ComboFix 13-11-22.01 - Killermiets 23-11-2013 14:18:49.2.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.1418 [GMT 1:00] Gestart vanuit: E:\Killermiets map\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\Windows\system32\drivers\etc\hosts.ics C:\Windows\system32\FlashPlayerApp.exe C:\Windows\system32\pt C:\Windows\system32\pt\toscdspd.cpl.mui (((((((((((((((((((( Bestanden Gemaakt van 2013-10-23 to 2013-11-23 )))))))))))))))))))))))))))))) 2013-11-23 13:23:59 . 2013-11-23 13:24:05 -------- d-----w- C:\Users\Killermiets\AppData\Local\temp 2013-11-23 13:23:59 . 2013-11-23 13:23:59 -------- d-----w- C:\Users\Default\AppData\Local\temp 2013-11-23 10:09:12 . 2013-11-23 10:09:14 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2013-11-23 10:09:12 . 2013-04-04 13:50:32 22856 ----a-w- C:\Windows\system32\drivers\mbam.sys 2013-11-23 09:57:10 . 2013-11-23 10:04:41 -------- d-----w- C:\AdwCleaner 2013-11-14 13:17:01 . 2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\system32\mshtml.tlb 2013-11-14 13:17:00 . 2013-10-13 10:49:16 149744 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2013-11-14 13:17:00 . 2013-10-13 09:33:18 768512 ----a-w- C:\Program Files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-11-14 13:17:00 . 2013-10-13 09:29:02 420864 ----a-w- C:\Windows\system32\vbscript.dll 2013-11-14 11:21:54 . 2013-10-11 02:08:02 444928 ----a-w- C:\Windows\system32\IKEEXT.DLL 2013-11-14 11:21:54 . 2013-10-11 02:07:57 596480 ----a-w- C:\Windows\system32\FWPUCLNT.DLL 2013-11-14 11:21:51 . 2013-10-03 12:45:50 297984 ----a-w- C:\Windows\system32\gdi32.dll 2013-11-14 11:21:46 . 2013-10-03 12:45:45 993792 ----a-w- C:\Windows\system32\crypt32.dll 2013-11-14 11:07:07 . 2013-11-14 11:07:22 -------- d-----w- C:\Program Files\GUM60D4.tmp 2013-11-14 11:07:07 . 2013-11-14 11:07:07 50053120 ----a-w- C:\Program Files\GUT60D5.tmp 2013-11-10 16:44:02 . 2013-11-10 16:44:07 -------- d-----w- C:\Program Files\GUM30FE.tmp 2013-11-10 16:44:02 . 2013-11-10 16:44:02 50053120 ----a-w- C:\Program Files\GUT310F.tmp 2013-11-08 17:54:12 . 2013-11-08 17:54:15 -------- d-----w- C:\rsit 2013-11-08 17:54:12 . 2013-11-08 17:54:12 -------- d-----w- C:\Program Files\trend micro . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2013-10-15 12:49:34 . 2011-11-07 15:26:59 71048 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl 2013-09-10 21:18:28 . 2013-09-10 21:18:28 97008 ----a-w- C:\Windows\system32\drivers\RapportKELL.sys 2013-08-30 07:48:13 . 2013-08-13 17:07:20 56080 ----a-w- C:\Windows\system32\drivers\aswTdi.sys 2013-08-30 07:48:13 . 2013-08-13 17:07:20 369584 ----a-w- C:\Windows\system32\drivers\aswSP.sys 2013-08-30 07:48:13 . 2013-08-13 17:07:20 177864 ----a-w- C:\Windows\system32\drivers\aswVmm.sys 2013-08-30 07:48:12 . 2013-08-13 17:07:20 770344 ----a-w- C:\Windows\system32\drivers\aswSnx.sys 2013-08-30 07:48:12 . 2013-08-13 17:07:20 49760 ----a-w- C:\Windows\system32\drivers\aswRdr.sys 2013-08-30 07:48:12 . 2013-08-13 17:07:20 49376 ----a-w- C:\Windows\system32\drivers\aswRvrt.sys 2013-08-30 07:48:11 . 2013-08-13 17:07:20 66336 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys 2013-08-30 07:48:11 . 2013-08-13 17:07:20 29816 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys 2013-08-30 07:47:40 . 2013-08-13 17:06:40 41664 ----a-w- C:\Windows\avastSS.scr 2013-08-30 07:47:32 . 2013-08-13 17:07:20 229648 ----a-w- C:\Windows\system32\aswBoot.exe 2013-08-29 07:36:04 . 2013-10-14 20:22:14 2050048 ----a-w- C:\Windows\system32\win32k.sys 2013-08-27 02:47:50 . 2013-10-14 20:22:21 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll 2013-08-27 02:47:50 . 2013-10-14 20:22:21 189952 ----a-w- C:\Windows\system32\d3d10core.dll 2013-08-27 02:47:50 . 2013-10-14 20:22:21 160768 ----a-w- C:\Windows\system32\d3d10_1.dll 2013-08-27 02:47:50 . 2013-10-14 20:22:21 1029120 ----a-w- C:\Windows\system32\d3d10.dll 2013-08-27 01:52:08 . 2013-10-14 20:22:22 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll 2013-08-27 01:50:40 . 2013-10-14 20:22:22 486400 ----a-w- C:\Windows\system32\d3d10level9.dll 2013-08-27 01:32:20 . 2013-10-14 20:22:21 683008 ----a-w- C:\Windows\system32\d2d1.dll 2013-08-27 01:28:36 . 2013-10-14 20:22:23 1069056 ----a-w- C:\Windows\system32\DWrite.dll 2013-08-27 01:28:35 . 2013-10-14 20:22:22 798208 ----a-w- C:\Windows\system32\FntCache.dll 2010-10-01 13:11:56 . 2011-01-24 23:39:18 462112 ----a-w- C:\Program Files\Common Files\ZugoInstaller.exe ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-08-30 07:47:20 121968 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19:44 94208 ----a-w- C:\Users\Killermiets\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19:44 94208 ----a-w- C:\Users\Killermiets\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19:44 94208 ----a-w- C:\Users\Killermiets\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 07:33:09 125952] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 08:40:36 1348904] "Skytel"="Skytel.exe" [2007-11-20 17:15:58 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 17:51:52 4911104] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-05 10:24:28 129560] "NDSTray.exe"="NDSTray.exe" [BU] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-05 10:24:36 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-05 10:24:18 154136] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 12:25:26 712704] "avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2013-08-30 07:47:34 4858968] C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sitecom Wireless Utility.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk backup=C:\Windows\pss\Sitecom Wireless Utility.lnk.CommonStartup backupExtension=.CommonStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16:38 39792 ----a-w- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-27 19:32:54 59280 ----a-w- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-02-26 16:23:17 1836544 ----a-w- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] 2007-10-31 21:01:12 54608 ----a-w- C:\Program Files\TOSHIBA\TBS\HSON.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30:34 421776 ----a-w- C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2012-03-08 16:50:28 4280184 ----a-w- C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2008-01-25 11:33:50 509816 ----a-w- C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] 2007-07-10 08:24:10 581632 ----a-w- C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2008-01-17 14:27:52 431456 ----a-w- C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38:38 1008184 ----a-w- C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33:39 202240 ----a-w- C:\Program Files\Windows Media Player\wmpnscfg.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Toshiba Registration"=C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe "BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 --- Andere Services/Drivers In Geheugen --- *NewlyCreated* - ECACHE [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Inhoud van de 'Gedeelde Taken' map 2013-11-23 C:\Windows\Tasks\Adobe Flash Player Updater.job - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 16:55:32 . 2013-10-15 12:49:42] 2013-11-23 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-18 19:31:24 . 2009-07-18 19:31:08] 2013-11-23 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2009-07-18 19:31:24 . 2009-07-18 19:31:08] ------- Bijkomende Scan ------- uStart Page = https://www.google.nl/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - C:\Users\Killermiets\AppData\Roaming\Mozilla\Firefox\Profiles\z648nxt3.default\ FF - ExtSQL: !HIDDEN! 2009-08-08 02:40; {20a82645-c095-46ed-80e3-08825760534b}; C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file) WebBrowser-{7846AE31-BEA2-438A-8F5E-2D899361656C} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805} - C:\Users\KILLER~1\AppData\Local\Temp\cisA90A.exe MSConfigStartUp-CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} - C:\Users\KILLER~1\AppData\Local\Temp\cis3057.exe MSConfigStartUp-COMODO Internet Security - C:\Program Files\COMODO\COMODO Internet Security\cistray.exe MSConfigStartUp-Malwarebytes Anti-Malware (reboot) - e:\Program Files\Malwarebytes' Anti-Malware\mbam.exe MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe AddRemove-Malwarebytes' Anti-Malware_is1 - D:\Malwarebytes' Anti-Malware\unins001.exe AddRemove-{9193306E-5935-47E0-B458-2548778C1614}_is1 - C:\Users\Killermiets\AppData\Local\MediaGet2\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-23 14:24:04 Windows 6.0.6002 Service Pack 2 NTFS scannen van verborgen processen ...