EB20C8B2023DBE66CF9963B46771E3CF95C841CABF863D7C48E8847B33600356E75EFF9C2C4C1F69C63A970356C1"="c:\program files\Google\Chrome\Application\chrome.exe" [2014-12-06 856904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-01-09 5227112]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-11-13 320512]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-08-22 974432]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2013-05-30 96056]
.
c:\users\Hoofdgebruiker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hpqtra08.exe [2009-5-21 275768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AvastUI.exe]
2015-01-09 17:08	5227112	----a-w-	c:\program files\AVAST Software\Avast\avastui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2012-05-22 06:13	980920	----a-w-	c:\progra~1\Eraser\Eraser.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RazerCortex]
2014-09-11 15:01	60640	----a-w-	c:\program files\Razer\Razer Cortex\RazerCortex.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2014-12-11 11:11	30872168	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
2008-08-01 14:10	675840	----a-w-	c:\windows\vsnp2uvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spotify Web Helper]
2014-10-08 15:15	1514040	----a-w-	c:\users\Hoofdgebruiker\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2014-10-07 13:39	507776	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe]
2014-09-11 17:10	2087264	----a-w-	c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c2cca1b-08b3-11e4-90c3-002522e7f2f6}]
\shell\AutoRun\command - J:\setup.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 16:48	1087816	----a-w-	c:\program files\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2015-01-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-25 20:33]
.
2015-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-06 05:53]
.
2015-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-06 05:53]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 195.130.131.5 195.130.130.133
TCP: Interfaces\{94D8357E-92A3-405A-9750-BCF619DD4D88}: NameServer = 89.41.60.38,95.169.183.219
.
- - - - ORPHANS VERWIJDERD - - - -
.
Notify-SDWinLogon - SDWinLogon.dll
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService
AddRemove-be882289-9964-4866-bade-a910ea3cb4a8 - c:\progra~2\InstallMate\{F5EF6D11-DC44-4510-A7FB-94662E0C4FE7}\Setup.exe
AddRemove-{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899} - c:\program files\InstallShield Installation Information\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}\setup.exe
AddRemove-CoffeeCup HTML Editor - c:\users\HOOFDG~1\AppData\Roaming\CoffeeCup Software\UNWISE.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2015-01-17 08:35
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-1888000082-453831406-3507009004-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:73,64,a9,89,0d,a6,f8,de,6c,4f,02,3d,2f,d2,52,25,ea,90,49,e1,65,
   bd,00,85,28,23,73,97,40,9e,8a,2f,27,40,70,79,eb,3e,2f,0b,c8,77,49,b7,8d,1a,\
"rkeysecu"=hex:c3,a0,3d,bc,69,53,77,56,08,73,5e,08,f9,c7,31,69
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3540)
c:\program files\Common Files\Ahead\Lib\MediaLibraryNSE.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\AUDIODG.EXE
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\msiexec.exe
c:\program files\Nero\Nero 7\Nero BackItUp\NBService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
c:\windows\system32\locator.exe
c:\windows\System32\vds.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
c:\program files\WinPcap\rpcapd.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\system32\DFSR.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Voltooingstijd: 2015-01-17  08:40:26 - machine werd herstart
ComboFix-quarantined-files.txt  2015-01-17 07:40
.
Pre-Run: 177.071.144.960 bytes beschikbaar
Post-Run: 176.161.320.960 bytes beschikbaar
.
- - End Of File - - E9C6A3296838FF30CC14240B54A777A9
5C616939100B85E558DA92B899A0FC36