ComboFix 12-03-15.01 - Hilaire 15/03/2012  10:28:08.13.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.32.1043.18.1982.1236 [GMT 1:00]
Gestart vanuit: c:\users\Hilaire\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Hilaire\AppData\Local\assembly\tmp
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-02-15 to 2012-03-15  ))))))))))))))))))))))))))))))
.
.
2012-03-15 09:38 . 2012-03-15 09:38	--------	d-----w-	c:\users\Hilaire\AppData\Local\temp
2012-03-15 09:38 . 2012-03-15 09:38	--------	d-----w-	c:\users\Public\AppData\Local\temp
2012-03-15 09:38 . 2012-03-15 09:38	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-03-14 16:54 . 2012-02-02 15:16	2044416	----a-w-	c:\windows\system32\win32k.sys
2012-03-14 16:54 . 2012-02-14 15:45	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-03-14 16:54 . 2012-02-13 13:44	1068544	----a-w-	c:\windows\system32\DWrite.dll
2012-03-14 16:54 . 2012-02-13 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2012-03-14 16:54 . 2012-02-13 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2012-03-14 16:54 . 2012-02-14 15:45	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2012-03-14 16:54 . 2012-01-31 10:59	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2012-03-14 16:54 . 2012-02-08 06:03	6552120	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{54B19F52-9F72-41C0-A2EF-32CAAC2029D9}\mpengine.dll
2012-03-14 16:49 . 2012-03-14 16:49	--------	d-----w-	C:\Team17
2012-03-13 17:05 . 2012-01-09 15:54	613376	----a-w-	c:\windows\system32\rdpencom.dll
2012-03-13 17:05 . 2012-01-09 13:58	180736	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-03-05 18:13 . 2012-03-14 16:47	--------	d-----w-	c:\program files\Lavasoft
2012-03-05 17:45 . 2011-06-21 10:24	32768	----a-w-	c:\windows\system32\drivers\sp_rsdrv2.sys
2012-03-05 15:43 . 2012-03-05 15:43	--------	d-----w-	c:\program files\DIFX
2012-03-05 14:26 . 2012-03-05 14:26	--------	d-----w-	c:\program files\Speccy
2012-02-28 15:53 . 2012-02-28 15:55	--------	d-----w-	c:\users\Hilaire\Rebox
2012-02-21 17:30 . 2012-02-21 17:30	--------	d-----w-	c:\programdata\GARMIN
2012-02-20 16:27 . 2012-02-20 16:27	--------	d-----w-	c:\program files\MapsGalaxy_39EI
2012-02-20 15:59 . 2012-02-20 15:59	--------	d-----w-	c:\programdata\Softland
2012-02-20 15:58 . 2012-02-20 15:58	--------	d-----w-	c:\program files\Softland
2012-02-20 15:45 . 2012-02-20 15:45	--------	d-----w-	c:\users\Hilaire\AppData\Local\Codessentials
2012-02-17 16:14 . 2012-02-17 16:14	--------	d-----w-	c:\program files\Garmin GPS Plugin
2012-02-17 15:59 . 2012-03-05 15:42	--------	d-----w-	c:\program files\Garmin
2012-02-16 13:48 . 2011-12-14 02:50	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-02-16 13:48 . 2011-12-14 03:32	141112	----a-w-	c:\program files\Internet Explorer\sqmapi.dll
2012-02-16 13:48 . 2011-12-14 02:54	194048	----a-w-	c:\program files\Internet Explorer\IEShims.dll
2012-02-16 13:48 . 2011-12-14 03:04	1798656	----a-w-	c:\windows\system32\jscript9.dll
2012-02-16 13:48 . 2011-12-14 02:57	1127424	----a-w-	c:\windows\system32\wininet.dll
2012-02-16 13:47 . 2011-12-14 02:59	678912	----a-w-	c:\program files\Internet Explorer\iedvtool.dll
2012-02-16 13:47 . 2011-12-14 02:56	1427456	----a-w-	c:\windows\system32\inetcpl.cpl
2012-02-16 13:17 . 2011-12-14 16:17	680448	----a-w-	c:\windows\system32\msvcrt.dll
2012-02-15 13:01 . 2012-02-15 13:01	--------	d-----w-	C:\C
2012-02-15 12:59 . 2012-02-15 12:59	--------	d-----w-	c:\users\Hilaire\AppData\Roaming\Codessentials
2012-02-14 17:20 . 2012-02-14 18:14	--------	d-----w-	c:\users\Hilaire\AppData\Roaming\Media Finder
2012-02-14 14:59 . 2012-03-05 09:36	--------	d-----w-	c:\users\Hilaire\Tor Browser
2012-02-14 14:21 . 2012-03-03 16:36	--------	d-----w-	c:\users\Hilaire\AppData\Roaming\Garmin
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-05 18:37 . 2011-03-07 17:40	101720	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2012-02-23 16:23 . 2010-12-14 10:19	41184	----a-w-	c:\windows\avastSS.scr
2012-02-23 16:23 . 2010-12-14 10:19	201352	----a-w-	c:\windows\system32\aswBoot.exe
2012-02-23 16:12 . 2011-03-07 16:23	610648	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2012-02-23 16:12 . 2010-12-14 10:19	337112	----a-w-	c:\windows\system32\drivers\aswSP.sys
2012-02-23 16:10 . 2010-12-14 10:19	35672	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2012-02-23 16:10 . 2010-12-14 10:19	53848	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2012-02-23 16:10 . 2010-12-14 10:19	57688	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2012-02-23 16:10 . 2010-12-14 10:19	20696	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2009-10-02 16:17	237072	------w-	c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-02-23 16:23	123536	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"googletalk"="c:\users\Hilaire\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-03-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-02-23 4031368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\fsproflt]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SetPoint.lnk]
backup=c:\windows\pss\SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech BT Wizard]
LBTWiz.exe -silent [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-12-27 17:52	136176	----atw-	c:\users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GUCI_AVS]
2007-12-10 14:55	323584	----a-w-	c:\windows\PixArt\PAP7501\GUCI_AVS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2007-01-11 17:15	101136	----a-w-	c:\windows\KHALMNPR.Exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PACTray]
2009-06-09 09:53	319488	----a-w-	c:\windows\PixArt\PAP7501\PACTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-05-04 11:59	252136	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-03-03 15:49	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3610711996-1769753261-2712777353-1000]
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhoud van de 'Gedeelde Taken' map
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 15:49]
.
2012-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000Core.job
- c:\users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 17:52]
.
2012-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610711996-1769753261-2712777353-1000UA.job
- c:\users\Hilaire\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-27 17:52]
.
2012-03-15 c:\windows\Tasks\User_Feed_Synchronization-{7DF20E1A-0DCE-461E-A17B-4A27F5EBEB49}.job
- c:\windows\system32\msfeedssync.exe [2011-03-25 18:47]
.
2010-10-02 c:\windows\Tasks\User_Feed_Synchronization-{E44D27E0-7B62-432F-8035-1BBB9729ED05}.job
- c:\windows\system32\msfeedssync.exe [2011-03-25 18:47]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.crawler.com/homepage.aspx?tbid=60747
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/burn4free/{7D95CA6D-DA29-4768-86D2-DA8F0A42221B}
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Hilaire\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\Hilaire\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.254
DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} - hxxp://www.tele2.be/mailconfig/config/bin/AccountHelper.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
SafeBoot-SolutoService
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-Logitech Hardware Abstraction Layer - c:\program files\Common Files\Logitech\khalshared\KHALMNPR.EXE
MSConfigStartUp-sfagent - c:\program files\Fighters\SPAMfighter\sfagent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-15 10:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,7b,e1,8f,58,c2,45,4a,95,17,2a,\
.
[HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000)
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3610711996-1769753261-2712777353-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
@Denied: (2) (S-1-5-21-3610711996-1769753261-2712777353-1000)
"Progid"="SafariHTML"
.
Voltooingstijd: 2012-03-15  10:42:04
ComboFix-quarantined-files.txt  2012-03-15 09:42
ComboFix2.txt  2011-08-26 12:49
ComboFix3.txt  2011-08-25 17:21
ComboFix4.txt  2011-05-22 16:47
ComboFix5.txt  2012-03-15 09:25
.
Pre-Run: 176.750.972.928 bytes beschikbaar
Post-Run: 176.712.658.944 bytes beschikbaar
.
- - End Of File - - 58A27972262041567BD0849B8E9B93C0