ComboFix 09-03-03.01 - Flore 2009-03-04 14:19:51.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1043.18.2046.1195 [GMT 1:00]
Gestart vanuit: C:\Users\Flore\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated)
FW: AVG Firewall *disabled*
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
C:\Users\Flore\FAVORI~1\Download programs.url
C:\Users\Flore\FAVORI~1\Translator.url
C:\Users\Flore\FAVORI~1\Videos.url
C:\Users\Flore\Favorites\Download programs.url
C:\Users\Flore\Favorites\Translator.url
C:\Users\Flore\Favorites\Videos.url

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games
-------\Service_Boonty Games


((((((((((((((((((((   Bestanden Gemaakt van 2009-02-04 to 2009-03-04  ))))))))))))))))))))))))))))))
.

2009-03-04 13:01 . 2009-03-04 14:23	270,370,612	--a------	C:\Windows\MEMORY.DMP
2009-03-03 22:30 . 2009-03-03 22:30	<DIR>	d--------	C:\Users\Flore\AppData\Roaming\Malwarebytes
2009-03-03 22:30 . 2009-03-03 22:30	<DIR>	d--------	C:\Users\All Users\Malwarebytes
2009-03-03 22:30 . 2009-03-03 22:30	<DIR>	d--------	C:\ProgramData\Malwarebytes
2009-03-03 22:30 . 2009-03-03 22:30	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2009-03-03 22:30 . 2009-02-11 10:19	38,496	--a------	C:\Windows\System32\drivers\mbamswissarmy.sys
2009-03-03 22:30 . 2009-02-11 10:19	15,504	--a------	C:\Windows\System32\drivers\mbam.sys
2009-03-03 19:21 . 2009-03-03 19:21	<DIR>	d--------	C:\Program Files\Trend Micro
2009-02-18 18:23 . 2009-02-18 18:25	<DIR>	d--------	C:\Users\Flore\AppData\Roaming\GetRightToGo
2009-02-15 19:08 . 2008-12-05 05:32	428,544	--a------	C:\Windows\System32\EncDec.dll
2009-02-15 19:08 . 2008-12-05 05:32	293,376	--a------	C:\Windows\System32\psisdecd.dll
2009-02-15 19:08 . 2008-12-05 05:31	217,088	--a------	C:\Windows\System32\psisrndr.ax
2009-02-15 19:08 . 2008-12-05 05:31	177,664	--a------	C:\Windows\System32\mpg2splt.ax
2009-02-15 19:08 . 2008-12-05 05:31	80,896	--a------	C:\Windows\System32\MSNP.ax
2009-02-12 13:53 . 2009-02-12 13:53	<DIR>	d--------	C:\Program Files\CCleaner
2009-02-11 13:36 . 2009-01-15 04:36	1,383,424	--a------	C:\Windows\System32\mshtml.tlb
2009-02-11 13:36 . 2009-01-15 07:11	827,392	--a------	C:\Windows\System32\wininet.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-01 23:20	---------	d-----w	C:\Users\Flore\AppData\Roaming\BitTorrent
2009-02-21 10:55	---------	d-----w	C:\Program Files\Google
2009-02-11 20:58	---------	d-----w	C:\Users\Flore\AppData\Roaming\Uniblue
2009-02-11 19:02	---------	d-----w	C:\Program Files\Windows Mail
2009-02-03 09:53	---------	d-----w	C:\Program Files\EPSON
2009-01-16 07:09	325,128	----a-w	C:\Windows\system32\drivers\avgldx86.sys
2009-01-13 16:33	---------	d-----w	C:\Users\Flore\AppData\Roaming\Crayon Physics Deluxe
2009-01-13 15:20	---------	d-----w	C:\Program Files\Crayon Physics Deluxe
2009-01-10 22:08	---------	d-----w	C:\ProgramData\Avg8
2009-01-10 22:07	23,832	----a-w	C:\Windows\system32\drivers\avgfwd6x.sys
2009-01-10 22:07	12,552	----a-w	C:\Windows\system32\drivers\avgrkx86.sys
2009-01-10 22:07	107,272	----a-w	C:\Windows\system32\drivers\avgtdix.sys
2009-01-10 09:28	---------	d-----w	C:\Program Files\Online TV Player 4
2009-01-07 11:45	---------	d-----w	C:\ProgramData\WindowsSearch
2008-09-29 07:55	100,568	----a-w	C:\Users\Flore\AppData\Roaming\GDIPFONTCACHEV1.DAT
2008-09-09 19:33	27,335	----a-w	C:\Users\Flore\AppData\Roaming\nvModes.dat
2008-07-05 09:04	174	--sha-w	C:\Program Files\desktop.ini
2008-04-09 21:40	774,144	----a-w	C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-10-13 22:06 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 08:33 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-06-06 09:06 159744]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2009-01-10 23:07 1601304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="C:\Acer\AcerTour\Reminder.exe" [2007-05-22 14:49 151552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\Windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\Windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-05-16 09:27 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
--------- 2007-06-11 13:54 1286144 C:\Acer\Empowering Technology\eAudio\eAudio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
--a------ 2007-04-25 15:33 457216 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-06-06 09:07 8433664 C:\Windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-06-06 09:07 81920 C:\Windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
--a------ 2007-06-06 09:07 86016 C:\Windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 08:33 1233920 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-10-13 22:06 171448 C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2008-01-19 08:33 202240 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-05-18 08:24 4468736 C:\Windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-05-18 08:25 1826816 C:\Windows\SkyTel.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe
"PlayMovie"="C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe"
"LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe
"WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A8919BE7-DC33-40C5-9D5A-372820FAECBB}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{F28EB82D-F8F3-4624-A203-D1FED268EC99}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe:DVDivine
"{00FDCD31-38C0-4CE0-837C-372B3E3FDA87}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{55F3085C-2413-4839-AD21-2E8A7E933C53}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{7FBA7E35-B54D-456A-99F1-727A4F934610}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe:DV Wizard
"{7E168B28-137C-4937-A9BA-06C4ED659D1E}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe:Play Movie
"{395E583E-56DD-4B77-8AF3-78B0F9C11F2D}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe:Play Movie Resident Program
"{201EFEAC-5225-4D48-BFB4-B75C5AB2DCFF}"= UDP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire
"{B710727F-B035-425C-A76E-56AB5C36A5FB}"= TCP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire
"{85DE7A13-2DF9-4FF5-A80B-38C4971442F7}"= UDP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire
"{2634AE31-6E5C-424C-92E3-E8993E5AAA22}"= TCP:C:\Program Files\LimeWire Plus\LimeWire.exe:LimeWire
"{066D41B5-F3F5-4678-9CE1-E6B0E77A3F57}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{ACB2E8D9-9CA8-4F9E-96B8-3A9CA69B4F1B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{64465EA6-0CE6-4187-AA32-90040A9B0150}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{A01ABC80-B09F-4DE2-A3E6-45C7E792BF24}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{E497DFEC-25CC-47CB-9A10-1BF07D25E8E4}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C539CCE0-2509-4376-9A64-151825366F4C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{235532F6-F5B3-4BC8-8CEE-7D90DFA1B1B0}C:\\windows\\system32\\uelxdw.exe"= UDP:C:\windows\system32\uelxdw.exe:uelxdw
"UDP Query User{9E209430-1503-49FE-A810-88E130D6D92C}C:\\windows\\system32\\uelxdw.exe"= TCP:C:\windows\system32\uelxdw.exe:uelxdw
"TCP Query User{64F8C923-4A48-45B0-8BB9-33E7C39548B2}C:\\windows\\system32\\atiyhg.exe"= UDP:C:\windows\system32\atiyhg.exe:atiyhg
"UDP Query User{38A56747-9914-49C3-8AD2-EB11421547E9}C:\\windows\\system32\\atiyhg.exe"= TCP:C:\windows\system32\atiyhg.exe:atiyhg
"TCP Query User{7395BCBE-7E58-434B-978C-479FA3FAF9C4}C:\\windows\\system32\\krjkze.exe"= UDP:C:\windows\system32\krjkze.exe:krjkze
"UDP Query User{2C233E9F-2CEA-43EE-BBC4-CEBFBFB69C35}C:\\windows\\system32\\krjkze.exe"= TCP:C:\windows\system32\krjkze.exe:krjkze
"TCP Query User{E64AEB2B-BF43-4BA7-8C4E-924B132655AC}C:\\windows\\system32\\oivaxe.exe"= UDP:C:\windows\system32\oivaxe.exe:oivaxe
"UDP Query User{F8BC7EA5-010A-4EEE-B12F-ECC5A4C0B99D}C:\\windows\\system32\\oivaxe.exe"= TCP:C:\windows\system32\oivaxe.exe:oivaxe
"TCP Query User{881EC204-7B84-4718-B366-EBA5A91DDE68}C:\\windows\\system32\\drhltl.exe"= UDP:C:\windows\system32\drhltl.exe:drhltl
"UDP Query User{D30A5345-0EDB-4946-A40D-8F69C55668BD}C:\\windows\\system32\\drhltl.exe"= TCP:C:\windows\system32\drhltl.exe:drhltl
"{998559E1-4FE5-483B-84D0-7A5F579E5CD6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{FBDBD3E9-DA44-4B33-8BC8-2FE25D77B3C7}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4B2CFF8F-25B5-4245-BCFC-F859D899EBDF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{2CA3E291-0AC7-47F4-820B-1413AE4D6633}"= UDP:C:\Program Files\iWin Games\iWinGames.exe:iWin Games application.
"{FA738DDC-D6AC-4C48-B8C7-289B1F7FA9AD}"= TCP:C:\Program Files\iWin Games\iWinGames.exe:iWin Games application.
"{0D0130C1-8DD2-413F-9AF7-DED590BFCC29}"= UDP:C:\Program Files\iWin Games\WebUpdater.exe:iWin Games updater.
"{53B1AC63-6B8A-466A-942C-B4BF1E079245}"= TCP:C:\Program Files\iWin Games\WebUpdater.exe:iWin Games updater.
"{EC63B7CF-9D2D-498E-A36A-B3F2EE94B116}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C51DC095-24B5-452D-B367-C9F4EF22EAE1}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C2974E71-5899-4100-B168-6B33F4E6DA88}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6DD46F1C-ABE2-4131-B58F-F1661DAEFDB1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5E2184EB-2940-480E-8605-7C1CF48C4ECB}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{ADD4DC5D-ABE6-4ACC-AF06-E353A8E1AB07}"= C:\Program Files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{CE60E6BD-EA46-4E1E-9516-7EC1B035D245}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AvgRkx86;avgrkx86.sys;C:\Windows\System32\drivers\avgrkx86.sys [2008-09-15 17:33:05 12552]
R1 Avgfwfd;AVG network filter service;C:\Windows\System32\drivers\avgfwd6x.sys [2008-10-26 11:16:33 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\System32\drivers\avgldx86.sys [2008-09-15 17:33:01 325128]
R1 AvgTdiX;AVG8 Network Redirector;C:\Windows\System32\drivers\avgtdix.sys [2008-10-26 11:16:33 107272]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2007-09-22 11:18:31 13560]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2007-06-22 11:51:18 32256]
S3 WSVD;WSVD;C:\Windows\System32\drivers\WSVD.sys [2008-09-13 19:22:50 80744]
S4 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-01-10 23:07:27 298264]
S4 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2009-01-10 23:07:16 1339600]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - sptd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a97350c8-81d3-11dd-b3a9-001b38255833}]
\shell\AutoRun\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
\shell\open\command - F:\RESTORE\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe
.
Inhoud van de 'Gedeelde Taken' map

2009-02-20 C:\Windows\Tasks\Easy Onderhoud.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe []
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.nieuwsblad.be/index.html?ref=0901
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Settings,ProxyServer = proxy.pandora.be:8080
uSearchURL,(Default) = hxxp://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com
IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
.