ComboFix 12-02-11.03 - thuis 13/02/2012  13:24:02.5.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.3070.1671 [GMT 1:00]
Gestart vanuit: c:\users\thuis\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-01-13 to 2012-02-13  ))))))))))))))))))))))))))))))
.
.
2012-02-13 12:35 . 2012-02-13 12:36	--------	d-----w-	c:\users\thuis\AppData\Local\temp
2012-02-13 12:35 . 2012-02-13 12:35	--------	d-----w-	c:\users\Zoë\AppData\Local\temp
2012-02-13 12:35 . 2012-02-13 12:35	--------	d-----w-	c:\users\Zaak\AppData\Local\temp
2012-02-13 12:35 . 2012-02-13 12:35	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-02-13 12:35 . 2012-02-13 12:35	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-12 15:35 . 2012-02-12 15:35	--------	d-----w-	c:\program files\VideoLAN
2012-02-12 14:41 . 2012-02-12 14:41	--------	d-----w-	c:\program files\Speccy
2012-02-11 09:19 . 2012-02-11 09:19	--------	d-----w-	c:\users\thuis\AppData\Local\ElevatedDiagnostics
2012-02-10 21:48 . 2012-02-10 21:50	--------	d-----w-	c:\program files\Defraggler
2012-02-10 10:31 . 2012-02-10 10:31	--------	d-----w-	c:\users\thuis\AppData\Local\Christofer_Persson
2012-02-10 10:25 . 2012-02-10 10:25	--------	d-----w-	c:\users\thuis\AppData\Roaming\Christofer Persson
2012-02-10 10:25 . 2012-02-12 15:25	--------	d-----w-	c:\program files\Kantaris
2012-02-10 07:43 . 2012-01-06 04:19	6557240	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{E500BCDD-FBAE-400E-90C6-9A1D3D79B1B5}\mpengine.dll
2012-02-03 09:14 . 2012-02-03 09:14	--------	d-----w-	c:\users\thuis\AppData\Roaming\Hobbyist Software
2012-02-03 09:14 . 2012-02-03 09:14	--------	d-----w-	c:\users\thuis\AppData\Local\Hobbyist_Software
2012-02-03 09:13 . 2012-02-12 09:47	--------	d-----w-	c:\program files\Hobbyist Software
2012-02-01 18:31 . 2012-02-01 18:31	--------	d-----w-	c:\users\Public\Recorded Audio
2012-01-26 12:18 . 2012-01-26 12:18	--------	d-----w-	c:\windows\system32\20-20 Technologies
2012-01-20 10:38 . 2012-01-20 10:46	--------	d-----w-	c:\users\thuis\SecurityScans
2012-01-20 10:37 . 2012-01-20 10:37	--------	d-----w-	c:\program files\Microsoft Baseline Security Analyzer 2
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-01 18:53 . 2011-06-13 05:12	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-26 23:21 . 2009-10-03 07:12	237072	------w-	c:\windows\system32\MpSigStub.exe
2012-01-12 08:54 . 2012-01-12 08:54	12872	----a-w-	c:\windows\system32\bootdelete.exe
2012-01-12 08:47 . 2012-01-12 08:47	23624	----a-w-	c:\windows\system32\drivers\hitmanpro35.sys
2011-12-14 09:04 . 2011-12-14 09:04	658704	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-12-10 14:24 . 2011-10-19 09:38	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-11-25 15:59 . 2012-01-12 12:52	376320	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-14 07:43	2043904	----a-w-	c:\windows\system32\win32k.sys
2011-11-20 17:09 . 2011-11-20 17:09	98304	----a-w-	c:\windows\system32\CmdLineExt.dll
2011-11-18 20:23 . 2012-01-12 12:52	1205064	----a-w-	c:\windows\system32\ntdll.dll
2011-11-18 17:47 . 2012-01-12 12:52	66560	----a-w-	c:\windows\system32\packager.dll
2011-11-17 06:48 . 2012-01-12 13:21	440192	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2011-11-16 16:23 . 2012-01-12 13:21	377344	----a-w-	c:\windows\system32\winhttp.dll
2011-11-16 16:23 . 2012-01-12 13:21	72704	----a-w-	c:\windows\system32\secur32.dll
2011-11-16 16:23 . 2012-01-12 13:21	278528	----a-w-	c:\windows\system32\schannel.dll
2011-11-16 16:21 . 2012-01-12 13:21	1259008	----a-w-	c:\windows\system32\lsasrv.dll
2011-11-16 14:12 . 2012-01-12 13:21	9728	----a-w-	c:\windows\system32\lsass.exe
2011-12-17 05:09 . 2011-05-10 15:58	121816	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Zaak\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\kloehk.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-01-13 13:53	460872	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-19 07:33	202240	----a-w-	c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
HPService	REG_MULTI_SZ   	HPSLPSVC
Akamai	REG_MULTI_SZ   	Akamai
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:41]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-07 10:41]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503386550-1563833762-866553309-1000Core.job
- c:\users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:43]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1503386550-1563833762-866553309-1000UA.job
- c:\users\thuis\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-16 12:43]
.
2012-02-12 c:\windows\Tasks\HPCeeScheduleForthuis.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-01-23 15:34]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Add to Video Converter... - c:\program files\Media Player Utilities 5.22\AVIConverter\grab.html
IE: Do&wnload selected by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\programdata\Kaspersky Lab\SandboxShared\Orbitdownloader\orbitmxt.dll/202
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 192.168.1.1
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} - hxxp://kitchenplanner.ikea.com/be/Core/Player/2020PlayerAX_IKEA_Win32.cab
FF - ProfilePath - c:\users\thuis\AppData\Roaming\Mozilla\Firefox\Profiles\tlosi15l.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-13 13:36
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_7de0ed9.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Voltooingstijd: 2012-02-13  13:39:23
ComboFix-quarantined-files.txt  2012-02-13 12:39
ComboFix2.txt  2012-02-12 18:49
ComboFix3.txt  2012-02-12 14:19
.
Pre-Run: 371.714.560.000 bytes beschikbaar
Post-Run: 370.552.291.328 bytes beschikbaar
.
- - End Of File - - 35AB2A218898C4FE8799FB47BA6A64BF