ComboFix 13-11-22.01 - Killermiets 23-11-2013 18:01:50.2.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.1513 [GMT 1:00] Gestart vanuit: e:\killermiets map\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\drivers\etc\hosts.ics . ---- Voorgaande Run ------- . c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\FlashPlayerApp.exe c:\windows\system32\pt c:\windows\system32\pt\toscdspd.cpl.mui . . (((((((((((((((((((( Bestanden Gemaakt van 2013-10-23 to 2013-11-23 )))))))))))))))))))))))))))))) . . 2013-11-23 17:07 . 2013-11-23 17:08 -------- d-----w- c:\users\Killermiets\AppData\Local\temp 2013-11-23 17:07 . 2013-11-23 17:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-11-23 16:50 . 2013-11-23 16:50 -------- d-----w- c:\users\Killermiets\AppData\Local\Adobe 2013-11-23 10:09 . 2013-11-23 10:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2013-11-23 10:09 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-11-23 09:57 . 2013-11-23 10:04 -------- dc----w- C:\AdwCleaner 2013-11-14 13:17 . 2013-10-13 09:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-11-14 13:17 . 2013-10-13 10:49 149744 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-11-14 13:17 . 2013-10-13 09:33 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll 2013-11-14 13:17 . 2013-10-13 09:29 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-11-14 11:21 . 2013-10-11 02:08 444928 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-11-14 11:21 . 2013-10-11 02:07 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2013-11-14 11:21 . 2013-10-03 12:45 297984 ----a-w- c:\windows\system32\gdi32.dll 2013-11-14 11:21 . 2013-10-03 12:45 993792 ----a-w- c:\windows\system32\crypt32.dll 2013-11-14 11:07 . 2013-11-14 11:07 -------- d-----w- c:\program files\GUM60D4.tmp 2013-11-14 11:07 . 2013-11-14 11:07 50053120 ----a-w- c:\program files\GUT60D5.tmp 2013-11-10 16:44 . 2013-11-10 16:44 -------- d-----w- c:\program files\GUM30FE.tmp 2013-11-10 16:44 . 2013-11-10 16:44 50053120 ----a-w- c:\program files\GUT310F.tmp 2013-11-08 17:54 . 2013-11-08 17:54 -------- d-----w- C:\rsit 2013-11-08 17:54 . 2013-11-08 17:54 -------- d-----w- c:\program files\trend micro . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-10-15 12:49 . 2011-11-07 15:26 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-09-10 21:18 . 2013-09-10 21:18 97008 ----a-w- c:\windows\system32\drivers\RapportKELL.sys 2013-08-30 07:48 . 2013-08-13 17:07 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2013-08-30 07:48 . 2013-08-13 17:07 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-08-30 07:48 . 2013-08-13 17:07 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-08-30 07:48 . 2013-08-13 17:07 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-08-30 07:48 . 2013-08-13 17:07 49760 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2013-08-30 07:48 . 2013-08-13 17:07 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys 2013-08-30 07:48 . 2013-08-13 17:07 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2013-08-30 07:48 . 2013-08-13 17:07 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2013-08-30 07:47 . 2013-08-13 17:06 41664 ----a-w- c:\windows\avastSS.scr 2013-08-30 07:47 . 2013-08-13 17:07 229648 ----a-w- c:\windows\system32\aswBoot.exe 2013-08-29 07:36 . 2013-10-14 20:22 2050048 ----a-w- c:\windows\system32\win32k.sys 2013-08-27 02:47 . 2013-10-14 20:22 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2013-08-27 02:47 . 2013-10-14 20:22 189952 ----a-w- c:\windows\system32\d3d10core.dll 2013-08-27 02:47 . 2013-10-14 20:22 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2013-08-27 02:47 . 2013-10-14 20:22 1029120 ----a-w- c:\windows\system32\d3d10.dll 2013-08-27 01:52 . 2013-10-14 20:22 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2013-08-27 01:50 . 2013-10-14 20:22 486400 ----a-w- c:\windows\system32\d3d10level9.dll 2013-08-27 01:32 . 2013-10-14 20:22 683008 ----a-w- c:\windows\system32\d2d1.dll 2013-08-27 01:28 . 2013-10-14 20:22 1069056 ----a-w- c:\windows\system32\DWrite.dll 2013-08-27 01:28 . 2013-10-14 20:22 798208 ----a-w- c:\windows\system32\FntCache.dll 2010-10-01 13:11 . 2011-01-24 23:39 462112 ----a-w- c:\program files\Common Files\ZugoInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Killermiets\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Killermiets\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2009-12-09 01:19 94208 ----a-w- c:\users\Killermiets\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904] "Skytel"="Skytel.exe" [2007-11-20 1826816] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 4911104] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-05 129560] "NDSTray.exe"="NDSTray.exe" [BU] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-05 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-05 154136] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ TRDCReminder.lnk - c:\program files\TOSHIBA\TRDCReminder\TRDCReminder.exe [2007-7-27 389120] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GOEC62~1.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Sitecom Wireless Utility.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Sitecom Wireless Utility.lnk backup=c:\windows\pss\Sitecom Wireless Utility.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-11 20:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CIS_{15198508-521A-4D69-8E5B-B94A6CCFF805}] c:\users\KILLER~1\AppData\Local\Temp\cisA90A.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] c:\users\KILLER~1\AppData\Local\Temp\cis3057.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COMODO Internet Security] c:\program files\COMODO\COMODO Internet Security\cistray.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] 2008-02-26 16:23 1836544 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] 2007-10-31 21:01 54608 ----a-w- c:\program files\TOSHIBA\TBS\HSON.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-09-09 21:30 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] e:\program files\Malwarebytes' Anti-Malware\mbam.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] 2012-03-08 16:50 4280184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] c:\program files\QuickTime\QTTask.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] 2008-01-25 11:33 509816 ----a-w- c:\program files\TOSHIBA\SmoothView\SmoothView.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] 2007-07-10 08:24 581632 ----a-w- c:\program files\TOSHIBA\Toshiba Online Product Information\TOPI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPwrMain] 2008-01-17 14:27 431456 ----a-w- c:\program files\TOSHIBA\Power Saver\TPwrMain.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Toshiba Registration"=c:\program files\Toshiba\Registration\ToshibaRegistration.exe "BlackBerryAutoUpdate"=c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - ECACHE . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2013-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 12:49] . 2013-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 19:31] . 2013-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-18 19:31] . . ------- Bijkomende Scan ------- . uStart Page = https://www.google.nl/ uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Killermiets\AppData\Roaming\Mozilla\Firefox\Profiles\z648nxt3.default\ FF - ExtSQL: !HIDDEN! 2009-08-08 02:40; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{3AD798D0-4642-4C55-BC14-CFE7DD19E0D1} - (no file) WebBrowser-{7846AE31-BEA2-438A-8F5E-2D899361656C} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-11-23 18:08 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet011\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(1944) c:\users\Killermiets\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll . Voltooingstijd: 2013-11-23 18:09:38 ComboFix-quarantined-files.txt 2013-11-23 17:09 . Pre-Run: 1.959.141.376 bytes beschikbaar Post-Run: 1.954.447.360 bytes beschikbaar . - - End Of File - - B2FD328FAD5F840F5BE23EC171F5D527 5C616939100B85E558DA92B899A0FC36