ComboFix 11-09-12.05 - ann 13/09/2011  12:32:41.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.2046.744 [GMT 2:00]
Gestart vanuit: c:\users\ann\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Batch Rename .EXE
c:\program files\Batch Rename .EXE\batchrename.exe
c:\program files\Batch Rename .EXE\batchrename.exe.manifest
c:\program files\Batch Rename .EXE\data\base_script.txt
c:\program files\Batch Rename .EXE\license.txt
c:\program files\Batch Rename .EXE\unins000.dat
c:\program files\Batch Rename .EXE\unins000.exe
c:\program files\Batch Rename .EXE\Web\Batch Rename .EXE Home Page.url
c:\program files\Batch Rename .EXE\Web\Order Batch Rename .EXE.url
c:\program files\Batch Rename .EXE\Web\SoftTech InterCorp.url
c:\programdata\SPLD1D6.tmp
c:\users\ann\AppData\Local\ApplicationHistory
c:\users\ann\AppData\Local\ApplicationHistory\ngen.exe.2c05686e.ini
c:\users\ann\AppData\Local\ApplicationHistory\RegAsm.exe.11f1da13.ini
c:\windows\isRS-000.tmp
c:\windows\sipr3260.dll
c:\windows\system32\comct332.ocx
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-08-13 to 2011-09-13  ))))))))))))))))))))))))))))))
.
.
2011-09-13 10:41 . 2011-09-13 10:46	--------	d-----w-	c:\users\ann\AppData\Local\temp
2011-09-13 10:41 . 2011-09-13 10:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-08-24 06:48 . 2011-07-11 13:25	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-31 15:00 . 2009-03-27 19:57	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-16 15:39 . 2011-05-17 06:44	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-22 02:54 . 2011-08-10 08:18	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 08:18	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 08:18	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-06 15:31 . 2011-08-10 07:14	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-07-05 16:37 . 2011-07-05 16:37	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-07-04 11:43 . 2010-08-21 12:13	40112	----a-w-	c:\windows\avastSS.scr
2011-07-04 11:43 . 2010-08-21 12:13	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-04-23 06:22	441176	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2010-08-21 12:15	309848	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2010-08-21 12:15	43608	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:32 . 2010-08-21 12:15	25432	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2010-08-21 12:15	54104	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-07-04 11:32 . 2010-08-21 12:15	19544	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-06-20 08:54 . 2011-08-10 07:13	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-10 07:13	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-10 07:13	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-10 07:14	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-09-08 07:17 . 2011-08-20 12:53	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-07-04 3493720]
.
c:\users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ann\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-30 04:59	937920	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-08 04:02	37296	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-06-04 15:51	2056192	----a-w-	c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAMONITOR]
2007-10-16 16:32	249856	----a-w-	c:\program files\Trust 2MP Auto Focus Webcam\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-08-25 10:11	221184	----a-w-	c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-08-25 10:11	81920	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 10:34	5724184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-12-07 19:25	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2006-12-07 19:25	90191	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-07-05 16:36	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-01 14:38	4390912	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 13:02	15141768	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 10:43	248040	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-01 20:50	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9d07a6b06eab5;Google Updateservice (gupdate1c9d07a6b06eab5);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2009-06-20 35712]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 133104]
R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [2009-03-17 74392]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-02-01 717296]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-07-04 54104]
S2 lxbl_device;lxbl_device;c:\windows\system32\lxblcoms.exe [2007-04-20 537520]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [2006-11-15 816512]
S3 Ca810av;CA810A WebCam Driver;c:\windows\system32\Drivers\Ca810av.sys [2007-10-16 2329216]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 07:47]
.
2011-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 07:47]
.
2011-09-10 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2011-09-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2011-09-13 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-24 16:34]
.
2011-09-13 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-24 16:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab
FF - ProfilePath - c:\users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\wey7zfoe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS VERWIJDERD - - - -
.
MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
MSConfigStartUp-SearchSettings - c:\program files\pdfforge Toolbar\SearchSettings.exe
AddRemove-Batch Rename .EXE_is1 - c:\program files\Batch Rename .EXE\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-13 12:45
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
.
C:\## aswSnx private storage
.
Scan succesvol afgerond
verborgen bestanden: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-828757872-3370171810-667808584-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9189A94-FC90-F6A5-308F-7E7106E3789B}*]
"hakdgioeppdgpani"=hex:6a,61,62,6a,66,66,69,6d,61,61,68,61,6d,66,6f,70,6a,69,
   61,66,00,fa
"iaiddklkjlaklcoenb"=hex:6a,61,62,6a,66,66,69,6d,61,61,68,61,6d,66,6f,70,6a,69,
   61,66,00,69
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3496)
c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\conime.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehRecvr.exe
.
**************************************************************************
.
Voltooingstijd: 2011-09-13  12:51:56 - machine werd herstart
ComboFix-quarantined-files.txt  2011-09-13 10:51
.
Pre-Run: 114.418.806.784 bytes beschikbaar
Post-Run: 113.865.953.280 bytes beschikbaar
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - C6C0953BFB054A27C035BC646BDC0A4F