ComboFix 10-08-15.01 - Ronald 15-08-2010  22:36:19.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.31.1043.18.3066.1927 [GMT 2:00]
Gestart vanuit: c:\users\Ronald\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((   Bestanden Gemaakt van 2010-07-15 to 2010-08-15  ))))))))))))))))))))))))))))))
.

2010-08-15 19:10 . 2010-08-15 19:10	388096	----a-r-	c:\users\Ronald\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-15 19:10 . 2010-08-15 19:10	--------	d-----w-	c:\program files\Trend Micro
2010-08-15 17:01 . 2010-08-15 17:01	--------	d-----w-	c:\users\Ronald\AppData\Roaming\Malwarebytes
2010-08-15 17:01 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 17:01 . 2010-08-15 17:01	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-15 17:01 . 2010-08-15 17:01	--------	d-----w-	c:\programdata\Malwarebytes
2010-08-15 17:01 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-11 09:24 . 2010-06-16 16:04	905088	----a-w-	c:\windows\system32\drivers\tcpip.sys
2010-08-11 09:24 . 2010-06-18 15:04	302080	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-11 09:24 . 2010-06-18 15:04	144896	----a-w-	c:\windows\system32\drivers\srv2.sys
2010-07-31 14:05 . 2010-07-31 14:05	--------	d-----w-	c:\users\Ronald\Logitech
2010-07-31 14:03 . 2010-07-31 14:04	--------	d-----w-	c:\program files\Common Files\Remote Control Software Common
2010-07-31 14:03 . 2010-07-31 14:03	--------	d-----w-	c:\program files\Logitech
2010-07-30 22:23 . 2010-07-30 22:23	1615200	----a-w-	c:\programdata\avg9\update\backup\avgssie.dll
2010-07-30 22:23 . 2010-07-30 22:23	1107296	----a-w-	c:\programdata\avg9\update\backup\avgxpl.dll
2010-07-30 22:23 . 2010-07-30 22:23	921440	----a-w-	c:\programdata\avg9\update\backup\avgemc.exe
2010-07-30 22:23 . 2010-07-30 22:23	4368224	----a-w-	c:\programdata\avg9\update\backup\avgcorex.dll
2010-07-29 14:50 . 2010-07-29 14:50	--------	d-----w-	c:\program files\Common Files\Remote Control USB Driver
2010-07-28 22:18 . 2010-07-28 22:18	--------	d-----w-	c:\users\Ronald\AppData\Local\WBFSManager
2010-07-28 22:13 . 2010-07-28 22:13	--------	d-----w-	c:\program files\Wii
2010-07-28 15:39 . 2010-07-28 15:40	--------	d-----w-	C:\MSNCleaner
2010-07-27 17:17 . 2010-07-27 17:17	--------	d-----w-	c:\program files\CCleaner
2010-07-26 16:51 . 2010-07-26 16:51	--------	d-----w-	c:\program files\iPod
2010-07-26 16:51 . 2010-07-26 16:51	--------	d-----w-	c:\program files\iTunes
2010-07-26 16:43 . 2010-07-26 16:43	73000	----a-w-	c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-22 21:24 . 2010-07-22 21:24	--------	d-----w-	C:\$AVG
2010-07-20 15:23 . 2010-07-20 15:23	--------	d-----w-	c:\users\Ronald\AppData\Local\Microsoft Corporation

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 20:07 . 2010-05-29 11:33	27934	----a-w-	c:\programdata\nvModes.dat
2010-08-15 18:43 . 2010-05-29 10:51	680	----a-w-	c:\users\Ronald\AppData\Local\d3d9caps.dat
2010-08-15 16:32 . 2010-05-29 17:56	--------	d-----w-	c:\users\Ronald\AppData\Roaming\GrabIt
2010-08-12 11:31 . 2008-01-21 06:47	670308	----a-w-	c:\windows\system32\perfh013.dat
2010-08-12 11:31 . 2008-01-21 06:47	127900	----a-w-	c:\windows\system32\perfc013.dat
2010-08-11 09:26 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2010-07-31 14:03 . 2008-05-25 07:17	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-07-26 16:51 . 2010-06-08 18:27	--------	d-----w-	c:\program files\Common Files\Apple
2010-07-06 13:26 . 2010-06-04 22:00	256	----a-w-	c:\windows\system32\pool.bin
2010-07-06 13:25 . 2010-07-06 13:25	53248	----a-r-	c:\users\Ronald\AppData\Roaming\Microsoft\Installer\{B2F3FB19-D848-479C-818E-130ABC9366DB}\ARPPRODUCTICON.exe
2010-07-01 23:02 . 2010-07-01 23:02	--------	d-----w-	c:\programdata\SanDisk
2010-06-28 20:17 . 2010-06-28 20:17	--------	d-----w-	c:\users\Ronald\AppData\Roaming\Ipswitch
2010-06-28 20:16 . 2010-06-28 20:16	--------	d-----w-	c:\program files\WS_FTP Pro
2010-06-27 23:30 . 2010-06-27 23:30	--------	d-----w-	c:\programdata\AVS4YOU
2010-06-27 23:30 . 2010-06-27 23:30	--------	d-----w-	c:\users\Ronald\AppData\Roaming\AVS4YOU
2010-06-27 23:30 . 2010-06-27 23:29	--------	d-----w-	c:\program files\AVS4YOU
2010-06-27 23:29 . 2010-06-27 23:25	--------	d-----w-	c:\program files\Common Files\AVSMedia
2010-06-27 08:22 . 2010-05-29 10:52	--------	d-----w-	c:\program files\Google
2010-06-26 14:28 . 2010-06-26 10:59	--------	d-----w-	c:\program files\ALDI
2010-06-26 11:46 . 2010-06-26 11:46	1393080	----a-w-	c:\programdata\hps\8\setup_Fotoservice.exe
2010-06-26 11:46 . 2010-06-26 11:00	--------	d-----w-	c:\programdata\hps
2010-06-26 11:45 . 2010-06-26 11:45	--------	d-----w-	c:\program files\AH
2010-06-26 10:14 . 2010-06-08 18:32	--------	d-----w-	c:\users\Ronald\AppData\Roaming\Apple Computer
2010-06-26 09:35 . 2010-06-26 09:35	--------	d-----w-	c:\program files\Bonjour
2010-06-26 06:05 . 2010-08-11 09:25	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 09:25	109056	----a-w-	c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-11 09:25	71680	----a-w-	c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-11 09:25	133632	----a-w-	c:\windows\system32\ieUnatt.exe
2010-06-26 00:52 . 2010-05-29 13:52	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-06-26 00:52 . 2010-06-26 00:52	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-06-26 00:52 . 2010-05-29 13:52	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-06-21 13:37 . 2010-08-11 09:25	2037760	----a-w-	c:\windows\system32\win32k.sys
2010-06-18 17:31 . 2010-08-11 09:25	36864	----a-w-	c:\windows\system32\rtutils.dll
2010-06-11 16:16 . 2010-08-11 09:25	274944	----a-w-	c:\windows\system32\schannel.dll
2010-06-11 16:15 . 2010-08-11 09:25	1248768	----a-w-	c:\windows\system32\msxml3.dll
2010-06-10 15:03 . 2010-06-10 15:03	49152	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-06-10 15:03 . 2010-06-10 15:03	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-06-10 15:03 . 2010-06-10 15:03	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-06-10 15:03 . 2010-06-10 15:03	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-06-10 15:03 . 2010-06-10 15:03	45056	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-06-10 15:03 . 2010-06-10 15:03	40960	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-06-10 15:03 . 2010-06-10 15:03	341600	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-06-10 15:03 . 2010-06-10 15:03	308808	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-06-10 15:03 . 2010-06-10 15:03	14848	----a-w-	c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-06-08 17:35 . 2010-08-11 09:25	3548040	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-06-08 17:35 . 2010-08-11 09:25	3600768	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-06-02 15:54 . 2006-11-02 10:25	665600	----a-w-	c:\windows\inf\drvindex.dat
2010-06-01 15:27 . 2010-05-29 13:52	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-05-29 22:42 . 2010-05-29 22:43	411368	----a-w-	c:\windows\system32\deployJava1.dll
2010-05-29 14:59 . 2010-05-29 10:51	103600	----a-w-	c:\users\Ronald\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-29 13:52 . 2010-05-29 13:52	52872	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-05-27 20:08 . 2010-08-11 09:25	81920	----a-w-	c:\windows\system32\iccvid.dll
2010-05-26 17:06 . 2010-06-09 15:25	34304	----a-w-	c:\windows\system32\atmlib.dll
2010-05-26 14:47 . 2010-06-09 15:25	289792	----a-w-	c:\windows\system32\atmfd.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 21:38	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-04-23 397312]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-21 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-21 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-05-12 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-05-12 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-05-12 167936]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-26 2065760]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2010-03-10 648536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-10 202256]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-5-29 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):71,12,85,f3,ac,01,cb,01

R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 136176]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-04-15 25856]
R3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-04-15 42880]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2007-12-16 75776]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-05-29 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-26 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-06-26 243024]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-05-09 61424]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-30 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-26 308136]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-03-28 210432]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-04-21 81296]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-04-21 43552]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhoud van de 'Gedeelde Taken' map

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 22:45]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-29 22:45]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.telegraaf.nl/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=2&o=vp32&d=0510&m=aspire_7730g
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-eRecoveryService - (no file)
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-15 22:46
Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(4608)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\System32\SysHook.dll
.
Voltooingstijd: 2010-08-15  22:51:05
ComboFix-quarantined-files.txt  2010-08-15 20:51

Pre-Run: 88.532.930.560 bytes beschikbaar
Post-Run: 88.592.429.056 bytes beschikbaar

- - End Of File - - A63D6FF41159AC7AD6C765BF0082D9C9