ComboFix 12-03-15.02 - Michiel 15/03/2012  17:24:36.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.3070.1768 [GMT 1:00]
Gestart vanuit: c:\users\Michiel\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Michiel\AppData\Local\Temp\ppcrlui_2616_2
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-02-15 to 2012-03-15  ))))))))))))))))))))))))))))))
.
.
2012-03-15 16:44 . 2012-03-15 16:44	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-03-15 16:44 . 2012-03-15 16:44	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-15 13:41 . 2012-03-15 16:47	17408	----a-w-	c:\windows\system32\rpcnetp.dll
2012-03-15 13:39 . 2012-03-15 16:45	17408	----a-w-	c:\windows\system32\rpcnetp.exe
2012-03-14 18:56 . 2012-03-14 18:56	--------	d-----w-	c:\users\Michiel\AppData\Roaming\Malwarebytes
2012-03-14 18:55 . 2012-03-14 18:55	--------	d-----w-	c:\programdata\Malwarebytes
2012-03-14 18:55 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-03-14 18:55 . 2012-03-14 18:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-03-14 09:34 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-13 17:19 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{83037CF0-42EE-48DE-A21C-B01A57F13CC9}\mpengine.dll
2012-02-19 19:44 . 2012-02-19 19:44	161792	----a-w-	c:\windows\system32\msls31.dll
2012-02-19 19:44 . 2012-02-19 19:44	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-19 19:44 . 2012-02-19 19:44	107008	----a-w-	c:\program files\Internet Explorer\iecleanup.exe
2012-02-19 19:44 . 2012-02-19 19:44	307200	----a-w-	c:\program files\Internet Explorer\iediagcmd.exe
2012-02-19 19:44 . 2012-02-19 19:44	141112	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-02-19 19:44 . 2012-02-19 19:44	748336	----a-w-	c:\program files\Internet Explorer\iexplore.exe
2012-02-19 19:44 . 2012-02-19 19:44	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-02-19 19:44 . 2012-02-19 19:44	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-02-16 13:55 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-16 13:55 . 2012-01-12 19:52	2044416	----a-w-	c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 09:30 . 2010-09-14 11:17	44544	----a-w-	c:\windows\system32\agremove.exe
2012-03-07 10:15 . 2010-06-03 08:37	472808	----a-w-	c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-03 17:15	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Michiel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Michiel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Michiel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2008-11-18 21633320]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NDSTray.exe"="NDSTray.exe" [BU]
"Desktop SMS"="c:\program files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 1507328]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2006-12-06 366400]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-02-28 1836544]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 1029416]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-10-25 413696]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-01-22 712704]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2007-05-04 571024]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\users\Michiel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files\Toshiba\TRDCReminder\TRDCReminder.exe [2007-7-27 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4054138174-728363093-3148181240-1000Core.job
- c:\users\Michiel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-02 19:24]
.
2012-03-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4054138174-728363093-3148181240-1000UA.job
- c:\users\Michiel\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-01-02 19:24]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4054138174-728363093-3148181240-1000Core.job
- c:\users\Michiel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 13:35]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4054138174-728363093-3148181240-1000UA.job
- c:\users\Michiel\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-15 13:35]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 17:49
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3ACF.tmp"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-4054138174-728363093-3148181240-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:17,b7,58,eb,4f,36,54,12,7c,43,60,b0,5b,ce,9d,0b,4f,23,1a,c2,e7,b9,21,
   8e,68,85,5b,00,c4,37,83,e7,df,ac,0e,d7,67,7a,1b,ec,d3,a1,23,2a,4e,bb,b0,cc,\
"??"=hex:7b,a4,4a,62,b0,f7,c1,f4,55,39,a4,8d,07,e6,94,15
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3836)
c:\users\Michiel\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Voltooingstijd: 2012-03-15  17:58:28 - machine werd herstart
ComboFix-quarantined-files.txt  2012-03-15 16:58
ComboFix2.txt  2009-10-27 16:49
.
Pre-Run: 31.194.288.128 bytes beschikbaar
Post-Run: 31.872.929.792 bytes beschikbaar
.
- - End Of File - - 93C4B8D54C123C0234F4A5FD476FE598