ComboFix 14-02-24.02 - Michaël 02/03/2014 10:38:16.1.2 - x86 Microsoft® Windows Vista™ Business 6.0.6002.2.1252.32.1043.18.3035.1585 [GMT 1:00] Gestart vanuit: c:\users\MichaÙl\Downloads\ComboFix.exe AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\LIUB1111.ocx . . (((((((((((((((((((( Bestanden Gemaakt van 2014-02-02 to 2014-03-02 )))))))))))))))))))))))))))))) . . 2014-03-02 09:51 . 2014-03-02 09:59 -------- d-----w- c:\users\Michaël\AppData\Local\temp 2014-03-02 09:51 . 2014-03-02 09:51 -------- d-----w- c:\users\Gast\AppData\Local\temp 2014-03-02 09:51 . 2014-03-02 09:51 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-02-26 14:37 . 2014-02-26 14:37 -------- d-----w- c:\windows\Migration 2014-02-16 18:15 . 2014-02-16 18:15 -------- d-----w- c:\users\Michaël\AppData\Roaming\Malwarebytes 2014-02-16 18:15 . 2014-02-16 18:15 -------- d-----w- c:\programdata\Malwarebytes 2014-02-16 18:15 . 2014-02-16 18:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2014-02-16 18:15 . 2013-04-04 13:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2014-02-16 18:12 . 2014-02-16 18:12 12872 ----a-w- c:\windows\system32\bootdelete.exe 2014-02-16 18:00 . 2014-02-16 18:00 -------- d-----w- c:\program files\HitmanPro 2014-02-16 17:59 . 2014-02-16 18:13 -------- d-----w- c:\programdata\HitmanPro 2014-02-16 16:23 . 2014-02-16 16:42 -------- d-----w- C:\AdwCleaner 2014-02-16 14:07 . 2014-02-16 14:07 -------- d-----w- c:\programdata\Oracle 2014-02-16 14:07 . 2014-02-16 14:07 -------- d-----w- c:\program files\Common Files\Java 2014-02-16 10:01 . 2014-02-16 10:01 -------- d-----w- C:\zoek_backup 2014-02-15 20:45 . 2014-02-15 20:45 -------- d-----w- c:\program files\trend micro 2014-02-15 20:45 . 2014-02-15 20:45 -------- d-----w- C:\rsit . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-02-21 17:41 . 2013-03-03 15:09 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-21 17:41 . 2011-06-04 12:07 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-16 14:05 . 2012-11-12 10:52 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-12-18 18:42 . 2013-12-18 18:42 49728 ----a-w- c:\windows\system32\AdobePDF.dll 2013-12-18 18:42 . 2013-12-18 18:42 25160 ----a-w- c:\windows\system32\AdobePDFUI.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Michaël\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Michaël\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-09-11 02:09 131248 ----a-w- c:\users\Michaël\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Michaël\AppData\Local\Akamai\netsession_win.exe" [2013-06-04 4489472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2011-10-28 186904] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440] "WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640] "PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2010-04-13 358456] "CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2011-10-28 24832] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-12-18 840568] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2011-10-28 1310720] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-12-18 41336] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-19 727592] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\HEWLET~1\IAM\Bin\APSHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snuvcdsm] 2009-07-01 07:45 27184 ----a-w- c:\windows\snuvcdsm.exe . S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc bthsvcs REG_MULTI_SZ BthServ HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Cognizance REG_MULTI_SZ ASBroker Bioscrypt REG_MULTI_SZ ASChannel . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2014-02-22 10:40 1150280 ----a-w- c:\program files\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-03 17:41] . 2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-30 14:21] . 2014-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2013-10-30 14:21] . . ------- Bijkomende Scan ------- . uInternet Settings,ProxyOverride = 127.0.0.1:9421; IE: Afbeelding verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 IE: Pagina verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Michaël\AppData\Roaming\Mozilla\Firefox\Profiles\cbc596ho.default\ FF - ExtSQL: !HIDDEN! 2010-05-17 17:49; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 . . ------- Bestandsassociaties ------- . .scr=AutoCADScriptFile . - - - - ORPHANS VERWIJDERD - - - - . HKCU-Run-AdobeBridge - (no file) SafeBoot-WudfPf SafeBoot-WudfRd MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-02 11:01 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360] "ImagePath"="\"c:\program files\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_8fa3539.dll" "ImagePath"="\SystemRoot\System32\Drivers\N360\1501000.012\SYMTDIV.SYS" "TrustedImagePaths"="c:\program files\Norton 360\Engine\21.1.0.18" . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,8c,39,30,2f,57,8b,4e,8a,eb,6b,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,de,8c,39,30,2f,57,8b,4e,8a,eb,6b,\ . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5356) c:\program files\Hewlett-Packard\IAM\Bin\ItClient.dll c:\windows\system32\btncopy.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\program files\Fingerprint Sensor\AtService.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Hpservice.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\WLANExt.exe c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe c:\windows\system32\AEADISRV.EXE c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Autodesk\3ds Max Design 2012\mentalimages\satellite\raysat_3dsmax2012_32server.exe c:\program files\Norton 360\Engine\21.1.0.18\N360.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\windows\system32\DllHost.exe c:\program files\Hewlett-Packard\IAM\bin\AsGHost.exe c:\program files\Norton 360\Engine\21.1.0.18\N360.exe c:\windows\system32\conime.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe . ************************************************************************** . Voltooingstijd: 2014-03-02 11:05:03 - machine werd herstart ComboFix-quarantined-files.txt 2014-03-02 10:05 . Pre-Run: 72.732.635.136 bytes beschikbaar Post-Run: 71.931.789.312 bytes beschikbaar . - - End Of File - - 91F538CEB9E5A3268770BDC431A00AEB 5C616939100B85E558DA92B899A0FC36