ComboFix 12-12-20.02 - Dana 20/12/2012  16:23:25.3.2 - x86
Microsoft® Windows Vista™ Business   6.0.6002.2.1252.32.1043.18.3062.1196 [GMT 1:00]
Gestart vanuit: c:\users\Dana\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Dana\Desktop\CFScript.txt
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Aanwezig AV is actief
.
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
--------------- FCopy ---------------
.
c:\temp\tcpmon.ini --> c:\windows\System32\tcpmon.ini
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-11-20 to 2012-12-20  ))))))))))))))))))))))))))))))
.
.
2012-12-20 15:33 . 2012-12-20 15:33	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-12-20 15:33 . 2012-12-20 15:33	--------	d-----w-	c:\users\Maarten\AppData\Local\temp
2012-12-20 15:33 . 2012-12-20 15:33	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-12-19 07:55 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C7F438F-8AF6-4B4E-990F-4A4E18AC906F}\mpengine.dll
2012-12-18 07:54 . 2012-12-20 15:34	--------	d-----w-	c:\users\Dana\AppData\Local\temp
2012-12-12 07:09 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-12 07:08 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-12 07:08 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-12 07:08 . 2009-07-14 12:12	16896	----a-w-	c:\windows\system32\winusb.dll
2012-12-12 07:08 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-12 07:08 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-12 07:08 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-12 07:08 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-12 07:08 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 07:08 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-12 07:08 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-12 05:06 . 2012-11-13 01:36	2048000	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 05:06 . 2012-11-02 10:18	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 05:06 . 2012-11-02 08:26	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2012-12-12 05:06 . 2012-08-21 11:47	224640	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-12 05:06 . 2012-11-08 03:46	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-12 05:06 . 2012-11-08 01:36	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-12 05:06 . 2012-11-13 01:29	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-11 08:26 . 2012-12-13 07:47	--------	d-----w-	C:\Temp
2012-12-07 15:53 . 2012-12-07 15:53	--------	d-----w-	c:\users\Maarten\AppData\Roaming\Sony Corporation
2012-12-06 07:17 . 2012-12-13 07:17	--------	d-----w-	c:\programdata\NCH Software
2012-12-06 07:16 . 2012-12-13 07:17	--------	d-----w-	c:\users\Maarten\AppData\Roaming\NCH Software
2012-12-05 23:28 . 2012-12-05 23:28	388096	----a-r-	c:\users\Maarten\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-12-05 23:28 . 2012-12-05 23:28	--------	d-----w-	c:\program files\Trend Micro
2012-11-24 09:13 . 2012-11-24 09:14	--------	d-----w-	c:\users\Dana\AppData\Local\Akamai
2012-11-24 09:09 . 2012-11-24 09:09	--------	d-----w-	C:\Dell Management Packs
2012-11-21 08:00 . 2012-11-21 08:00	--------	d-----w-	c:\users\Dana\AppData\Local\Deployment
2012-11-21 08:00 . 2012-11-21 08:00	--------	d-----w-	c:\users\Dana\AppData\Local\Apps
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 12:20 . 2012-11-04 07:31	697272	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-12-12 12:20 . 2011-05-19 17:07	73656	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-29 18:54 . 2012-11-04 08:11	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-09-25 16:19 . 2012-11-14 18:27	75776	----a-w-	c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\Dana\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-22 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-22 133656]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-02-26 128296]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
.
c:\users\Dana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mediacontrole Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-5-27 368640]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Password.lnk - c:\windows\Temp\Password.exe [N/A]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-2-22 1193240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
2008-02-22 05:24	159744	----a-w-	c:\program files\DellTPad\Apoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-09-27 05:22	59240	----a-w-	c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2008-02-22 06:02	141848	----a-w-	c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe]
2008-07-17 05:32	36864	----a-w-	c:\windows\OEM13Mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 12:28	421888	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-02-22 05:14	4907008	----a-w-	c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33	17418928	----a-r-	c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork	REG_MULTI_SZ   	PLA DPS BFE mpssvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-04 12:20]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:33]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 18:33]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
Trusted Zone: dell.com
TCP: DhcpNameServer = 195.130.130.131 195.130.131.131
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-20 16:34
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-12-20  16:37:28
ComboFix-quarantined-files.txt  2012-12-20 15:37
ComboFix2.txt  2012-12-18 07:54
ComboFix3.txt  2012-11-11 03:26
.
Pre-Run: 58 298 421 248 bytes beschikbaar
Post-Run: 58 519 941 120 bytes beschikbaar
.
- - End Of File - - 2F48E5E1AF75DEF8A827C1CD555F94B1