ComboFix 09-07-19.02 - McVeen 19-07-2009 21:33.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.31.1043.18.3070.1826 [GMT 2:00]
Gestart vanuit: c:\users\McVeen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\recycler\S-1-5-21-1322953046-1920257980-085533221-5640
c:\recycler\S-1-5-21-3305789367-7354492721-401233777-4666
G:\Autorun.inf

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-06-19 to 2009-07-19  ))))))))))))))))))))))))))))))
.

2009-07-19 19:10 . 2009-07-19 19:10	--------	d-----w-	c:\users\McVeen\AppData\Roaming\Malwarebytes
2009-07-19 19:10 . 2009-07-13 11:36	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 19:10 . 2009-07-19 19:10	--------	d-----w-	c:\programdata\Malwarebytes
2009-07-19 19:10 . 2009-07-13 11:36	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-19 07:11 . 2009-07-19 07:22	--------	d-----w-	c:\users\McVeen\AppData\Roaming\Reg Tool
2009-07-18 10:12 . 2008-04-07 03:38	22872	----a-r-	c:\windows\system32\AdobePDFUI.dll
2009-07-18 10:12 . 2008-04-07 03:38	45392	----a-r-	c:\windows\system32\AdobePDF.dll
2009-07-18 07:28 . 2009-07-07 03:15	327688	----a-w-	c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-18 07:28 . 2009-07-07 03:15	3298072	----a-w-	c:\programdata\avg8\update\backup\setup.exe
2009-07-18 07:28 . 2009-07-07 03:15	3402008	----a-w-	c:\programdata\avg8\update\backup\avgui.exe
2009-07-18 07:28 . 2009-07-07 03:15	2301208	----a-w-	c:\programdata\avg8\update\backup\avguiadv.dll
2009-07-18 07:28 . 2009-07-07 03:15	1204504	----a-w-	c:\programdata\avg8\update\backup\avgabout.dll
2009-07-18 07:28 . 2009-07-07 03:15	1107224	----a-w-	c:\programdata\avg8\update\backup\avgssie.dll
2009-07-18 07:28 . 2009-07-07 03:15	337176	----a-w-	c:\programdata\avg8\update\backup\avglogx.dll
2009-07-18 07:28 . 2009-07-07 03:15	829208	----a-w-	c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-18 07:28 . 2009-07-07 03:15	906520	----a-w-	c:\programdata\avg8\update\backup\avgemc.exe
2009-07-18 07:28 . 2009-07-07 03:15	2167576	----a-w-	c:\programdata\avg8\update\backup\avgresf.dll
2009-07-18 07:26 . 2009-07-07 03:15	1454360	----a-w-	c:\programdata\avg8\update\backup\avgupd.dll
2009-07-18 07:26 . 2009-07-07 03:15	1085208	----a-w-	c:\programdata\avg8\update\backup\avgupd.exe
2009-07-18 05:09 . 2009-07-18 05:09	--------	d-----w-	c:\users\McVeen\AppData\Local\WinZip
2009-07-18 05:08 . 2009-07-18 05:17	--------	d-----w-	c:\programdata\WinZip
2009-07-15 13:37 . 2009-05-20 10:26	4969808	----a-w-	c:\users\McVeen\AppData\Roaming\TomTom\HOME\Profiles\0j8awfnb.default\extensions\Navcore.8.351.9982@tomtom.com\8-351-9982-1.dll
2009-07-15 13:20 . 2008-04-04 07:42	8606544	----a-w-	c:\users\McVeen\AppData\Roaming\TomTom\HOME\Profiles\0j8awfnb.default\extensions\Navcore.8.002.9117@tomtom.com\8-002-9117-1.dll
2009-07-15 11:35 . 2009-07-15 11:35	--------	d-----w-	c:\programdata\TomTom
2009-07-15 10:56 . 2009-07-15 10:56	--------	d-----w-	c:\users\McVeen\AppData\Roaming\TomTom
2009-07-15 10:56 . 2009-07-15 10:56	--------	d-----w-	c:\users\McVeen\AppData\Local\TomTom
2009-07-15 10:56 . 2009-07-15 10:56	--------	d-----w-	c:\program files\TomTom International B.V
2009-07-15 10:46 . 2009-06-15 15:20	72704	----a-w-	c:\windows\system32\fontsub.dll
2009-07-15 10:46 . 2009-06-15 15:20	10240	----a-w-	c:\windows\system32\dciman32.dll
2009-07-15 10:46 . 2009-06-15 14:53	156672	----a-w-	c:\windows\system32\t2embed.dll
2009-07-15 10:46 . 2009-06-15 12:52	289792	----a-w-	c:\windows\system32\atmfd.dll
2009-07-15 04:06 . 2009-07-15 04:06	--------	d-----w-	c:\users\McVeen\AppData\Roaming\NeroDCTemplates
2009-07-15 03:34 . 2009-07-15 03:34	--------	d-----w-	c:\program files\Common Files\LightScribe
2009-07-15 03:18 . 2009-07-15 03:18	--------	d-----w-	c:\users\McVeen\AppData\Roaming\Nero
2009-07-15 03:16 . 2007-10-31 18:35	1347584	----a-w-	c:\programdata\Nero\DrWeb\DRWEB32.DLL
2009-07-15 03:16 . 2006-03-17 12:49	368640	----a-w-	c:\windows\system32\TwnLib4.dll
2009-07-15 03:16 . 2006-03-17 09:45	802816	----a-w-	c:\windows\system32\imagXRA7.dll
2009-07-15 03:16 . 2006-03-17 09:45	497296	----a-w-	c:\windows\system32\imagXpr7.dll
2009-07-15 03:16 . 2006-03-17 09:45	258048	----a-w-	c:\windows\system32\imagXR7.dll
2009-07-15 03:16 . 2006-03-17 09:45	1757184	----a-w-	c:\windows\system32\imagX7.dll
2009-07-15 03:16 . 2009-07-15 03:16	--------	d-----w-	c:\programdata\Nero
2009-07-15 03:16 . 2009-07-15 03:16	--------	d-----w-	c:\program files\Common Files\Nero
2009-07-12 09:06 . 2009-07-12 09:06	--------	d-----w-	c:\users\McVeen\AppData\Local\HP
2009-07-12 08:42 . 2009-07-12 08:42	--------	d-----w-	c:\programdata\HPSSUPPLY
2009-07-12 06:39 . 2009-07-15 04:00	--------	d-----w-	c:\programdata\LightScribe
2009-07-10 14:34 . 2009-07-12 17:14	--------	d-----w-	C:\tmp
2009-07-10 11:58 . 2009-07-10 11:58	--------	d-----w-	C:\Files
2009-07-10 11:58 . 2009-07-12 18:00	--------	d-----w-	C:\King322
2009-07-09 18:40 . 2009-07-09 18:40	--------	d-----w-	c:\programdata\WEBREG
2009-07-09 18:13 . 2009-07-10 08:41	--------	d-----w-	c:\programdata\HP Product Assistant
2009-07-09 18:12 . 2009-07-09 18:12	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2009-07-09 18:12 . 2009-07-09 18:12	--------	d-----w-	c:\program files\Common Files\HP
2009-07-09 18:10 . 2008-04-16 04:05	271704	----a-w-	c:\windows\system32\hpzids01.dll
2009-07-09 18:10 . 2008-06-06 18:49	118272	----a-w-	c:\windows\system32\hpz3l692.dll
2009-07-09 18:10 . 2008-04-16 04:05	729088	----a-w-	c:\windows\system32\hposwia_p01a.dll
2009-07-09 18:10 . 2008-04-16 04:05	974848	----a-w-	c:\windows\system32\hpost_p01a.dll
2009-07-09 18:10 . 2008-04-16 04:05	372736	----a-w-	c:\windows\system32\hppldcoi.dll
2009-07-09 18:10 . 2008-04-16 04:05	309760	----a-w-	c:\windows\system32\difxapi.dll
2009-07-09 18:10 . 2008-02-28 10:08	303104	----a-w-	c:\windows\system32\hposc_p01a.dll
2009-07-09 18:07 . 2009-07-09 18:31	177432	----a-w-	c:\windows\hpoins30.dat
2009-07-09 14:31 . 2009-07-09 14:30	348160	----a-w-	c:\windows\MSVCR71.DLL
2009-07-09 14:31 . 2009-07-09 14:30	1060864	----a-w-	c:\windows\MFC71.DLL
2009-07-08 21:08 . 2009-07-08 21:08	--------	d-----w-	c:\windows\system32\EventProviders
2009-07-08 19:46 . 2009-07-08 19:45	410984	----a-w-	c:\windows\system32\deploytk.dll
2009-07-08 19:45 . 2009-07-08 19:45	--------	d-----w-	c:\program files\Java
2009-07-08 18:09 . 2009-07-08 18:09	--------	d-----w-	c:\program files\TeamViewer
2009-07-08 18:03 . 2009-07-08 18:13	--------	d-----w-	c:\users\McVeen\AppData\Roaming\TeamViewer
2009-07-08 18:03 . 2009-07-08 18:03	--------	d-----w-	c:\users\McVeen\temp
2009-07-08 17:44 . 2009-07-08 17:44	--------	d-----w-	c:\users\McVeen\AppData\Local\LogMeIn
2009-07-08 17:44 . 2009-07-08 17:44	--------	d-----w-	c:\programdata\LogMeIn
2009-07-08 17:44 . 2008-10-16 18:35	83288	----a-w-	c:\windows\system32\LMIRfsClientNP.dll
2009-07-08 17:44 . 2008-10-16 18:35	28984	----a-w-	c:\windows\system32\LMIport.dll
2009-07-08 17:44 . 2008-07-24 16:46	47640	----a-w-	c:\windows\system32\drivers\LMIRfsDriver.sys
2009-07-08 17:44 . 2008-10-16 18:35	87352	----a-w-	c:\windows\system32\LMIinit.dll
2009-07-08 17:44 . 2009-07-19 07:01	--------	d-----w-	c:\program files\LogMeIn
2009-07-08 14:52 . 2009-07-08 14:52	--------	d-----w-	c:\programdata\Elaborate Bytes
2009-07-08 12:32 . 2009-07-08 12:32	--------	d-----w-	c:\users\McVeen\AppData\Roaming\GTek
2009-07-08 08:00 . 2009-07-08 08:00	--------	d-----w-	c:\programdata\FLEXnet
2009-07-08 06:34 . 2009-07-08 06:34	--------	d-----w-	c:\users\McVeen\{ef98c232-4cbb-46b4-b18e-a123731633af}
2009-07-07 19:26 . 2008-06-20 01:14	105016	----a-w-	c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-07 19:26 . 2008-06-20 01:14	97800	----a-w-	c:\windows\system32\infocardapi.dll
2009-07-07 19:26 . 2008-06-20 01:14	43544	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2009-07-07 19:26 . 2008-06-20 01:14	11264	----a-w-	c:\windows\system32\icardres.dll
2009-07-07 19:26 . 2008-06-20 01:14	622080	----a-w-	c:\windows\system32\icardagt.exe
2009-07-07 19:26 . 2008-06-20 01:14	781344	----a-w-	c:\windows\system32\PresentationNative_v0300.dll
2009-07-07 19:26 . 2008-06-20 01:14	326160	----a-w-	c:\windows\system32\PresentationHost.exe
2009-07-07 18:53 . 2008-04-26 08:26	891448	----a-w-	c:\windows\system32\drivers\tcpip.sys
2009-07-07 18:53 . 2008-04-05 03:34	15360	----a-w-	c:\windows\system32\pacerprf.dll
2009-07-07 18:53 . 2008-04-05 01:21	72192	----a-w-	c:\windows\system32\drivers\pacer.sys
2009-07-07 18:53 . 2008-04-18 05:48	269312	----a-w-	c:\windows\system32\es.dll
2009-07-07 17:05 . 2009-07-07 17:05	--------	d-----w-	C:\PerfLogs
2009-07-07 16:23 . 2008-01-18 21:36	6656	----a-w-	c:\windows\system32\sdspres.dll
2009-07-07 16:23 . 2008-01-18 21:33	193024	----a-w-	c:\windows\system32\recdisc.exe
2009-07-07 16:23 . 2008-01-18 21:33	599552	----a-w-	c:\windows\system32\vsp1cln.exe
2009-07-07 16:23 . 2008-01-18 21:36	142336	----a-w-	c:\windows\system32\spp.dll
2009-07-07 16:23 . 2008-01-18 21:36	28160	----a-w-	c:\windows\system32\sxproxy.dll
2009-07-07 16:18 . 2008-01-18 21:42	94776	----a-w-	c:\windows\system32\MigAutoPlay.exe
2009-07-07 16:17 . 2008-01-18 21:43	503864	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2009-07-07 16:15 . 2008-01-18 21:33	44032	----a-w-	c:\windows\system32\cbsra.exe
2009-07-07 16:14 . 2009-07-07 16:14	--------	d-----w-	C:\f575b9099e8d837169c7282eeb8d
2009-07-07 14:37 . 2009-07-07 14:37	--------	d-----w-	c:\users\McVeen\AppData\Roaming\Manager for Voipbuster
2009-07-07 14:37 . 2009-07-07 14:37	61440	----a-w-	c:\windows\system32\winipsec.dll
2009-07-07 14:37 . 2009-07-07 14:37	28672	----a-w-	c:\windows\system32\FwRemoteSvr.dll
2009-07-07 14:37 . 2009-07-07 14:37	361984	----a-w-	c:\windows\system32\IPSECSVC.DLL
2009-07-07 14:37 . 2009-07-07 14:37	272896	----a-w-	c:\windows\system32\polstore.dll
2009-07-07 14:37 . 2009-07-07 14:37	--------	d-----w-	c:\program files\Manager for Voipbuster
2009-07-07 14:35 . 2009-07-10 17:33	--------	d-----w-	c:\users\McVeen\AppData\Roaming\VoipBuster
2009-07-07 14:35 . 2009-07-07 14:35	--------	d-----w-	c:\program files\VoipBuster.com
2009-07-07 14:31 . 2009-07-07 14:31	241152	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2009-07-07 14:31 . 2009-07-07 14:31	94720	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2009-07-07 14:31 . 2009-07-07 14:31	160768	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2009-07-07 14:27 . 2009-07-07 14:27	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-07-07 14:27 . 2009-07-07 14:27	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-07-07 14:22 . 2009-07-07 14:22	2033152	----a-w-	c:\windows\system32\win32k.sys
2009-07-07 14:17 . 2009-07-07 14:17	376832	----a-w-	c:\windows\system32\winhttp.dll
2009-07-07 14:15 . 2009-07-07 14:15	296960	----a-w-	c:\windows\system32\gdi32.dll
2009-07-07 14:13 . 2009-07-07 14:13	212480	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2009-07-07 14:11 . 2009-07-07 14:11	562176	----a-w-	c:\windows\system32\msdtcprx.dll
2009-07-07 14:11 . 2009-07-07 14:11	38912	----a-w-	c:\windows\system32\xolehlp.dll
2009-07-07 14:09 . 2009-07-07 14:09	28672	----a-w-	c:\windows\system32\Apphlpdm.dll
2009-07-07 14:09 . 2009-07-07 14:09	4240384	----a-w-	c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-07 14:09 . 2009-07-07 14:09	1695744	----a-w-	c:\windows\system32\gameux.dll
2009-07-07 14:08 . 2009-07-07 17:51	--------	d-----w-	c:\users\McVeen\AppData\Roaming\FreeCall
2009-07-07 14:08 . 2009-07-07 14:08	303616	----a-w-	c:\windows\system32\wmpeffects.dll
2009-07-07 14:07 . 2009-07-07 14:07	--------	d-----w-	c:\program files\FreeCall.com

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 19:05 . 2006-11-02 16:11	667352	----a-w-	c:\windows\system32\perfh013.dat
2009-07-19 19:05 . 2006-11-02 16:11	126854	----a-w-	c:\windows\system32\perfc013.dat
2009-07-18 19:46 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Calendar
2009-07-18 19:46 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Sidebar
2009-07-18 19:46 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-07-18 19:46 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Collaboration
2009-07-18 19:46 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Journal
2009-07-18 19:46 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Photo Gallery
2009-07-18 19:46 . 2006-11-02 12:37	--------	d-----w-	c:\program files\Windows Defender
2009-07-18 19:28 . 2006-11-02 12:37	30808	----a-w-	c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-07-12 12:40 . 2009-07-06 20:21	680	----a-w-	c:\users\McVeen\AppData\Local\d3d9caps.dat
2009-07-12 09:05 . 2009-07-12 09:05	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-07-10 08:49 . 2009-07-07 04:09	126102	----a-w-	c:\programdata\nvModes.dat
2009-07-09 14:30 . 2007-01-17 12:47	40960	----a-w-	c:\windows\SimTestDll.dll
2009-07-08 21:59 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2009-07-08 14:52 . 2009-07-07 14:48	48	--sh--w-	c:\windows\S68628B0A.tmp
2009-07-08 07:08 . 2009-07-08 07:08	0	---ha-w-	c:\windows\system32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2009-07-07 16:55 . 2006-11-02 10:32	101888	----a-w-	c:\windows\system32\ifxcardm.dll
2009-07-07 16:55 . 2006-11-02 10:32	82432	----a-w-	c:\windows\system32\axaltocm.dll
2009-07-07 13:24 . 2009-07-07 13:24	3104768	----a-w-	c:\windows\system32\NlsData004a.dll
2009-07-07 13:13 . 2009-07-07 13:13	551424	----a-w-	c:\windows\system32\rpcss.dll
2009-07-07 12:13 . 2009-07-07 12:13	72704	----a-w-	c:\windows\system32\admparse.dll
2009-07-07 12:13 . 2009-07-07 12:13	827904	----a-w-	c:\windows\system32\wininet.dll
2009-07-07 12:13 . 2009-07-07 12:13	78336	----a-w-	c:\windows\system32\ieencode.dll
2009-07-07 12:13 . 2009-07-07 12:13	48128	----a-w-	c:\windows\system32\mshtmler.dll
2009-07-07 12:13 . 2009-07-07 12:13	26624	----a-w-	c:\windows\system32\ieUnatt.exe
2009-07-07 10:54 . 2009-07-07 10:54	56	---ha-w-	c:\programdata\ezsidmv.dat
2009-07-07 09:57 . 2006-11-02 12:37	--------	d-----w-	c:\program files\MSBuild
2009-07-07 09:03 . 2009-07-07 09:03	0	--sha-r-	c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6700 Notebook PC_Y5335KV_0U_QCNF80814VV_EU_4A_I30D2_SQuanta_V79.28_F.45_T080116_WV3-0_L413_M3070_J250_7Intel_86FD_91.67_#090707_N10EC8136;80864222_(KN119EA#ABH)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-07-07 09:01 . 2009-07-07 09:01	0	---ha-w-	c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-06-30 13:36 . 2009-07-18 07:28	18696	----a-w-	c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 13:10 . 2009-07-18 07:28	18696	----a-w-	c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 13:03 . 2009-07-18 07:28	18696	----a-w-	c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 10:44 . 2009-07-18 07:28	18184	----a-w-	c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-26 16:36 . 2009-07-18 07:28	18184	----a-w-	c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-07 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]
"FreeCall"="c:\program files\FreeCall.com\FreeCall\freecall.exe" [2009-07-07 9109296]
"VoipBuster"="c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe" [2008-01-17 8811824]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"TomTomHOME.exe"="d:\reizen\TomTom HOME 2\TomTomHOMERunner.exe" [2009-06-03 251240]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-18 1008184]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-07 1948440]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-12-19 468264]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-07 122368]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe" [2005-07-15 479232]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-08 148888]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 81920]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-27 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-27 92704]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-14 4874240]

c:\users\McVeen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Manager for Voipbuster.lnk - c:\program files\Manager for Voipbuster\ManagerForVoipbuster.exe [2007-9-29 425984]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "d:\dvd progs etc\DVD Region+CSS Free\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll c:\windows\System32\acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):5a,9a,cf,c8,18,00,ca,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{20543A7C-BFBC-4B9D-B15E-AD8B714EFC9B}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{1F90FE1C-049A-493D-8D02-48CB988B9F36}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{D017FFFF-B3BE-41FC-A2C4-E84E6B2550A9}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{EC72BB5C-9E77-40D2-9023-55904D092264}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{1AF42F57-4DAB-44B4-97E8-AF333CDC20F6}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{1E41B508-E295-46C1-97E0-CF7A5EE8137B}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{76D09B92-CAAA-4103-AC75-DE975FB2808F}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{8D72099B-8221-449E-87B3-F10D8706D35D}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B0D4D41A-A89D-4D8F-9935-23A73BC1A572}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6A9DB65C-227F-48EC-8BB0-89819F5C7F90}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5457B054-ADD6-43F3-B294-ED35C56A0804}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{34C62498-919E-4323-8025-5E81EE39EC1F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A3E77A28-402E-40A2-86A4-A1B88B849135}"= UDP:c:\program files\BankingTools\C@shflow\C@shFlowApp.exe:C@shFlowApp
"{F7110F81-6815-4AE1-8BA5-9BA1A802083E}"= TCP:c:\program files\BankingTools\C@shflow\C@shFlowApp.exe:C@shFlowApp
"TCP Query User{5F65293A-EE54-4A65-881C-24B93428F51C}c:\\program files\\freecall.com\\freecall\\freecall.exe"= UDP:c:\program files\freecall.com\freecall\freecall.exe:Client to make VoIP calls.
"UDP Query User{9DE91097-6CF0-48C2-BFA3-1BB23B4B230C}c:\\program files\\freecall.com\\freecall\\freecall.exe"= TCP:c:\program files\freecall.com\freecall\freecall.exe:Client to make VoIP calls.
"{6535618A-A3BD-4C32-9E5A-8B6E3BC1CCAD}"= UDP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"{5064CCD5-E13B-4C07-88E2-21C7CC2581DB}"= TCP:c:\program files\VoipBuster.com\VoipBuster\VoipBuster.exe:VoipBuster
"TCP Query User{A0858297-BD40-4F9A-AA24-A90A294ACEDD}c:\\program files\\freecall.com\\freecall\\freecall.exe"= UDP:c:\program files\freecall.com\freecall\freecall.exe:Client to make VoIP calls.
"UDP Query User{25EE0F60-BD92-415A-935B-278B5731753C}c:\\program files\\freecall.com\\freecall\\freecall.exe"= TCP:c:\program files\freecall.com\freecall\freecall.exe:Client to make VoIP calls.
"TCP Query User{B9DA3254-A45B-4FE5-8AB1-9577A30DF81C}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= UDP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
"UDP Query User{15BD3029-0CB7-4FF2-9181-C2533574510F}c:\\program files\\voipbuster.com\\voipbuster\\voipbuster.exe"= TCP:c:\program files\voipbuster.com\voipbuster\voipbuster.exe:Client to make VoIP calls.
"{2D7D81C6-1859-457B-B8CA-0B622E93CDF6}"= e:\setup\hpznui01.exe:hpznui01.exe
"{8638FA62-D32A-4C3A-BCE6-0B2F5FFDF077}"= TCP:427|RPort=427|c:\windows\system32\svchost.exe|Svc=HPSLPSVC:SLP_Service
"{B6A193C2-43DC-4DB1-B307-C51111D40703}"= c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{38C2A0B6-D6E0-4D75-9419-52BF2B0FD47E}"= c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{21CE2B48-D14A-41F1-9731-957524AA7300}"= c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{006EA4EB-9BAA-47E0-BDE1-A6E70853F5E2}"= c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{B087686C-D400-46BF-A9D2-EA96CD692D01}"= c:\program files\HP\Digital Imaging\bin\hpoews01.exe:hpoews01.exe
"{BF33E3A6-F11E-41B1-AC91-24D4B69A1D45}"= c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{4E96D474-9A06-4AEF-828E-B6BD2B27B249}"= c:\program files\Common Files\HP\Digital Imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{CD2E97B6-963B-42AB-85E3-ECD501C8B756}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{89ADE9D4-6D90-43E0-9DDE-B6E1C38FA6B9}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{72A8501C-DC09-4376-9313-03FC344D4C8F}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{5189645E-F3CB-42E4-8E76-FE9BB57FF6A7}"= c:\program files\HP\Digital Imaging\bin\hpqgplgtupl.exe:hpqgplgtupl.exe
"{0AF2E3A8-CAD2-42D3-8CCD-3FE247512075}"= c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe:hpqgpc01.exe

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7-7-2009 5:15 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7-7-2009 5:15 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7-7-2009 5:15 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7-7-2009 5:15 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [24-7-2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [8-7-2009 19:44 47640]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [25-6-2009 9:22 185640]
R2 TomTomHOMEService;TomTomHOMEService;d:\reizen\TomTom HOME 2\TomTomHOMEService.exe [3-6-2009 14:46 92008]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [7-7-2009 5:40 193840]
S2 gupdate1c9fef0ff2ef403;Google Updateservice (gupdate1c9fef0ff2ef403);c:\program files\Google\Update\GoogleUpdate.exe [7-7-2009 12:52 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 10:52]

2009-07-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-07 10:52]
.
.
------- Bijkomende Scan -------
.
IE: Converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-19 21:39
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Voltooingstijd: 2009-07-19 21:41
ComboFix-quarantined-files.txt  2009-07-19 19:41

Pre-Run: 87.561.584.640 bytes beschikbaar
Post-Run: 87.667.355.648 bytes beschikbaar

326	--- E O F ---	2009-07-17 09:46