ComboFix 12-02-11.03 - thuis 13/02/2012 13:24:02.5.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1671 [GMT 1:00] Gestart vanuit: c:\users\thuis\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-01-13 to 2012-02-13 )))))))))))))))))))))))))))))) . . 2012-02-13 12:35 . 2012-02-13 12:36 -------- d-----w- c:\users\thuis\AppData\Local\temp 2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- c:\users\Zoë\AppData\Local\temp 2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- c:\users\Zaak\AppData\Local\temp 2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-02-13 12:35 . 2012-02-13 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-02-12 15:35 . 2012-02-12 15:35 -------- d-----w- c:\program files\VideoLAN 2012-02-12 14:41 . 2012-02-12 14:41 -------- d-----w- c:\program files\Speccy 2012-02-11 09:19 . 2012-02-11 09:19 -------- d-----w- c:\users\thuis\AppData\Local\ElevatedDiagnostics 2012-02-10 21:48 . 2012-02-10 21:50 -------- d-----w- c:\program files\Defraggler 2012-02-10 10:31 . 2012-02-10 10:31 -------- d-----w- c:\users\thuis\AppData\Local\Christofer_Persson 2012-02-10 10:25 . 2012-02-10 10:25 -------- d-----w- c:\users\thuis\AppData\Roaming\Christofer Persson 2012-02-10 10:25 . 2012-02-12 15:25 -------- d-----w- c:\program files\Kantaris 2012-02-10 07:43 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E500BCDD-FBAE-400E-90C6-9A1D3D79B1B5}\mpengine.dll 2012-02-03 09:14 . 2012-02-03 09:14 -------- d-----w- c:\users\thuis\AppData\Roaming\Hobbyist Software 2012-02-03 09:14 . 2012-02-03 09:14 -------- d-----w- c:\users\thuis\AppData\Local\Hobbyist_Software 2012-02-03 09:13 . 2012-02-12 09:47 -------- d-----w- c:\program files\Hobbyist Software 2012-02-01 18:31 . 2012-02-01 18:31 -------- d-----w- c:\users\Public\Recorded Audio 2012-01-26 12:18 . 2012-01-26 12:18 -------- d-----w- c:\windows\system32\20-20 Technologies 2012-01-20 10:38 . 2012-01-20 10:46 -------- d-----w- c:\users\thuis\SecurityScans 2012-01-20 10:37 . 2012-01-20 10:37 -------- d-----w- c:\program files\Microsoft Baseline Security Analyzer 2 . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-02-01 18:53 . 2011-06-13 05:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-01-26 23:21 . 2009-10-03 07:12 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-01-12 08:54 . 2012-01-12 08:54 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-01-12 08:47 . 2012-01-12 08:47 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys 2011-12-14 09:04 . 2011-12-14 09:04 658704 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2011-12-10 14:24 . 2011-10-19 09:38 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-11-25 15:59 . 2012-01-12 12:52 376320 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:37 . 2011-12-14 07:43 2043904 ----a-w- c:\windows\system32\win32k.sys 2011-11-20 17:09 . 2011-11-20 17:09 98304 ----a-w- c:\windows\system32\CmdLineExt.dll 2011-11-18 20:23 . 2012-01-12 12:52 1205064 ----a-w- c:\windows\system32\ntdll.dll 2011-11-18 17:47 . 2012-01-12 12:52 66560 ----a-w- c:\windows\system32\packager.dll 2011-11-17 06:48 . 2012-01-12 13:21 440192 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2011-11-16 16:23 . 2012-01-12 13:21 377344 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 16:23 . 2012-01-12 13:21 72704 ----a-w- c:\windows\system32\secur32.dll 2011-11-16 16:23 . 2012-01-12 13:21 278528 ----a-w- c:\windows\system32\schannel.dll 2011-11-16 16:21 . 2012-01-12 13:21 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2011-11-16 14:12 . 2012-01-12 13:21 9728 ----a-w- c:\windows\system32\lsass.exe 2011-12-17 05:09 . 2011-05-10 15:58 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] . c:\users\Zaak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware] 2012-01-13 13:53 460872 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache HPService REG_MULTI_SZ HPSLPSVC Akamai REG_MULTI_SZ Akamai . Inhoud van de 'Gedeelde Taken' map . 2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:41] . 2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:41] . 2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503386550-1563833762-866553309-1000Core.job - c:\users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:43] . 2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503386550-1563833762-866553309-1000UA.job - c:\users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:43] . 2012-02-12 c:\windows\Tasks\HPCeeScheduleForthuis.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-01-23 15:34] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.be/ uInternet Settings,ProxyOverride = local IE: &Download by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/204 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Video Converter... - c:\program files\Media Player Utilities 5.22\AVIConverter\grab.html IE: Do&wnload selected by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/202 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab FF - ProfilePath - c:\users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p= FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 3000000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: network.http.max-connections - 32 FF - user.js: network.http.max-connections-per-server - 8 FF - user.js: network.http.max-persistent-connections-per-proxy - 8 FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.firstrequest - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: plugin.expose_full_path - true FF - user.js: ui.submenuDelay - 0 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-02-13 13:36 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . Voltooingstijd: 2012-02-13 13:39:23 ComboFix-quarantined-files.txt 2012-02-13 12:39 ComboFix2.txt 2012-02-12 18:49 ComboFix3.txt 2012-02-12 14:19 . Pre-Run: 371.714.560.000 bytes beschikbaar Post-Run: 370.552.291.328 bytes beschikbaar . - - End Of File - - 35AB2A218898C4FE8799FB47BA6A64BF