ComboFix 10-07-16.02 - Eigenaar 18-07-2010  23:31:28.3.2 - x86 MINIMAL
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.2047.1739 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
AV: McAfee Antivirus en antispyware *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Documenten\Settings
c:\program files\QuickTime\qttask.exe
c:\windows\system32\dhlop.dll
c:\windows\system32\hhlop.dll

[code] <pre>
c:\program files\QuickTime\qttask .exe --->c:\program files\QuickTime\qttask.exe
</pre> [/code]
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2010-06-18 to 2010-07-18  ))))))))))))))))))))))))))))))
.

2010-07-18 21:19 . 2010-07-18 21:20	--------	d-----w-	c:\windows\LastGood
2010-07-18 19:50 . 2010-07-12 08:55	15880	----a-w-	c:\windows\system32\lsdelete.exe
2010-07-18 15:35 . 2010-07-18 15:35	--------	d-----w-	c:\documents and settings\LocalService\Bureaublad
2010-07-18 15:15 . 2010-07-12 08:55	64288	----a-w-	c:\windows\system32\drivers\Lbd.sys
2010-07-18 15:15 . 2010-07-18 15:15	95024	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2010-07-18 14:58 . 2010-07-18 14:58	--------	d-----w-	c:\documents and settings\Eigenaar\Local Settings\Application Data\Sunbelt Software
2010-07-18 14:55 . 2010-07-18 14:55	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-18 14:55 . 2010-07-12 08:56	2979280	-c--a-w-	c:\documents and settings\All Users\Application Data\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}\Ad-AwareInstall.exe
2010-07-18 14:55 . 2010-07-18 15:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2010-07-18 14:55 . 2010-07-18 14:55	--------	d-----w-	c:\program files\Lavasoft
2010-07-17 16:54 . 2010-07-17 17:15	--------	d-----w-	c:\program files\Common Files\BioWare
2010-07-17 16:54 . 2010-07-17 17:04	--------	d-----w-	c:\program files\Mass Effect 2
2010-07-16 17:43 . 2010-07-16 17:43	--------	d-----w-	c:\program files\Trend Micro
2010-07-16 14:51 . 2010-07-16 15:13	--------	d-----w-	c:\windows\BDOSCAN8
2010-07-15 19:34 . 2010-07-15 19:34	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\Malwarebytes
2010-07-15 19:34 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-15 19:34 . 2010-07-15 19:34	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-07-15 19:34 . 2010-07-15 19:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-15 19:34 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-07-15 19:34 . 2010-07-15 19:34	--------	d-sh--w-	c:\documents and settings\NetworkService\IETldCache
2010-07-15 19:23 . 2010-07-18 21:45	565280	----a-w-	c:\windows\system32\drivers\ukkzlmg.sys
2010-07-15 19:19 . 2010-07-15 19:19	768000	----a-w-	c:\windows\system32\drivers\fmzlc.sys
2010-07-15 19:19 . 2010-07-15 19:19	--------	d-----w-	c:\documents and settings\Eigenaar\Local Settings\Application Data\hvywpfsjp
2010-07-14 09:30 . 2010-06-14 14:31	744448	-c----w-	c:\windows\system32\dllcache\helpsvc.exe
2010-07-14 00:43 . 2010-07-14 00:43	40581	----a-w-	c:\windows\system32\uhlop.exe
2010-07-13 20:32 . 2010-07-13 20:32	--------	d-----w-	c:\documents and settings\Eigenaar\Local Settings\Application Data\Temp
2010-07-08 12:17 . 2010-07-08 12:17	--------	d-----w-	c:\documents and settings\Eigenaar\Local Settings\Application Data\GHOSTBUSTERS (tm)
2010-06-26 20:35 . 2010-07-13 16:03	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\Tropico 3
2010-06-23 08:48 . 2010-06-23 08:48	501936	----a-w-	c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb307.tmp.exe
2010-06-20 08:24 . 2010-06-02 02:55	74072	----a-w-	c:\windows\system32\XAPOFX1_5.dll
2010-06-20 08:24 . 2010-06-02 02:55	527192	----a-w-	c:\windows\system32\XAudio2_7.dll
2010-06-20 08:24 . 2010-06-02 02:55	239960	----a-w-	c:\windows\system32\xactengine3_7.dll
2010-06-20 08:24 . 2010-05-26 09:41	2106216	----a-w-	c:\windows\system32\D3DCompiler_43.dll
2010-06-20 08:24 . 2010-05-26 09:41	1868128	----a-w-	c:\windows\system32\d3dcsx_43.dll
2010-06-20 08:24 . 2010-05-26 09:41	470880	----a-w-	c:\windows\system32\d3dx10_43.dll
2010-06-20 08:24 . 2010-05-26 09:41	248672	----a-w-	c:\windows\system32\d3dx11_43.dll
2010-06-20 08:24 . 2010-05-26 09:41	1998168	----a-w-	c:\windows\system32\D3DX9_43.dll
2010-06-20 08:24 . 2010-02-04 08:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2010-06-20 08:24 . 2010-02-04 08:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2010-06-20 08:24 . 2010-02-04 08:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2010-06-20 08:24 . 2010-02-04 08:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-18 21:45 . 2009-06-03 17:25	--------	d-----w-	c:\program files\QuickTime
2010-07-18 21:21 . 2008-10-28 02:35	768000	----a-w-	c:\windows\system32\drivers\aec.sys
2010-07-18 21:17 . 2009-02-12 19:49	--------	d-----w-	c:\program files\Steam
2010-07-18 16:45 . 2010-07-17 10:48	112	----a-w-	c:\documents and settings\All Users\Application Data\onMWk5.dat
2010-07-17 17:17 . 2008-11-05 20:23	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2010-07-17 17:15 . 2009-12-30 15:32	--------	d-----w-	c:\program files\AGEIA Technologies
2010-07-17 14:38 . 2009-07-28 19:27	--------	d-----w-	c:\program files\LucasArts
2010-07-17 14:38 . 2008-10-28 02:32	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-17 10:44 . 2009-06-03 17:28	--------	d-----w-	c:\program files\iTunes
2010-07-16 17:22 . 2008-10-31 21:12	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\DNA
2010-07-16 09:42 . 2008-10-31 21:13	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\BitTorrent
2010-07-04 16:17 . 2010-02-12 14:03	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\Mount&Blade Warband
2010-06-25 19:32 . 2010-04-13 17:36	--------	d-----w-	c:\program files\Mount&Blade Warband
2010-06-25 13:46 . 2008-11-06 19:56	--------	d-----w-	c:\program files\World of Warcraft
2010-06-25 13:42 . 2009-07-07 19:55	--------	d-----w-	c:\program files\Mount&Blade
2010-06-25 13:39 . 2009-12-30 15:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\BioWare
2010-06-23 20:57 . 2006-03-02 11:00	90876	----a-w-	c:\windows\system32\perfc013.dat
2010-06-23 20:57 . 2006-03-02 11:00	508884	----a-w-	c:\windows\system32\perfh013.dat
2010-06-19 14:41 . 2010-06-18 14:53	--------	d-----w-	c:\program files\PCSX2 0.9.7
2010-06-14 14:31 . 2008-10-28 02:11	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-11 14:58 . 2009-10-12 14:04	--------	d-----w-	c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-09 17:19 . 2010-06-09 17:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\TrackMania
2010-06-06 19:05 . 2009-12-14 21:09	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-05-29 16:40 . 2008-10-31 18:37	218808	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-05-29 16:35 . 2008-10-31 18:38	137256	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-05-29 14:44 . 2010-01-30 18:28	87	----a-w-	c:\documents and settings\Eigenaar\jagex_runescape_preferences2.dat
2010-05-29 14:42 . 2009-04-24 14:44	42	----a-w-	c:\documents and settings\Eigenaar\jagex_runescape_preferences.dat
2010-05-29 14:42 . 2010-05-29 14:42	0	----a-w-	c:\documents and settings\Eigenaar\jagex__preferences3.dat
2010-05-27 17:37 . 2010-05-06 15:26	4830720	----a-w-	c:\windows\system32\drivers\ati2mtag.sys
2010-05-27 17:12 . 2009-11-19 16:36	45056	----a-w-	c:\windows\system32\aticalrt.dll
2010-05-27 17:12 . 2009-11-19 16:36	45056	----a-w-	c:\windows\system32\aticalcl.dll
2010-05-27 17:10 . 2009-11-19 16:36	4071424	----a-w-	c:\windows\system32\aticaldd.dll
2010-05-27 17:05 . 2010-05-06 15:26	15208448	----a-w-	c:\windows\system32\atioglxx.dll
2010-05-27 17:02 . 2010-05-06 15:26	311296	----a-w-	c:\windows\system32\atiiiexx.dll
2010-05-27 16:59 . 2010-05-06 15:26	446464	----a-w-	c:\windows\system32\ATIDEMGX.dll
2010-05-27 16:58 . 2010-05-06 15:26	299520	----a-w-	c:\windows\system32\ati2dvag.dll
2010-05-27 16:54 . 2010-05-06 15:26	3699936	----a-w-	c:\windows\system32\ati3duag.dll
2010-05-27 16:46 . 2010-05-06 15:26	208896	----a-w-	c:\windows\system32\atipdlxx.dll
2010-05-27 16:46 . 2009-11-19 16:36	155648	----a-w-	c:\windows\system32\Oemdspif.dll
2010-05-27 16:45 . 2010-05-06 15:26	26112	----a-w-	c:\windows\system32\Ati2mdxx.exe
2010-05-27 16:45 . 2010-05-06 15:26	43520	----a-w-	c:\windows\system32\ati2edxx.dll
2010-05-27 16:45 . 2009-11-19 16:36	159744	----a-w-	c:\windows\system32\ati2evxx.dll
2010-05-27 16:44 . 2010-05-06 15:26	602112	----a-w-	c:\windows\system32\ati2evxx.exe
2010-05-27 16:43 . 2010-05-06 15:26	53248	----a-w-	c:\windows\system32\ATIDDC.DLL
2010-05-27 16:42 . 2010-04-02 21:38	143360	----a-w-	c:\windows\system32\atiapfxx.exe
2010-05-27 16:41 . 2010-05-06 15:26	2256512	----a-w-	c:\windows\system32\ativvaxx.dll
2010-05-27 16:41 . 2010-05-06 15:26	887724	----a-w-	c:\windows\system32\ativva6x.dat
2010-05-27 16:41 . 2010-05-06 15:26	3	----a-w-	c:\windows\system32\ativva5x.dat
2010-05-27 16:39 . 2010-05-06 15:26	573440	----a-w-	c:\windows\system32\atikvmag.dll
2010-05-27 16:38 . 2009-11-19 16:36	184320	----a-w-	c:\windows\system32\atiadlxx.dll
2010-05-27 16:37 . 2010-05-06 15:26	17408	----a-w-	c:\windows\system32\atitvo32.dll
2010-05-27 16:35 . 2010-05-06 15:26	393216	----a-w-	c:\windows\system32\atiok3x2.dll
2010-05-27 16:33 . 2010-05-06 15:26	692224	----a-w-	c:\windows\system32\ati2cqag.dll
2010-05-27 16:29 . 2009-11-19 16:36	65536	----a-w-	c:\windows\system32\atimpc32.dll
2010-05-27 16:29 . 2009-11-19 16:36	65536	----a-w-	c:\windows\system32\amdpcom32.dll
2010-05-27 16:28 . 2010-05-06 15:26	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2010-05-24 17:56 . 2010-05-24 17:56	503808	----a-w-	c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-461d4c73-n\msvcp71.dll
2010-05-24 17:56 . 2010-05-24 17:56	499712	----a-w-	c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-461d4c73-n\jmc.dll
2010-05-24 17:56 . 2010-05-24 17:56	348160	----a-w-	c:\documents and settings\Eigenaar\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-461d4c73-n\msvcr71.dll
2010-05-06 10:37 . 2007-08-17 06:41	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-02 08:10 . 2007-04-12 15:21	1851392	----a-w-	c:\windows\system32\win32k.sys
2010-04-27 15:16 . 2010-05-10 19:19	9344	----a-w-	c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 15:16 . 2010-05-10 19:19	88480	----a-w-	c:\windows\system32\drivers\mfendisk.sys
2010-04-27 15:16 . 2010-05-10 19:19	83496	----a-w-	c:\windows\system32\drivers\mferkdet.sys
2010-04-27 15:16 . 2010-05-10 19:19	82952	----a-w-	c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 15:16 . 2010-05-10 19:19	95568	----a-w-	c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 15:16 . 2010-05-10 19:19	55456	----a-w-	c:\windows\system32\drivers\cfwids.sys
2010-04-27 15:16 . 2010-05-10 19:19	312616	----a-w-	c:\windows\system32\drivers\mfefirek.sys
2010-04-27 15:16 . 2008-10-31 08:49	51688	----a-w-	c:\windows\system32\drivers\mfebopk.sys
2010-04-27 15:16 . 2008-10-31 08:49	152320	----a-w-	c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 15:16 . 2008-06-27 05:08	385880	----a-w-	c:\windows\system32\drivers\mfehidk.sys
2010-04-20 05:35 . 2006-03-02 11:00	285696	----a-w-	c:\windows\system32\atmfd.dll
2010-04-27 15:16 . 2010-05-10 19:19	24376	----a-w-	c:\program files\mozilla firefox\components\Scriptff.dll
.
[code]<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\HP\HP Software Update\HPWuSchd2 .exe
c:\program files\iTunes\iTunesHelper .exe
c:\program files\Java\jre6\bin\jusched .exe
c:\program files\Samsung\Samsung PC Studio 7\PcSync2 .exe
</pre>[/code]

------- Sigcheck -------

[-] 2010-07-18 21:21 . B7E2234D097B9FDC827EAA8A8B559090 . 768000 . . [------] . . c:\windows\system32\drivers\aec.sys
[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys
[-] 2006-04-26 15:51 . 1EE7B434BA961EF845DE136224C30FEC . 142464 . . [5.1.2601.2180] . . c:\windows\$NtServicePackUninstall$\aec.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [N/A]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Steam"="c:\program files\steam\steam.exe" [2010-05-12 1238352]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [N/A]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2009-04-16 102400]
"Octoshape Streaming Services"="c:\documents and settings\Eigenaar\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"S60 PC Suite Tray"="c:\program files\Samsung\Samsung PC Studio 7\PCSuite.exe" [2008-12-05 699392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask .exe -atboottime" [X]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16126464]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [N/A]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [N/A]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [N/A]
"NPSStartup"="" [N/A]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Samsung.PCSync"="c:\program files\Samsung\Samsung PC Studio 7\PcSync2.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2009-1-29 1114112]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Marvell\\61xx\\Apache2\\bin\\Apache.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Nexon\\NEXON_EU_Downloader\\NEXON_EU_Downloader_Engine.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=
"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\grand theft auto iv episodes from liberty city\\EFLC\\LaunchEFLC.exe"=
"c:\\Program Files\\Steam\\steamapps\\zerosliver\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\max payne 2 the fall of max payne\\maxpayne2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\tropico 3\\Tropico3.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\men of war\\mow_editor.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\napoleon total war\\Napoleon.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\mountblade warband\\mb_warband.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57836:TCP"= 57836:TCP:Pando Media Booster
"57836:UDP"= 57836:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-7-2010 17:15 64288]
R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [15-6-2007 9:52 143256]
S0 rgtun;rgtun;c:\windows\system32\drivers\dlsmq.sys --> c:\windows\system32\drivers\dlsmq.sys [?]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [10-5-2010 21:19 82952]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [30-6-2009 20:12 233472]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29-1-2010 17:08 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12-7-2010 10:55 1352832]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [31-10-2008 10:52 203280]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [10-5-2010 21:19 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [10-5-2010 21:19 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [10-5-2010 21:19 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [10-5-2010 21:19 141792]
S2 MRUWebService;MRU Web Service;c:\program files\Marvell\61xx\Apache2\bin\Apache.exe [23-5-2007 2:17 20539]
S2 smvetzac;Print Class  for IEEE-1284.4 HPZipr12Controller;c:\windows\System32\svchost.exe -k netsvcs [2-3-2006 13:00 14336]
S3 aaudstum;aaudstum;\??\c:\docume~1\Eigenaar\LOCALS~1\Temp\aaudstum.sys --> c:\docume~1\Eigenaar\LOCALS~1\Temp\aaudstum.sys [?]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [28-10-2008 4:48 36864]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [10-5-2010 21:19 55456]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [30-6-2009 20:12 36608]
S3 Marvell RAID;Marvell RAID Event Agent;c:\program files\Marvell\61xx\svc\mvraidsvc.exe [12-6-2007 20:54 61440]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [10-5-2010 21:19 312616]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [10-5-2010 21:19 88480]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [10-5-2010 21:19 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [10-5-2010 21:19 83496]
S3 nmwcdsa;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsa.sys [30-6-2009 18:36 135680]
S3 nmwcdsac;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsac.sys [30-6-2009 18:36 8320]
S3 nmwcdsacj;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacj.sys [30-6-2009 18:36 12288]
S3 nmwcdsacm;Samsung USB Modem;c:\windows\system32\drivers\nmwcdsacm.sys [30-6-2009 18:36 12288]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [13-4-2010 19:25 691696]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - ukkzlmg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
smvetzac
.
Inhoud van de 'Gedeelde Taken' map

2010-07-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 08:55]

2010-07-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:08]

2010-07-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 15:08]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\89myk4um.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - GoogleCOM
FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----


FF - user.js: browser.search.selectedEngine - GoogleCOM
FF - user.js: keyword.URL - hxxp://www.google-searchbar.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - user.js: keyword.URL - hxxp://www.wcsearch.com/search/?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
.
- - - - ORPHANS VERWIJDERD - - - -

AddRemove-EB Documentation_is1 - c:\documents and settings\Eigenaar\Mijn documenten\Rome - Total War\EB Documentation\unins000.exe
AddRemove-EB Trivial Script_is1 - c:\documents and settings\Eigenaar\Mijn documenten\Rome - Total War\EBTrivialScript\unins000.exe
AddRemove-Forgotten Hope - c:\program files\EA GAMES\Battlefield 2\Mods\FH2\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-18 23:45
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ukkzlmg]

.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-796845957-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3a,e1,22,f3,c5,ca,9c,6e,8c,9b,78,ef,df,9c,a5,ed,6f,19,20,e4,55,e7,89,
   27,aa,5c,d1,1f,61,d5,60,f9,37,91,e9,ca,37,74,d4,58,7e,33,33,63,84,9b,6b,14,\
"??"=hex:5c,f1,83,89,34,2e,c3,29,75,49,0f,ac,fc,c3,b8,aa

[HKEY_USERS\S-1-5-21-2000478354-796845957-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:08,03,4d,b4,54,f0,f1,1a,e8,ee,cd,d6,ec,ce,4a,83,e2,87,44,2e,c8,
   5a,b9,e1,d9,54,55,db,38,a3,a1,34,59,3e,bf,9f,3a,d8,9e,b1,6d,56,df,14,e3,c0,\
"rkeysecu"=hex:82,77,b1,e5,10,e8,48,9b,b9,cf,32,48,b6,0c,19,f9

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(252)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Voltooingstijd: 2010-07-18  23:49:59
ComboFix-quarantined-files.txt  2010-07-18 21:49

Pre-Run: 74.388.447.232 bytes beschikbaar
Post-Run: 74.622.672.896 bytes beschikbaar

- - End Of File - - 1F845E45DD6B1A5DA1F41CA054A96F4A