ComboFix 10-04-30.03 - Arthur 01-05-2010  12:10:38.2.1 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.1023.304 [GMT 2:00]
Gestart vanuit: c:\users\Arthur\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\windows\eSellerateEngine.dll

.
((((((((((((((((((((   Bestanden Gemaakt van 2010-04-01 to 2010-05-01  ))))))))))))))))))))))))))))))
.

2010-05-01 10:27 . 2010-05-01 10:28	--------	d-----w-	c:\users\Arthur\AppData\Local\temp
2010-05-01 10:27 . 2010-05-01 10:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-04-27 16:01 . 2010-04-27 16:01	--------	d-----w-	c:\users\Arthur\AppData\Roaming\AVG9
2010-04-27 15:30 . 2010-04-27 15:30	--------	d-----w-	C:\omniformat
2010-04-26 15:17 . 2010-04-26 15:18	--------	d-----w-	c:\users\Arthur\AppData\Roaming\Nero
2010-04-26 15:03 . 2010-04-26 15:03	--------	d-----w-	c:\users\Arthur\AppData\Local\AskToolbar
2010-04-26 13:09 . 2010-04-26 13:09	--------	d-----w-	c:\programdata\ATI
2010-04-26 01:13 . 2010-02-10 19:20	593920	------w-	c:\windows\system32\ati2sgag.exe
2010-04-26 00:01 . 2010-04-26 00:01	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2010-04-25 23:56 . 2010-04-25 23:56	--------	d-----w-	c:\program files\USB TV
2010-04-25 22:02 . 2010-04-25 22:02	--------	d-----w-	c:\users\Arthur\AppData\Roaming\Malwarebytes
2010-04-25 22:02 . 2010-03-29 22:46	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 22:02 . 2010-04-25 22:02	--------	d-----w-	c:\programdata\Malwarebytes
2010-04-25 22:02 . 2010-04-25 22:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-04-25 22:02 . 2010-03-29 22:45	20824	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-04-25 21:01 . 2010-04-25 21:01	--------	d-----w-	c:\program files\MSXML 4.0
2010-04-25 15:31 . 2010-04-25 15:31	--------	d-----w-	c:\users\Arthur\AppData\Local\AVG Security Toolbar
2010-04-25 15:04 . 2010-04-25 15:04	12464	----a-w-	c:\windows\system32\avgrsstx.dll
2010-04-25 15:04 . 2010-04-25 15:04	216200	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-04-25 15:04 . 2010-04-25 15:04	29512	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-04-25 15:04 . 2010-05-01 09:51	--------	d-----w-	c:\windows\system32\drivers\Avg
2010-04-25 15:04 . 2010-04-25 15:09	--------	d-----w-	c:\programdata\AVG Security Toolbar
2010-04-25 15:01 . 2010-04-25 15:01	25096	----a-w-	c:\windows\system32\drivers\AVGIDSvx.sys
2010-04-25 15:01 . 2010-04-25 15:01	52872	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-04-25 15:01 . 2010-04-25 15:01	242896	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-04-25 14:57 . 2010-04-25 14:57	24856	----a-w-	c:\windows\system32\drivers\avgfwd6x.sys
2010-04-25 14:55 . 2010-04-25 14:55	--------	d-----w-	c:\program files\AVG
2010-04-25 14:54 . 2010-04-25 14:55	--------	d-----w-	c:\programdata\avg9
2010-04-25 14:16 . 2010-04-25 14:17	--------	d-----w-	c:\program files\Nero
2010-04-25 14:16 . 2010-04-25 14:16	--------	d-----w-	c:\programdata\Nero
2010-04-25 14:16 . 2010-04-25 14:18	--------	d-----w-	c:\program files\Common Files\Nero
2010-04-20 13:21 . 2010-04-20 13:40	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-04-14 12:36 . 2010-02-23 11:10	212992	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 12:36 . 2010-02-23 11:10	79360	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 12:36 . 2010-02-23 11:10	106496	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 12:36 . 2010-02-18 14:07	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-04-14 12:36 . 2010-02-18 14:07	3600776	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-04-14 12:36 . 2010-03-05 14:01	420352	----a-w-	c:\windows\system32\vbscript.dll
2010-04-14 12:36 . 2010-02-18 14:07	904576	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-04-14 12:36 . 2010-02-18 11:28	25088	----a-w-	c:\windows\system32\drivers\tunnel.sys
2010-04-14 12:36 . 2010-02-18 13:30	200704	----a-w-	c:\windows\system32\iphlpsvc.dll
2010-04-14 12:32 . 2010-01-13 17:34	98304	----a-w-	c:\windows\system32\cabview.dll
2010-04-14 12:32 . 2009-12-23 11:33	172032	----a-w-	c:\windows\system32\wintrust.dll
2010-04-04 18:53 . 2010-04-04 18:53	--------	d-----w-	c:\program files\Common Files\Merge Modules

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-30 15:30 . 2008-04-07 19:26	--------	d-----w-	c:\users\Arthur\AppData\Roaming\MailWasherPro
2010-04-27 20:49 . 2008-04-15 21:27	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-04-27 12:50 . 2008-05-05 13:14	--------	d-----w-	c:\program files\Paint.NET
2010-04-26 15:37 . 2006-11-02 16:11	732426	----a-w-	c:\windows\system32\perfh013.dat
2010-04-26 15:37 . 2006-11-02 16:11	151050	----a-w-	c:\windows\system32\perfc013.dat
2010-04-26 14:08 . 2008-04-05 20:30	7836	----a-w-	c:\users\Arthur\AppData\Local\d3d9caps.dat
2010-04-26 01:27 . 2008-04-05 21:34	--------	d-----w-	c:\program files\ATI Technologies
2010-04-26 01:21 . 2008-04-10 19:04	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-26 00:59 . 2008-04-05 21:34	--------	d-----w-	c:\program files\ATI
2010-04-26 00:01 . 2010-04-26 00:01	9158	----a-r-	c:\users\Arthur\AppData\Roaming\Microsoft\Installer\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}\ARPPRODUCTICON.exe
2010-04-25 14:25 . 2008-04-15 22:00	--------	d-----w-	c:\program files\ESET
2010-04-24 19:54 . 2010-01-22 10:02	--------	d-----w-	c:\program files\Eusing Free Registry Defrag
2010-04-24 19:54 . 2008-05-20 14:50	--------	d-----w-	c:\program files\Eusing Free Registry Cleaner
2010-04-20 13:36 . 2008-04-09 14:57	--------	d-----w-	c:\program files\Java
2010-04-20 13:36 . 2008-04-09 14:57	--------	d-----w-	c:\program files\Common Files\Java
2010-04-16 07:47 . 2008-06-02 16:30	181096	----a-w-	c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\0ldsvv7f.default\FlashGot.exe
2010-04-14 20:11 . 2008-04-16 18:52	249856	------w-	c:\windows\Setup1.exe
2010-04-14 20:11 . 2008-04-16 18:52	73216	----a-w-	c:\windows\ST6UNST.EXE
2010-04-14 20:00 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-04-04 18:56 . 2008-04-10 17:44	--------	d-----w-	c:\programdata\Microsoft Help
2010-04-04 18:56 . 2010-04-04 18:56	112640	----a-w-	c:\programdata\Microsoft\VCExpress\9.0\1033\ResourceCache.dll
2010-04-04 18:56 . 2009-09-07 08:37	416	----a-w-	c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-04-04 18:53 . 2009-09-07 08:32	--------	d-----w-	c:\program files\Microsoft Visual Studio 9.0
2010-04-04 18:46 . 2009-09-07 08:38	193824	----a-w-	c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-03-24 18:17 . 2010-03-24 08:04	952768	----a-w-	c:\programdata\Adobe\Reader\8.2\ARM\26860\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04	70584	----a-w-	c:\programdata\Adobe\Reader\8.2\ARM\26860\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04	326056	----a-w-	c:\programdata\Adobe\Reader\8.2\ARM\26860\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04	326056	----a-w-	c:\programdata\Adobe\Reader\8.2\ARM\26860\AcrobatUpdater.exe
2010-03-19 14:04 . 2008-04-07 19:21	--------	d-----w-	c:\program files\Mozilla Thunderbird
2010-03-04 11:50 . 2010-03-04 11:50	261152	----a-w-	c:\windows\system32\drivers\Rtlh86.sys
2010-02-25 15:02 . 2008-04-05 20:32	83640	----a-w-	c:\users\Arthur\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 08:16 . 2009-10-03 02:51	181632	------w-	c:\windows\system32\MpSigStub.exe
2010-02-23 06:39 . 2010-03-31 16:07	916480	----a-w-	c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-03-31 16:07	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-02-23 06:33 . 2010-03-31 16:07	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-02-23 04:55 . 2010-03-31 16:07	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-02-20 23:06 . 2010-03-10 12:52	24064	----a-w-	c:\windows\system32\nshhttp.dll
2010-02-20 23:05 . 2010-03-10 12:52	30720	----a-w-	c:\windows\system32\httpapi.dll
2010-02-20 20:53 . 2010-03-10 12:52	411648	----a-w-	c:\windows\system32\drivers\http.sys
2010-02-12 10:32 . 2010-03-31 15:52	293376	----a-w-	c:\windows\system32\browserchoice.exe
2010-02-11 07:38 . 2010-02-11 07:38	3565056	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2010-02-11 05:29 . 2010-02-11 05:29	12288	----a-w-	c:\windows\system32\atimuixx.dll
2010-02-11 05:17 . 2010-02-11 05:17	11845632	----a-w-	c:\windows\system32\atioglxx.dll
2010-02-11 05:07 . 2010-02-11 05:07	307200	----a-w-	c:\windows\system32\atiiiexx.dll
2010-02-11 04:46 . 2010-02-11 05:32	442368	----a-w-	c:\windows\system32\ATIDEMGX.dll
2010-02-11 04:45 . 2010-02-11 04:45	325120	----a-w-	c:\windows\system32\ati2dvag.dll
2010-02-11 04:37 . 2010-02-11 04:37	290816	----a-w-	c:\windows\system32\atiok3x2.dll
2010-02-11 04:36 . 2010-02-11 04:36	204800	----a-w-	c:\windows\system32\atipdlxx.dll
2010-02-11 04:35 . 2010-02-11 04:35	155648	----a-w-	c:\windows\system32\Oemdspif.dll
2010-02-11 04:35 . 2010-02-11 04:35	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe
2010-02-11 04:35 . 2010-02-11 04:35	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2010-02-11 04:35 . 2010-02-11 04:35	155648	----a-w-	c:\windows\system32\ati2evxx.dll
2010-02-11 04:33 . 2010-02-11 05:28	602112	----a-w-	c:\windows\system32\ati2evxx.exe
2010-02-11 04:32 . 2010-02-11 04:32	53248	----a-w-	c:\windows\system32\ATIDDC.DLL
2010-02-11 04:25 . 2010-02-11 04:25	3818144	----a-w-	c:\windows\system32\ati3duag.dll
2010-02-11 04:23 . 2010-02-11 04:23	45056	----a-w-	c:\windows\system32\aticalrt.dll
2010-02-11 04:22 . 2010-02-11 04:22	45056	----a-w-	c:\windows\system32\aticalcl.dll
2010-02-11 04:21 . 2010-02-11 04:21	3227648	----a-w-	c:\windows\system32\aticaldd.dll
2010-02-11 04:19 . 2010-02-11 04:19	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2010-02-11 04:12 . 2010-02-11 04:12	887724	----a-w-	c:\windows\system32\ativva6x.dat
2010-02-11 04:12 . 2010-02-11 04:12	3107788	----a-w-	c:\windows\system32\ativva5x.dat
2010-02-11 03:59 . 2010-02-11 03:59	49664	----a-w-	c:\windows\system32\amdpcom32.dll
2010-02-11 03:55 . 2010-02-11 03:55	475136	----a-w-	c:\windows\system32\atikvmag.dll
2010-02-11 03:54 . 2010-02-11 04:48	126976	----a-w-	c:\windows\system32\atiadlxx.dll
2010-02-11 03:53 . 2010-02-11 03:53	17408	----a-w-	c:\windows\system32\atitvo32.dll
2010-02-11 03:47 . 2010-02-11 03:47	626688	----a-w-	c:\windows\system32\ati2cqag.dll
2010-02-04 08:01 . 2010-04-04 19:32	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2010-02-04 08:01 . 2010-04-04 19:32	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2010-02-04 08:01 . 2010-04-04 19:32	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2010-02-04 08:01 . 2010-04-04 19:32	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2010-02-03 10:24 . 2009-11-12 06:24	94208	----a-w-	c:\windows\system32\RTNUninst32.dll
2004-09-04 16:04 . 2008-04-20 20:08	152848	----a-w-	c:\program files\Common Files\Comdlg32.ocx
2009-03-19 18:22 . 2009-03-19 18:22	122880	----a-w-	c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-03 09:06 . 2008-05-07 16:19	163328	--sh--r-	c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-05-07 16:19	31232	--sh--r-	c:\windows\System32\msfDX.dll
2007-12-17 12:43 . 2008-05-07 16:19	27648	--sh--w-	c:\windows\System32\Smab0.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-02-23 12:04	1664256	----a-w-	c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-19 30192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"ATIModeChange"="Ati2mdxx.exe" [2010-02-11 26112]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^BDARemote.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\BDARemote.lnk
backup=c:\windows\pss\BDARemote.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57	948672	----a-r-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58	40368	----a-w-	c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-28 21:37	413696	----a-w-	c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-04-14 05:43	604704	----a-w-	c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-08-26 15:14	198160	----a-w-	c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(b):50,47,9f,40,0f,08,ca,01

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-04-24 685816]
R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-02-23 369920]
R3 DCamUSBSTK014;STK014 Camera;c:\windows\system32\DRIVERS\STK014W2.sys [2003-07-15 99476]
R3 PhTVTune;MEDION TV-TUNER 7134 MK2/3;c:\windows\system32\DRIVERS\PhTVTune.sys [2003-06-12 24704]
R4 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-03-19 30192]
R4 gupdate1ca265faf082b40;Google Updateservice (gupdate1ca265faf082b40);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 133104]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-04-25 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-04-25 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-04-25 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-04-25 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-04-25 242896]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-04-25 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-04-25 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
S2 PortTalk;PortTalk; [x]
S2 ppsio;PrmxPPDev; [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 810320]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-04-25 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-04-25 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-04-25 27144]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\JMRI]
2009-12-17 11:46	171	----a-w-	d:\jmri\CreatePrefs.bat
.
Inhoud van de 'Gedeelde Taken' map

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 15:12]

2010-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-26 15:12]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.zootycoon.nl/
uInternet Settings,ProxyServer = proxy:8080
IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Save Flash with Flash Catcher - c:\program files\Common Files\Justdo\IECatcher.DLL/FlashCatcher.htm
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\0ldsvv7f.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\0ldsvv7f.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\Arthur\AppData\Roaming\Mozilla\Firefox\Profiles\0ldsvv7f.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http - 
FF - user.js: network.proxy.http_port - 0
FF - user.js: network.proxy.ssl - 
FF - user.js: network.proxy.ssl_port - 0
FF - user.js: network.proxy.ftp - 
FF - user.js: network.proxy.ftp_port - 0
FF - user.js: network.proxy.gopher - 
FF - user.js: network.proxy.gopher_port - 0
FF - user.js: network.proxy.socks_version - 5
FF - user.js: network.proxy.socks - 
FF - user.js: network.proxy.socks_port - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- Bestandsassociaties -------
.
.txt=PHPEditFile.PlainText
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-01 12:27
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1309563858-520064494-433332559-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D90C5981-7196-CB74-7642-F28CA13C87FC}*]
"dajgcoch"=hex:64,62,6b,61,63,69,65,65,62,6b,6b,6f,6d,62,67,66,6a,6d,6f,6e,6a,
   61,69,64,6d,6f,68,69,6b,6e,66,63,6f,69,62,68,66,6f,6a,67,00,00
"iagcakobdmpcdmailo"=hex:69,61,6c,6c,63,6c,6d,67,66,62,63,6e,6c,68,69,68,70,65,
   00,00
"haabcmnkpgdnmpkj"=hex:69,61,6c,6c,63,6c,6d,67,66,62,63,6e,6c,68,69,68,70,65,
   00,00

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
Voltooingstijd: 2010-05-01  12:38:30
ComboFix-quarantined-files.txt  2010-05-01 10:38

Pre-Run: 33.383.088.128 bytes beschikbaar
Post-Run: 33.103.200.256 bytes beschikbaar

- - End Of File - - 8AD75008AB86D7D7D37EFB6EC8F8A5F5