ComboFix 12-08-29.03 - ann 30/08/2012  13:56:16.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.2046.1136 [GMT 2:00]
Gestart vanuit: c:\users\ann\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-07-28 to 2012-08-30  ))))))))))))))))))))))))))))))
.
.
2012-08-30 12:06 . 2012-08-30 12:06	--------	d-----w-	c:\users\ann\AppData\Local\temp
2012-08-30 12:06 . 2012-08-30 12:06	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-08-30 12:06 . 2012-08-30 12:06	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-08-30 06:22 . 2012-08-30 06:22	73696	----a-w-	c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-08-29 06:32 . 2012-08-23 07:15	7022536	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{5ECFCBE1-822C-47D0-9A23-2A1813435108}\mpengine.dll
2012-08-15 06:37 . 2012-05-11 15:57	623616	----a-w-	c:\windows\system32\localspl.dll
2012-08-10 18:21 . 2012-08-10 18:21	658512	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-27 06:17 . 2012-04-04 07:14	696520	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-08-27 06:17 . 2011-05-17 06:44	73416	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-21 09:13 . 2011-04-23 06:22	729752	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2010-08-21 12:15	355632	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2010-08-21 12:15	54232	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2010-08-21 12:15	35928	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2010-08-21 12:15	58680	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2010-08-21 12:15	21256	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2010-08-21 12:13	41224	----a-w-	c:\windows\avastSS.scr
2012-08-21 09:12 . 2010-08-21 12:13	227648	----a-w-	c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2012-07-18 10:36	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-01 12:26 . 2012-07-01 12:27	476936	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-07-01 12:26 . 2010-04-25 08:28	472840	----a-w-	c:\windows\system32\deployJava1.dll
2012-06-06 18:59 . 2012-06-06 18:59	1070152	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2012-06-05 16:47 . 2012-07-11 21:49	1401856	----a-w-	c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 21:49	1248768	----a-w-	c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 21:49	440704	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-22 06:21	53784	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 06:21	45080	----a-w-	c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 06:20	35864	----a-w-	c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 06:20	577048	----a-w-	c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 06:20	1933848	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 06:20	2422272	----a-w-	c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 06:20	88576	----a-w-	c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 06:20	171904	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 06:20	33792	----a-w-	c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 21:49	278528	----a-w-	c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 21:49	204288	----a-w-	c:\windows\system32\ncrypt.dll
2012-08-30 06:22 . 2011-11-10 07:17	266720	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12	121528	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\users\ann\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"SmpcSys"="c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 1092152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-01 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-07 7766016]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-08-21 4282728]
.
c:\users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\ann\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux6"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO -viewer-.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO -viewer-.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO -viewer-.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^ann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^ann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\users\ann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-11 19:00	919008	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-07-31 11:20	38872	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\beid]
2009-06-04 15:51	2056192	----a-w-	c:\program files\Belgium Identity Card\beid35gui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CAMONITOR]
2007-10-16 16:32	249856	----a-w-	c:\program files\Trust 2MP Auto Focus Webcam\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40	687560	----a-w-	c:\program files\DAEMON Tools Lite\daemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 22:33	125952	----a-w-	c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2006-08-25 10:11	221184	----a-w-	c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2006-08-25 10:11	81920	----a-w-	c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 10:34	5724184	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2006-12-07 19:25	81920	----a-w-	c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2006-12-07 19:25	90191	----a-w-	c:\windows\System32\nvsvc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2007-03-01 14:38	4390912	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-06-15 13:02	15141768	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 14:07	2260480	--sha-r-	c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-02-01 20:50	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-18 22:38	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-08-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 06:17]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 07:47]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-09 07:47]
.
2012-08-29 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2012-08-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 16:04]
.
2012-08-30 c:\windows\Tasks\Recovery DVD Creator.job
- c:\program files\Packard Bell\SetupMyPc\MCDCheck.exe [2007-01-24 16:34]
.
2012-08-30 c:\windows\Tasks\Uitgebreide garantie.job
- c:\program files\Packard Bell\SetupmyPC\PBCarNot.exe [2007-01-24 16:38]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
DPF: {3CA45906-EF10-4E4E-9BE4-B444D220FCB0} - hxxp://ua.foto.com/ImageUploader6.cab
FF - ProfilePath - c:\users\ann\AppData\Roaming\Mozilla\Firefox\Profiles\wey7zfoe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-30 14:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-828757872-3370171810-667808584-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A9189A94-FC90-F6A5-308F-7E7106E3789B}*]
"hakdgioeppdgpani"=hex:6a,61,62,6a,66,66,69,6d,61,61,68,61,6d,66,6f,70,6a,69,
   61,66,00,fa
"iaiddklkjlaklcoenb"=hex:6a,61,62,6a,66,66,69,6d,61,61,68,61,6d,66,6f,70,6a,69,
   61,66,00,69
.
Voltooingstijd: 2012-08-30  14:11:57
ComboFix-quarantined-files.txt  2012-08-30 12:11
ComboFix2.txt  2011-09-13 10:51
.
Pre-Run: 36.027.113.472 bytes beschikbaar
Post-Run: 35.228.954.624 bytes beschikbaar
.
- - End Of File - - 2A19109EDB18ED1EA1DAC1AE6EABB868