ComboFix 13-09-02.02 - tomas 02/09/2013  19:27:14.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.32.1043.18.2037.1401 [GMT 2:00]
Gestart vanuit: c:\documents and settings\tomas\Bureaublad\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\RAIDTest
c:\documents and settings\tomas\Application Data\langInstall.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2013-08-02 to 2013-09-02  ))))))))))))))))))))))))))))))
.
.
2013-09-02 10:11 . 2013-09-02 10:11	388096	----a-r-	c:\documents and settings\tomas\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-09-02 10:11 . 2013-09-02 10:11	--------	d-----w-	c:\program files\Trend Micro
2013-09-02 10:10 . 2013-09-02 10:10	867240	----a-w-	c:\windows\system32\npDeployJava1.dll
2013-09-02 10:10 . 2013-09-02 10:10	94632	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2013-09-02 10:06 . 2013-09-02 10:06	--------	d-----w-	c:\documents and settings\All Users\Application Data\Licenses
2013-09-02 09:52 . 2013-09-02 09:52	--------	d-----w-	c:\documents and settings\tomas\Application Data\Malwarebytes
2013-09-02 09:52 . 2013-09-02 09:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2013-09-02 09:52 . 2013-09-02 09:52	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-09-02 09:52 . 2013-04-04 12:50	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-09-02 09:49 . 2013-09-02 10:12	--------	d--h--r-	c:\documents and settings\tomas\Onlangs geopend
2013-09-02 09:48 . 2013-09-02 09:48	--------	d-----w-	c:\program files\CCleaner
2013-08-21 12:00 . 2013-08-21 12:03	--------	d-----w-	c:\windows\system32\MRT
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-09-02 10:10 . 2008-04-14 09:05	144896	----a-w-	c:\windows\system32\javacpl.cpl
2013-09-02 10:10 . 2010-04-23 12:54	789416	----a-w-	c:\windows\system32\deployJava1.dll
2013-08-21 11:07 . 2012-05-30 10:29	692104	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2013-08-21 11:07 . 2011-07-28 16:08	71048	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-31 08:22 . 2004-09-08 16:27	901808	----a-w-	c:\windows\system32\wmvdmod.dll
2013-07-26 02:49 . 2004-09-08 16:26	920064	----a-w-	c:\windows\system32\wininet.dll
2013-07-26 02:48 . 2004-09-08 16:26	43520	----a-w-	c:\windows\system32\licmgr10.dll
2013-07-26 02:48 . 2004-09-08 16:26	1469440	----a-w-	c:\windows\system32\inetcpl.cpl
2013-07-25 15:58 . 2004-09-08 16:26	385024	----a-w-	c:\windows\system32\html.iec
2013-07-10 10:37 . 2004-09-08 16:26	406016	----a-w-	c:\windows\system32\usp10.dll
2013-07-04 07:33 . 2004-09-08 16:26	2154496	----a-w-	c:\windows\system32\ntoskrnl.exe
2013-07-04 07:33 . 2004-08-04 00:58	2033152	----a-w-	c:\windows\system32\ntkrnlpa.exe
2013-07-03 10:24 . 2013-04-10 12:17	175176	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-07-03 10:24 . 2011-08-16 07:44	770344	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-07-03 10:24 . 2010-09-20 12:15	369584	----a-w-	c:\windows\system32\drivers\aswSP.sys
2013-06-05 09:08 . 2004-09-08 16:26	1876864	----a-w-	c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58	121968	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\documents and settings\tomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\documents and settings\tomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\documents and settings\tomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36	130736	----a-w-	c:\documents and settings\tomas\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 14:11	579024	----a-w-	c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-27 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-27 162328]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-27 137752]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 16377344]
"PrintDisp"="c:\windows\system32\PrintDisp.exe" [2011-02-19 826368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\tomas\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\tomas\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE -b -l [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-18 14:01	133104	----atw-	c:\documents and settings\tomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33	141600	----a-w-	c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2006-11-17 11:39	136768	----a-w-	c:\program files\McAfee\Common Framework\UdaterUI.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 17:03	1695232	----a-w-	c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-10 22:08	417792	----a-w-	c:\program files\QuickTime\QTTask.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\MSACCESS.EXE"=
"c:\\DfW2.6\\Digora.exe"=
"c:\\DfW2.6\\DfWAdmin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\tomas\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1315:TCP"= 1315:TCP:Digora
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [10/04/2013 14:17 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [10/04/2013 14:17 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16/08/2011 9:44 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20/09/2010 14:15 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20/09/2010 14:15 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [10/04/2013 14:17 66336]
R2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe [27/10/2011 17:12 65536]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [14/04/2008 17:54 41216]
S3 DfWSrv;DfW Server;c:\dfw2.6\DfWSrv.exe [23/01/2009 1:39 61440]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Inhoud van de 'Gedeelde Taken' map
.
2013-09-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-30 11:07]
.
2013-09-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-08-13 08:58]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 14:27]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-12 14:27]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1539208241-3334852489-2779473983-1005Core.job
- c:\documents and settings\tomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 14:01]
.
2013-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1539208241-3334852489-2779473983-1005UA.job
- c:\documents and settings\tomas\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-18 14:01]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: pcannmieke
TCP: Interfaces\{4518A443-9D5C-47A4-9B3B-093602D90D41}: NameServer = 192.168.10.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-02 19:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2013-09-02  19:32:20
ComboFix-quarantined-files.txt  2013-09-02 17:32
.
Pre-Run: 142.591.500.288 bytes beschikbaar
Post-Run: 143.198.126.080 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - C500E9DB4BE066CF772BC866BD444A9B
8F558EB6672622401DA993E1E865C861