ComboFix 13-01-08.01 - Feyenoord 10-01-2013 12:05:32.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3325.1373 [GMT 1:00] Gestart vanuit: c:\users\Feyenoord\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\intellidownload\gunzip.exe c:\program files\Mozilla Firefox\plugins\npuuseep.dll c:\users\Feyenoord\AppData\Roaming\inst.exe c:\users\Feyenoord\AppData\Roaming\vso_ts_preview.xml c:\windows\isRS-000.tmp c:\windows\IsUn0413.exe c:\windows\iun6002.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\eventmgr.exe c:\windows\system32\gtapi_signed.dll c:\windows\system32\nsis_loader.dll c:\windows\unin0407.exe c:\windows\wininit.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-10 to 2013-01-10 )))))))))))))))))))))))))))))) . . 2013-01-10 11:19 . 2013-01-10 11:20 -------- d-----w- c:\users\Feyenoord\AppData\Local\temp 2013-01-10 11:19 . 2013-01-10 11:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-09 09:52 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 09:51 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll 2013-01-09 09:51 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll 2013-01-06 00:19 . 2013-01-06 00:19 -------- d-----w- c:\users\Feyenoord\AppData\Roaming\Malwarebytes 2013-01-06 00:18 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-06 00:18 . 2013-01-06 00:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-01-03 23:03 . 2013-01-03 23:03 -------- d-----w- c:\users\Default\AppData\Local\Trusteer 2013-01-01 12:36 . 2013-01-01 12:36 -------- d-----w- c:\users\Feyenoord\AppData\Local\Trusteer 2013-01-01 12:36 . 2013-01-01 12:36 -------- d-----w- c:\program files\Trusteer 2012-12-30 13:26 . 2012-12-30 13:26 102040 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2012-12-24 07:39 . 2012-12-24 07:39 -------- d-----w- c:\program files\HD Tune 2012-12-23 17:00 . 2012-05-08 17:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe 2012-12-23 16:59 . 2010-11-26 17:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2012-12-21 19:12 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-12-21 19:12 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-12-21 19:12 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-12-21 19:12 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-12-21 19:12 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-12-21 19:12 . 2012-10-30 22:51 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-12-21 19:11 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr 2012-12-21 19:11 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-12-21 19:11 . 2012-12-21 19:11 -------- d-----w- c:\program files\AVAST Software 2012-12-21 19:03 . 2012-12-21 19:03 -------- d-----w- c:\users\Feyenoord\AppData\Local\Avg2013 2012-12-21 13:56 . 2012-12-16 13:12 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 13:56 . 2012-12-16 10:50 293376 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 11:16 . 2012-12-21 11:16 -------- d-----w- c:\users\Feyenoord\AppData\Local\MFAData 2012-12-21 08:53 . 2012-12-21 08:53 -------- d-----w- c:\users\Feyenoord\AppData\Roaming\SUPERAntiSpyware.com 2012-12-21 08:52 . 2013-01-03 17:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-12-18 21:33 . 2012-12-18 21:33 -------- d-----w- c:\program files\SlimDrivers 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll 2012-12-18 14:28 . 2012-12-18 14:28 186584 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll 2012-12-18 13:02 . 2012-12-18 13:02 -------- d-----w- c:\program files\ESET 2012-12-17 09:25 . 2012-11-28 09:35 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-12-16 12:22 . 2012-12-16 12:22 -------- d-----w- c:\users\Feyenoord\AppData\Local\Apple 2012-12-12 11:06 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-12-12 11:06 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-12-12 11:06 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-12-12 11:06 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-12-12 11:06 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-12-12 11:06 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll 2012-12-12 11:06 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-12-12 11:06 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-12-12 11:06 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe 2012-12-12 11:06 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll 2012-12-12 11:06 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-12-12 10:54 . 2012-11-02 10:18 376320 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 10:54 . 2012-11-02 08:26 23040 ----a-w- c:\windows\system32\dpnsvr.exe 2012-12-12 10:54 . 2012-08-21 11:47 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-12 10:54 . 2012-11-13 01:29 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-11 14:49 . 2012-12-11 14:49 -------- d-----w- c:\users\Feyenoord\AppData\Local\FreeOCR 2012-12-11 14:46 . 2007-03-10 09:11 2680320 ----a-w- c:\windows\system32\ImageEnXLibrary.ocx 2012-12-11 14:46 . 2012-12-11 16:40 -------- d-----w- C:\FreeOCR 2012-12-11 14:19 . 2012-12-11 14:20 -------- d-----w- c:\users\Feyenoord\AppData\Local\ABBYY . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 14:38 . 2012-03-30 07:32 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-01-09 14:38 . 2011-06-26 10:50 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-21 13:29 . 2012-08-30 21:40 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-11-25 13:00 . 2012-11-25 13:00 180 ----a-w- c:\program files\10V4PSU7.bat 2012-11-07 23:37 . 2012-03-11 19:13 82952 ----a-w- c:\windows\system32\drivers\inspect.sys 2012-11-07 23:37 . 2012-03-11 19:13 42264 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-11-07 23:37 . 2012-03-11 19:13 494416 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-11-07 23:37 . 2012-03-11 19:13 19632 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-11-07 23:37 . 2012-03-11 19:13 34024 ----a-w- c:\windows\system32\cmdcsr.dll 2012-11-07 23:37 . 2012-03-11 19:13 301264 ----a-w- c:\windows\system32\guard32.dll 2012-10-17 07:45 . 2012-10-17 07:45 161792 ----a-w- c:\windows\system32\msls31.dll 2012-10-17 07:45 . 2012-10-17 07:45 86528 ----a-w- c:\windows\system32\iesysprep.dll 2012-10-17 07:45 . 2012-10-17 07:45 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-10-17 07:45 . 2012-10-17 07:45 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-10-17 07:45 . 2012-10-17 07:45 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-10-17 07:45 . 2012-10-17 07:45 74752 ----a-w- c:\windows\system32\iesetup.dll 2012-10-17 07:45 . 2012-10-17 07:45 63488 ----a-w- c:\windows\system32\tdc.ocx 2012-10-17 07:45 . 2012-10-17 07:45 367104 ----a-w- c:\windows\system32\html.iec 2012-10-17 07:45 . 2012-10-17 07:45 23552 ----a-w- c:\windows\system32\licmgr10.dll 2012-10-17 07:45 . 2012-10-17 07:45 152064 ----a-w- c:\windows\system32\wextract.exe 2012-10-17 07:45 . 2012-10-17 07:45 150528 ----a-w- c:\windows\system32\iexpress.exe 2012-10-17 07:45 . 2012-10-17 07:45 35840 ----a-w- c:\windows\system32\imgutil.dll 2012-10-17 07:45 . 2012-10-17 07:45 11776 ----a-w- c:\windows\system32\mshta.exe 2012-10-17 07:45 . 2012-10-17 07:45 101888 ----a-w- c:\windows\system32\admparse.dll 2012-10-17 07:45 . 2012-10-17 07:45 110592 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-10-27 23:26 . 2012-10-27 23:26 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 6756048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-22 92704] "RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-22 13589024] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\guard32.dll c:\windows\System32\guard32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux8"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk backup=c:\windows\pss\Service Manager.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressZipUninstall] rmdir [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressZipUninstall2] rmdir [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressZipUninstall3] rmdir [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressZipUninstall5] rmdir [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] 2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-14 06:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] 2010-02-22 02:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2011-11-01 22:25 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323Domino] 2006-06-27 18:54 49152 ----a-w- c:\windows\Domino.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath323VMSnap] 2006-09-19 06:26 212992 ----a-w- c:\windows\VMSnap23.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3] 2007-01-26 14:58 65536 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update] 2011-12-21 15:26 229376 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FG_Monitor] 2009-01-30 23:00 132424 ----a-w- c:\program files\Folder Guard\FGKey.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2007-10-08 23:19 178712 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch] 2007-01-29 20:10 46632 ----a-w- c:\program files\ScanSoft\PaperPort\IndexSearch.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM] 2006-09-11 03:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-01-16 16:22 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2012-12-14 15:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)] 2012-12-14 15:49 824232 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Monitor] 2006-11-03 09:01 319488 ----a-w- c:\windows\PixArt\Pac207\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mylbx] 2011-03-26 17:49 1900864 ----a-w- c:\program files\My Lockbox\mylbx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD] 2007-01-29 20:12 30248 ----a-w- c:\program files\ScanSoft\PaperPort\pptd40nt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Device Listener] 2010-05-28 11:54 375296 ----a-w- c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPort11reminder] 2007-02-01 12:46 255528 ----a-w- c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] 2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] 2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2011-02-24 09:57 180269 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe] 2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService] 2008-10-14 01:52 180224 ----a-w- c:\program files\HomeCinema\TV Enhance\TVEService.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" "ehTray.exe"=c:\windows\ehome\ehTray.exe "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "Bonus.SSR.FR10"="c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" "SwitchBoard"=c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R4 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [x] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - RAPPORTIASO . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Inhoud van de 'Gedeelde Taken' map . 2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 14:38] . 2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 22:30] . 2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-10-15 22:30] . 2010-05-22 c:\windows\Tasks\NSSstub.job - c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-05-03 21:44] . 2013-01-09 c:\windows\Tasks\SpeedyPC Registration3.job - c:\program files\Common Files\SpeedyPC Software\UUS3\UUS3.dll [2011-10-06 16:18] . 2012-11-25 c:\windows\Tasks\SpeedyPC Update Version3.job - c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2011-10-06 16:18] . . ------- Bijkomende Scan ------- . uStart Page = www.google.nl uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{51A33A03-DC72-49B6-AD87-E36794BCE57B}: NameServer = 8.8.8.8,8.8.4.4 FF - ProfilePath - c:\users\Feyenoord\AppData\Roaming\Mozilla\Firefox\Profiles\r7o7q07p.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.appsarefun.info/?l=1&q= FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl FF - ExtSQL: !HIDDEN! 2009-06-26 16:39; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - ExtSQL: !HIDDEN! 2011-01-03 09:03; quickstores@quickstores.de; c:\program files\Mozilla Firefox\extensions\quickstores@quickstores.de . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-Acronis Scheduler2Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-COMODO - c:\program files\COMODO\COMODO GeekBuddy\CLPSLA.exe MSConfigStartUp-egui - c:\program files\ESET\ESET Smart Security\egui.exe MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe MSConfigStartUp-GrooveMonitor - c:\program files\Microsoft Office\Office12\GrooveMonitor.exe MSConfigStartUp-Mikogo - c:\users\Feyenoord\AppData\Roaming\Mikogo\Mikogo-Host.exe MSConfigStartUp-ROC_ROC_JULY_P1 - c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe MSConfigStartUp-SAOB Monitor - c:\program files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe AddRemove-WYSIWYG_Web_Builder_8 - c:\windows\iun6002.exe AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-10 12:19 Windows 6.0.6002 Service Pack 2 NTFS . detected NTDLL code modification: ZwClose . scannen van verborgen processen ... . [0] 0x0C244489 . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . c:\users\FEYENO~1\AppData\Local\Temp\catchme.dll 53248 bytes executable . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-391695699-2751641936-1081476981-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{24759709-3F5A-41F1-7561-BAE8E9E1B719}*] "bbbbondobklkppifegmkcoblonndbogmmlfp"=hex:61,62,67,6b,62,65,70,65,6a,69,69,6a, 6f,68,69,65,64,6e,70,6d,6c,61,65,64,62,6f,66,63,63,65,6b,6c,62,61,00,67 "abbbondobklkppifeglkdoggdjobfjbcoo"=hex:65,62,62,62,70,61,64,64,64,6d,63,6f, 62,67,6f,70,63,6f,63,68,6a,65,6f,6a,6c,63,6f,61,70,61,6a,6c,6e,65,6e,67,64,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\ESET\ESET Security\CurrentVersion\Info] @Denied: (2) (LocalSystem) "AppDataDir"="c:\\ProgramData\\ESET\\ESET Smart Security\\" "DataDir"="ESET\\ESET Smart Security\\" "EditionName"=" " "InstallDir"="c:\\Program Files\\ESET\\ESET Smart Security\\" "LanguageId"=dword:00000413 "PackageTag"=dword:6090e758 "ProductBase"=dword:00000001 "ProductCode"="{AEDE69FF-2EFF-4EE8-9D6D-1A51F67A1563}" "ProductName"="ESET Smart Security" "ProductType"="ess" "ProductVersion"="4.0.474.0" "UniqueId"="000451794B7E5FCE" "ScannerBuild"=dword:000018d5 "ScannerVersionId"=dword:00001293 "ScannerVersion"="Open window for status." "FixId"=dword:00000009 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="40F648E2632B86F60D77C89E1B69465EAFAFCE5B67280D1FC981D8A9F25DACB70700E2F7E0DCE5A8139478C32D4528395C2DA868557DA2C4A67F336D57BAA293F6DE96F37F1D45523CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB3452A2D97226D213B555FE102628A46AED1D7A0502F1FDCDB719531A6C92DFC4CA7CB12DCAE11F33616FAD581B0386238D9A247A59AAF4F82BDE199277C006EFD9DBA665DFC94C6D124304F814231E1F3A7A1259C993EC6D5E9406B2272032BCE99116B9884268F976773BE7555C967FAAB107FBE70BE9432BCA875904BC61D6146CB22D5B25863A0BB8F0EA27F33C7B5E68A98D4EE39023B0C66A37179532FEB86F1696743F61A390E5A61E572401DB157C04101A67AD4F4F03645470A068087A50BA9F7351D43F8B14C1F1B69BFA01537C8558ED4E2F1A2FAB8B08A144EDDBC07904C8FC91E0A942098B2A987AE5DAE32FFE8EED48A769B824DB01425D4CF5368A3463B6272C1542C032DCD6581D71530B27AEC4F74F3A1B00B3C16DBAB5674B55F3964EAFFE475CEB45F8CDBF24DE723D1A0BA0F5801B498AD79FBFA17BD3B1DF50DCF1BCC597A3ECBB3BDDACA0CFD628D3C832CBB92F77BF6F44DDC9977361653906565312F46FDBEEB8EA13DA09D8DCB8DE2EF91EAE215205AC6D5FA51316D40334326C98E0DD031C59DE5743DE96268D1A51F1746304A709AB1982E4924DCFE5DDC175B1EE4D6363D726D5E9BC70817E1DD51BA72D22584FE6904638E5CBADFECE454EDAC9E2AF4C46315A06208C1C985B8050C600C1320D580534A91597774E25FECCB42E87503F06F427701B535DCD9D94E184626DB7DE4D2D47643E7CED39D3383904EDE5DF88CF69F227D5F1DC7681DB913970721DC4E6C4EE381009820621BAD133ECEE2E5BAF8B68CC0859E7CB77A5175D58E3CC221C8A1019CF115A622857464D2756BF4C855D24A602407DEB44C29C11DE18E4BC37BF839FD42B525FD861BC03271549D404E0B99EA41D53D97F08C19759A735C2D32C14858A33786FF2314EAB0FE63A52B3202EC2E7AFD07B98D09AD634F24440E51A812CF3488D6D90A1073D154BAE0671287B4653F7141C4D78AB5B6E994CAB32588197A24C0A941B92E75781867C17E9890F7C883A6CE834E272D21C04B95B523ABA70C1689804D0E6E7393121A90CA458CCE137815FF535745C0FE2DAAD0A349449800B859542C488EDC69668725377AD0912A61AA3B78E974D89800D7F569943BDB94FD41537DE60578B366AC6BF8DA60E50B194A7094FB99CDB424DB64619A51CAEF2C8DD2E5860F5B22AFC4984E7611B02C4C60C2ADCCB93C48A10133F1B1CDB186F18E9D840F98D0E1FB7D13CD90661B16449" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'winlogon.exe'(1060) c:\windows\system32\guard32.dll . - - - - - - - > 'lsass.exe'(856) c:\windows\system32\guard32.dll . Voltooingstijd: 2013-01-10 12:24:31 ComboFix-quarantined-files.txt 2013-01-10 11:24 . Pre-Run: 358.724.939.776 bytes beschikbaar Post-Run: 358.643.421.184 bytes beschikbaar . - - End Of File - - D7B55DF2939E1BD043ADDEA9B424F209