ComboFix 10-03-17.07 - Jaap 18-03-2010  10:12:40.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.3070.2509 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Jaap\Mijn documenten\Computer Programmas\ComboFix Blauw Scherm.exe\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Persoonlijke firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
 * Aanwezig AV is actief


WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Common Files\Real\WeatherBug\MiniBugTransporter.dll
C:\Thumbs.db
c:\windows\system32\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((   Bestanden Gemaakt van 2010-02-18 to 2010-03-18  ))))))))))))))))))))))))))))))
.

2010-03-17 19:34 . 2010-03-17 19:34	388096	----a-r-	c:\documents and settings\Jaap\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-17 19:34 . 2010-03-17 19:34	--------	d-----w-	c:\program files\TrendMicro
2010-03-11 09:29 . 2009-10-23 15:28	3558912	-c----w-	c:\windows\system32\dllcache\moviemk.exe
2010-03-09 08:05 . 2010-02-12 10:03	293376	------w-	c:\windows\system32\browserchoice.exe
2010-03-04 13:45 . 2010-03-04 13:50	--------	d-----w-	c:\documents and settings\Jaap\Application Data\FILEminimizerPictures
2010-03-04 13:45 . 2010-03-04 13:45	--------	d-----w-	c:\program files\FILEminimizer Pictures
2010-03-03 10:30 . 2010-03-03 10:30	--------	d-----w-	c:\program files\PixelApp Studio
2010-03-03 10:30 . 2010-03-03 10:30	--------	d-----w-	c:\documents and settings\Jaap\Application Data\Magic Collage
2010-02-26 12:22 . 2010-03-18 08:27	--------	d-----w-	c:\documents and settings\Jaap\Local Settings\Application Data\Temp
2010-02-23 08:06 . 2007-07-06 19:19	2273280	----a-w-	c:\documents and settings\Jaap\Application Data\Microsoft\FSX\YAMM_client_v-1.2\YAMM_client_v-1.2.exe
2010-02-23 08:06 . 2007-07-02 02:13	278528	----a-w-	c:\documents and settings\Jaap\Application Data\Microsoft\FSX\YAMM_server_v-1.0\YAMM_server_v-1.0.exe
2010-02-23 08:06 . 2006-10-14 13:38	37888	----a-w-	c:\documents and settings\Jaap\Application Data\Microsoft\FSX\YAMM_server_v-1.0\SimConnect.dll
2010-02-21 10:54 . 2010-02-21 10:54	--------	d-----w-	c:\windows\system32\wbem\Repository
2010-02-16 16:01 . 2010-02-16 16:01	--------	d-----w-	C:\tmp
2010-02-16 16:01 . 2010-02-28 17:38	--------	d-----w-	C:\Download
2010-02-16 15:59 . 2010-02-28 17:39	--------	d-----w-	C:\tmpDownload
2010-02-16 15:59 . 2010-02-16 18:31	--------	d-----w-	c:\program files\YouTubeGet
2010-02-16 14:08 . 2010-02-16 14:08	--------	d-----w-	c:\program files\EASEUS

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 07:27 . 2006-04-22 06:27	191328	----a-w-	c:\documents and settings\Jaap\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-16 22:46 . 2007-09-27 18:32	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-03-15 15:58 . 2006-04-22 12:49	--------	d-----w-	c:\program files\Wisdom-soft ScreenHunter
2010-02-24 08:16 . 2009-10-04 09:34	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-21 12:22 . 2005-10-26 23:08	--------	d-----w-	c:\program files\Microsoft Works
2010-02-21 12:22 . 2007-09-27 18:51	--------	d-----w-	c:\program files\MSBuild
2010-02-16 17:54 . 2010-01-20 15:16	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2010-01-29 15:13 . 2009-06-01 19:46	--------	d-----w-	c:\program files\K-Lite Codec Pack
2010-01-29 15:12 . 2010-01-28 15:13	--------	d-----w-	c:\program files\RipTiger
2010-01-29 07:17 . 2005-10-27 00:05	--------	d-----w-	c:\program files\Google
2010-01-28 15:14 . 2010-01-28 15:13	--------	d-----w-	c:\program files\ffdshow
2010-01-28 11:18 . 2010-01-28 11:18	--------	d-----w-	c:\program files\FLVCodec
2010-01-26 16:52 . 2010-01-28 15:13	335872	----a-w-	c:\windows\system32\GSService.exe
2010-01-26 10:25 . 2010-01-26 10:25	--------	d-----w-	c:\program files\AnyBizSoft
2010-01-21 15:02 . 2009-03-16 18:35	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-01-21 10:15 . 2010-01-21 10:15	--------	d-----w-	c:\documents and settings\Jaap\Application Data\Digiarty
2010-01-21 10:14 . 2010-01-21 10:14	--------	d-----w-	c:\program files\Digiarty
2010-01-20 15:26 . 2010-01-20 15:18	--------	d-----w-	c:\program files\1AVCapture
2010-01-20 15:18 . 2005-10-26 21:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-01-20 15:16 . 2010-01-20 15:16	--------	d-----w-	c:\documents and settings\Jaap\Application Data\InstallShield
2010-01-19 11:09 . 2008-11-23 18:18	--------	d-----w-	c:\program files\YourWare Solutions
2010-01-15 11:59 . 2010-01-28 14:43	23096	----a-w-	c:\windows\system32\drivers\SndTAudio.sys
2009-12-31 16:50 . 2005-10-27 06:15	353792	----a-w-	c:\windows\system32\drivers\srv.sys
2009-12-27 13:29 . 2005-10-27 06:15	574480	----a-w-	c:\windows\system32\perfh013.dat
2009-12-27 13:29 . 2005-10-27 06:15	117508	----a-w-	c:\windows\system32\perfc013.dat
2009-12-21 19:10 . 2005-10-27 06:15	916480	----a-w-	c:\windows\system32\wininet.dll
2004-08-09 21:30 . 2006-05-09 15:34	40960	----a-w-	c:\program files\Uninstall_CDS.exe
2009-01-02 11:53 . 2009-01-02 11:52	48	--sh--w-	c:\windows\SCABF2F95.tmp
2005-10-27 00:05 . 2005-10-27 00:05	8	--sh--r-	c:\windows\system32\7767FFB962.sys
2006-05-24 17:54 . 2006-05-23 18:59	56	--sh--r-	c:\windows\system32\E2D96EF33C.sys
2005-11-07 11:28 . 2005-11-07 11:28	56	--sh--r-	c:\windows\system32\EA74F080C2.sys
2006-05-24 17:54 . 2005-10-27 00:05	9916	--sha-w-	c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[-] 2004-08-03 20:59 . !HASH: COULD NOT OPEN FILE !!!!! . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]
"Advanced Uninstaller PRO Installation Monitor"="c:\program files\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe" [2006-09-17 1178624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"nwiz"="nwiz.exe" [2008-10-07 1630208]
"CmUCRRun"="c:\windows\system32\CmUCReye.exe" [2005-10-12 241664]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"WinSys2"="c:\windows\system32\winsys2.exe" [2008-10-21 208896]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-08-01 950664]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"DiskeeperSystray"="c:\program files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2006-06-07 319488]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2005-01-26 270336]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Jaap\Menu Start\Programma's\Opstarten\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ADSL Dial-in.lnk - c:\documents and settings\Jaap\Application Data\Microsoft\Installer\{01C16D3B-7154-4F1B-8149-F5F124A738D3}\ADSLDialIn.exe11_01C16D3B71544F1B8149F5F124A738D3.exe [2006-6-23 4286]
OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-04 01:43	69632	----a-w-	c:\windows\ALCMTR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-02 04:00	203928	----a-w-	c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
2004-06-03 20:07	549376	----a-w-	c:\windows\mHotkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
2009-03-28 21:11	3325952	----a-w-	c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX3800 Series]
2005-02-08 04:00	98304	----a-w-	c:\windows\system32\spool\drivers\w32x86\3\E_FATIACE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44	31072	----a-w-	c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00	208952	----a-w-	c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-06-24 14:06	1840424	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstantOn]
2005-09-22 11:19	93640	------w-	c:\program files\CyberLink\PowerCinema Linux\ion_install.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ledpointer]
2003-07-21 21:28	5577216	----a-w-	c:\windows\CNYHKey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MedionVFD]
2005-10-11 16:11	126976	----a-w-	c:\program files\Medion Info Display\MdionLCM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-06-08 07:31	2221352	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-06-19 07:53	570664	----a-w-	c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-10-07 05:33	86016	----a-w-	c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2005-11-01 20:42	139264	----a-w-	c:\program files\Home Cinema\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-04-27 08:41	282624	----a-w-	c:\program files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-06-28 19:29	32768	----a-w-	c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2005-08-18 14:20	14820864	----a-w-	c:\windows\RTHDCPL.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-27 08:46	68856	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2006-11-02 21:53	204288	------w-	c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Documents and Settings\\Jaap\\Mijn documenten\\Computer Programmas\\SpamFighter\\spamfighter_web.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Documents and Settings\\Jaap\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\PDF bewerken Portable\\PDFEdit.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [22-4-2006 13:06 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [22-4-2006 13:06 5248]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6-5-2009 15:55 717296]
R1 cdrblock;cdrblock;c:\windows\system32\drivers\cdrblock.sys [27-9-2007 17:24 20864]
R1 cdrport;cdrport;c:\windows\system32\drivers\cdrport.sys [27-9-2007 17:24 4608]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [1-8-2009 13:44 15424]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [13-3-2008 15:49 472320]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [18-10-2005 14:01 826112]
R3 CMISTOR;CMIUCR.SYS CM220 Card Reader Driver;c:\windows\system32\drivers\cmiucr.SYS [4-10-2005 17:37 72320]
R3 SWUSBFLT;Microsoft SideWinder VIA Filterstuurprogramma;c:\windows\system32\drivers\SWUSBFLT.SYS [22-4-2006 7:21 3968]
S0 rseb;rseb; [x]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2010 8:17 135664]
S3 GSService;GSService;c:\windows\system32\GSService.exe [28-1-2010 16:13 335872]
S3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [28-1-2010 15:43 23096]
S3 STSService;STSService;"c:\program files\SoundTaxi Media Suite\STSService.exe" --> c:\program files\SoundTaxi Media Suite\STSService.exe [?]
S3 SunkFilt62;Alcor Micro Corp - 6362;c:\windows\system32\drivers\sunkfilt62.sys [23-7-2004 13:55 46536]
.
Inhoud van de 'Gedeelde Taken' map

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 07:17]

2010-03-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 07:17]

2010-03-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2010-03-18 c:\windows\Tasks\User_Feed_Synchronization-{D362B613-1E98-40F2-850C-775273C91658}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF
IE: Doel van koppeling converteren naar Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Doel van koppeling toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Toevoegen aan bestaande PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
LSP: c:\windows\system32\imon.dll
.
.
------- Bestandsassociaties -------
.
.scr=AOEMViewScriptFile
.txt=
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-Fresh RAM.exe - c:\program files\Fresh RAM\Fresh RAM.exe
AddRemove-EASEUS Data Recovery Wizard 5.0.1_is1 - i:\easeus data recovery wizard 5.0.1\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-18 10:23
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8A750A90]<< 
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecf28
\Driver\ACPI -> ACPI.sys @ 0xba63ecb8
\Driver\atapi -> 0x8a750a90
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
 ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba503bd4
 PacketIndicateHandler -> NDIS.sys @ 0xba50fa21
 SendHandler -> NDIS.sys @ 0xba503d44
Warning: possible MBR rootkit infection !
user & kernel MBR OK 

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\%s (%s)\��0x >:xz|8xn9xz|8xCStringList*�/x�0x!A:xo�0xn9xz|8xCMapPtrToPtr\NLD_Settings\BCGCommandManager]
"CommandsWithoutImages"=hex:00,00
"MenuUserImages"=hex:00,00

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\%s (%s)\��0x >:xz|8xn9xz|8xCStringList*�/x�0x!A:xo�0xn9xz|8xCMapPtrToPtr\NLD_Settings\BCGControlBarVersion]
"Major"=dword:00000008
"Minor"=dword:0000003c

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\%s (%s)\��0x >:xz|8xn9xz|8xCStringList*�/x�0x!A:xo�0xn9xz|8xCMapPtrToPtr\NLD_Settings\BCGToolbarParameters]
"Tooltips"=dword:00000001
"ShortcutKeys"=dword:00000001
"LargeIcons"=dword:00000001
"MenuAnimation"=dword:00000000
"RecentlyUsedMenus"=dword:00000001
"MenuShadows"=dword:00000001
"ShowAllMenusAfterDelay"=dword:00000001
"Look2000"=dword:00000001
"CommandsUsage"=hex:0c,00,00,00,00,00

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\ActiveSync]
"Name"="ActiveSync"
"DisplayName"="Microsoft ActiveSync"
"Param1"="ActiveSync"
"Type"="wellknown"
"Order"=dword:00000001
"State"=dword:00000020

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\IESettings]
"Name"="IESettings"
"Type"="IESettings"
"Order"=dword:00000004
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\MediaFiles]
"Name"="MediaFiles"
"Type"="MediaFiles"
"Order"=dword:00000003
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\NPW]
"Name"="NPW"
"Param1"="NPW"
"Type"="wellknown"
"Order"=dword:00000002
"State"=dword:0000000b

[HKEY_USERS\S-1-5-21-1653447028-2525805999-2127694181-1007\Software\Microsoft\Windows Mobile Disc\W*i*n*d*o*w*s* *M*o*b*i*l*e*"!\CriticalAppInstall\Outlook]
"Name"="Outlook"
"DisplayName"="Microsoft Outlook"
"Param1"="Outlook"
"Type"="wellknown"
"Order"=dword:00000000
"State"=dword:00000020

[HKEY_LOCAL_MACHINE\software\Classes\.xaml\bootstrap]
@DACL=(02 0000)
@="bootstrap.xaml.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xbap\bootstrap]
@DACL=(02 0000)
@="bootstrap.xbap.1"

[HKEY_LOCAL_MACHINE\software\Classes\.xps\bootstrap]
@DACL=(02 0000)
@="bootstrap.xps.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\���|����"��|���w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\��}|������}|��9~*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(572)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(4092)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Dispatch\Connectivity.WindowsService.JobDispatch.exe
c:\program files\Autodesk\Data Management Server 2008\Server\Webserver\Connectivity.EDMWS.Server.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe
c:\program files\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Microsoft ActiveSync\Wcescomm.exe
c:\program files\Eset\nod32krn.exe
c:\windows\system32\nvsvc32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe
c:\program files\Het Net\ADSL Tijd Surfen\ADSLDialIn.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\windows\system32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Voltooingstijd: 2010-03-18  10:28:48 - machine werd herstart
ComboFix-quarantined-files.txt  2010-03-18 09:28

Pre-Run: 23.532.171.264 bytes beschikbaar
Post-Run: 24.515.698.688 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

- - End Of File - - D6EBC54A505370951B23528A1186448D