ComboFix 12-06-03.01 - Hilaire 03/06/2012 16:12:45.13.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.1982.1137 [GMT 2:00] Gestart vanuit: c:\users\Hilaire\Desktop\ComboFix.exe AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\windows\system32\roboot.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-05-03 to 2012-06-03 )))))))))))))))))))))))))))))) . . 2012-06-01 16:17 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ECC4D87A-D039-455B-AD76-DB832E0E98F7}\mpengine.dll 2012-05-31 07:41 . 2012-05-31 07:41 -------- d-----w- c:\users\Hilaire\GSM namen 2012-05-30 14:29 . 2012-05-30 14:29 -------- d-----w- c:\windows\system32\siscardplugins 2012-05-30 14:29 . 2012-05-30 14:29 -------- d-----w- c:\windows\system32\beidpp 2012-05-30 14:29 . 2012-05-30 14:29 -------- d-----w- c:\program files\Belgium Identity Card 2012-05-30 14:29 . 2012-05-30 14:29 -------- d-----w- c:\program files\BeID Minidriver 2012-05-30 14:27 . 2012-05-30 14:27 29184 ----a-w- c:\windows\system32\drivers\usbccid.sys 2012-05-30 14:17 . 2009-11-06 09:25 44032 ------r- c:\windows\system32\drivers\RtsUCcid.sys 2012-05-30 14:17 . 2009-11-06 09:25 17536 ------r- c:\windows\system32\drivers\RtsUIr.sys 2012-05-30 14:17 . 2012-05-30 14:17 -------- d-----w- c:\program files\Realtek 2012-05-16 13:33 . 2012-05-16 13:33 360448 ----a-w- c:\windows\system32\beid35applayer.dll 2012-05-16 13:32 . 2012-05-16 13:32 102400 ----a-w- c:\windows\system32\Belgium Identity Card PKCS11.dll 2012-05-16 13:32 . 2012-05-16 13:32 102400 ----a-w- c:\windows\system32\beidpkcs11.dll 2012-05-16 13:32 . 2012-05-16 13:32 200704 ----a-w- c:\windows\system32\beid35cardlayer.dll 2012-05-16 13:32 . 2012-05-16 13:32 266240 ----a-w- c:\windows\system32\beid35DlgsWin32.dll 2012-05-16 13:32 . 2012-05-16 13:32 200704 ----a-w- c:\windows\system32\eidlib.dll 2012-05-16 13:32 . 2012-05-16 13:32 200704 ----a-w- c:\windows\system32\beidlib.dll 2012-05-16 13:31 . 2012-05-16 13:31 126976 ----a-w- c:\windows\system32\beid35common.dll 2012-05-16 13:29 . 2012-05-16 13:29 352256 ----a-w- c:\windows\system32\beid_ff_pkcs11.dll 2012-05-07 15:22 . 2012-05-07 15:22 -------- d-----w- c:\program files\Defraggler 2012-05-06 16:49 . 2012-05-06 16:49 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-06 16:49 . 2012-05-06 16:49 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-05-06 16:49 . 2012-05-06 16:49 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-04 13:56 . 2010-12-12 09:26 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-11 12:55 . 2012-03-27 16:40 88656 ----a-w- c:\windows\system32\cpwmon2k.dll 2012-03-07 00:15 . 2010-12-14 10:19 41184 ----a-w- c:\windows\avastSS.scr 2012-03-07 00:15 . 2010-12-14 10:19 201352 ----a-w- c:\windows\system32\aswBoot.exe 2012-03-07 00:03 . 2011-03-07 16:23 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-03-07 00:03 . 2010-12-14 10:19 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-03-07 00:02 . 2010-12-14 10:19 35672 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-03-07 00:01 . 2010-12-14 10:19 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-03-07 00:01 . 2010-12-14 10:19 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-03-07 00:01 . 2010-12-14 10:19 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-03-05 18:37 . 2011-03-07 17:40 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-05-06 16:49 . 2012-03-20 09:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-03-07 00:15 123536 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "googletalk"="c:\users\Hilaire\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-03-07 4241512] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3610711996-1769753261-2712777353-1000] "EnableNotificationsRef"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Inhoud van de 'Gedeelde Taken' map . 2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49] . 2012-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49] . 2012-05-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000Core.job - c:\users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 08:58] . 2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000UA.job - c:\users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-02 08:58] . 2012-06-03 c:\windows\Tasks\User_Feed_Synchronization-{7DF20E1A-0DCE-461E-A17B-4A27F5EBEB49}.job - c:\windows\system32\msfeedssync.exe [2011-03-25 18:47] . 2010-10-02 c:\windows\Tasks\User_Feed_Synchronization-{E44D27E0-7B62-432F-8035-1BBB9729ED05}.job - c:\windows\system32\msfeedssync.exe [2011-03-25 18:47] . . ------- Bijkomende Scan ------- . uDefault_Search_URL = hxxp://www.google.com/ie mStart Page = hxxp://www.bigseekpro.com/burn4free/{7D95CA6D-DA29-4768-86D2-DA8F0A42221B} uInternet Settings,ProxyOverride = local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.254 DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab FF - ProfilePath - c:\users\Hilaire\AppData\Roaming\Mozilla\Firefox\Profiles\sqllxbe4.default\ FF - prefs.js: browser.startup.homepage - chrome://speeddial/content/speeddial.xul FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS VERWIJDERD - - - - . ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) SafeBoot-Lavasoft Ad-Aware Service SafeBoot-SolutoService . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-03 16:22 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\avast! sandbox . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\ . [HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice] @Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice] @Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000) @Denied: (2) (LocalSystem) "Progid"="FirefoxHTML" . [HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice] @Denied: (2) (LocalSystem) @Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000) "Progid"="SafariHTML" . Voltooingstijd: 2012-06-03 16:26:32 ComboFix-quarantined-files.txt 2012-06-03 14:26 ComboFix2.txt 2012-03-16 16:24 . Pre-Run: 185.621.348.352 bytes beschikbaar Post-Run: 185.550.368.768 bytes beschikbaar . - - End Of File - - 6D533D2930485D2586337B3F7D1193A2