ComboFix 11-06-07.03 - Gebruiker 10/06/2011  14:25:35.3.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.1918.1211 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Gebruiker\Bureaublad\CFScript.txt
AV: ESET NOD32 antivirus system 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Lavasoft Ad-Watch Live! Antivirus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
 * Aanwezig AV is actief
.
.
FILE ::
"c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP"
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-05-10 to 2011-06-10  ))))))))))))))))))))))))))))))
.
.
2011-06-09 14:19 . 2011-06-09 14:19	--------	d-----w-	c:\documents and settings\Gebruiker\Local Settings\Application Data\Stardock
2011-06-09 14:19 . 2011-06-09 14:19	--------	d-----w-	c:\documents and settings\Gebruiker\Application Data\Stardock
2011-06-09 14:18 . 2011-06-09 14:18	--------	dc-h--w-	c:\documents and settings\All Users\Application Data\{A3A26C56-02C3-4F76-A033-12EE2FB52AE6}
2011-06-09 14:18 . 2011-06-09 14:18	--------	d-----w-	c:\program files\Stardock
2011-06-09 14:17 . 2011-06-09 14:17	--------	d-----w-	c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware
2011-06-08 18:27 . 2010-08-23 16:13	617472	------w-	c:\windows\system32\dllcache\comctl32.dll
2011-06-08 18:25 . 2010-11-02 15:17	40960	------w-	c:\windows\system32\dllcache\ndproxy.sys
2011-06-08 18:24 . 2010-09-18 06:53	954368	------w-	c:\windows\system32\dllcache\mfc40.dll
2011-06-08 18:24 . 2010-09-18 06:53	953856	------w-	c:\windows\system32\dllcache\mfc40u.dll
2011-06-08 18:24 . 2010-06-14 14:31	744448	------w-	c:\windows\system32\dllcache\helpsvc.exe
2011-06-08 18:02 . 2010-10-11 14:59	45568	------w-	c:\windows\system32\dllcache\wab.exe
2011-06-06 07:50 . 2011-06-06 07:50	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo!
2011-06-06 07:50 . 2011-06-06 07:50	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2011-06-06 07:47 . 2011-06-06 07:47	--------	d-----w-	c:\documents and settings\Administrator\Application Data\RCP 5
2011-06-06 07:27 . 2011-06-06 07:27	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-06-01 13:50 . 2011-06-10 12:23	--------	d-----r-	c:\documents and settings\Gebruiker\Onlangs geopend
2011-06-01 10:41 . 2011-06-01 13:50	--------	d-----w-	c:\documents and settings\Administrator\Application Data\BitTorrent
2011-06-01 10:23 . 2011-06-01 10:23	388096	----a-r-	c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-06-01 10:23 . 2011-06-01 10:23	--------	d-----w-	c:\program files\Trend Micro
2011-06-01 10:22 . 2011-06-01 10:22	--------	d-sh--w-	c:\documents and settings\Administrator\PrivacIE
2011-06-01 09:21 . 2011-06-01 09:21	--------	d-----w-	c:\program files\Enigma Software Group
2011-06-01 09:21 . 2011-06-01 10:11	--------	d-----w-	c:\windows\820C0EEB9B124AD5B39DD15ED1DBDD06.TMP
2011-06-01 09:20 . 2011-06-01 09:20	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2011-05-20 13:15 . 2010-11-29 09:42	35136	----a-w-	c:\program files\Mozilla Firefox\plugins\np_gp.dll
2011-05-20 13:15 . 2011-05-20 13:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2011-05-20 13:15 . 2011-05-20 13:15	--------	d-----w-	c:\program files\NOS
2011-05-20 13:13 . 2011-04-14 16:57	142296	----a-w-	c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-05-20 13:13 . 2011-04-14 16:57	781272	----a-w-	c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-20 13:13 . 2011-04-14 16:57	1874904	----a-w-	c:\program files\Mozilla Firefox\mozjs.dll
2011-05-20 13:13 . 2011-04-14 16:57	15832	----a-w-	c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-20 13:13 . 2011-04-14 16:57	89048	----a-w-	c:\program files\Mozilla Firefox\libEGL.dll
2011-05-20 13:13 . 2011-04-14 16:57	465880	----a-w-	c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-20 13:13 . 2010-01-01 08:00	1974616	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-20 13:13 . 2010-01-01 08:00	1892184	----a-w-	c:\program files\Mozilla Firefox\d3dx9_42.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-29 07:11 . 2010-08-02 14:36	39984	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-08-02 14:36	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-04-18 10:23 . 2010-08-02 14:32	16432	----a-w-	c:\windows\system32\lsdelete.exe
2009-05-01 21:02 . 2009-05-01 21:02	1044480	----a-w-	c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02	200704	----a-w-	c:\program files\mozilla firefox\plugins\ssldivx.dll
2011-04-14 16:57 . 2011-05-20 13:13	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-04 02:00	94784	--sh--w-	c:\windows\twain.dll
2008-04-14 17:02	50688	--sh--w-	c:\windows\twain_32.dll
2006-02-16 20:33	1216	--sh--w-	c:\windows\Twunk_16.dll
2006-02-16 20:33	1216	--sh--w-	c:\windows\Twunk_32.dll
2011-02-08 13:33	978944	--sh--w-	c:\windows\system32\mfc42.dll
2008-04-14 17:02	57344	--sh--w-	c:\windows\system32\msvcirt.dll
2008-04-14 17:02	413696	--sha-w-	c:\windows\system32\msvcp60.dll
2008-04-14 17:02	551936	--sh--w-	c:\windows\system32\oleaut32.dll
2008-04-14 17:03	12288	--sh--w-	c:\windows\system32\regsvr32.exe
.
.
(((((((((((((((((((((((((((((   SnapShot_2011-06-09_10.59.21   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-11 08:59 . 2011-01-11 08:59	51024              c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_214ee422\vcomp90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	59728              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90rus.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	42832              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90kor.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	43344              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90jpn.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	61264              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90ita.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	62800              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90fra.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esp.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	61776              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90esn.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	53584              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90enu.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	63312              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90deu.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	36688              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90cht.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	35664              c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_467ea28b\mfc90chs.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90u.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	59904              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfcm90.dll
+ 2011-01-10 21:03 . 2011-01-10 21:03	65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_189d6662\vcomp.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80KOR.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80JPN.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ITA.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80FRA.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ESP.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80ENU.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80DEU.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHT.dll
+ 2011-01-10 20:32 . 2011-01-10 20:32	40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_3dcd24cb\mfc80CHS.dll
+ 2011-01-11 02:05 . 2011-01-11 02:05	57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80u.dll
+ 2011-01-11 02:23 . 2011-01-11 02:23	69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfcm80.dll
+ 2011-01-10 19:21 . 2011-01-10 19:21	97280              c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_7837863c\ATL80.dll
- 2006-07-05 00:23 . 2011-06-09 01:54	49152              c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2006-07-05 00:23 . 2011-06-09 14:16	49152              c:\windows\system32\config\systemprofile\Local Settings\Geschiedenis\History.IE5\index.dat
+ 2011-06-09 14:16 . 2011-06-09 14:16	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2011-06-09 01:54 . 2011-06-09 01:54	16384              c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-06-09 14:20 . 2011-06-09 14:20	15872              c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\61ae638a8173b053fc3e6dde41df25a3\Microsoft.VisualC.ni.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	653136              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcr90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	569680              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcp90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	225280              c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_0517bbc6\msvcm90.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	159048              c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_65b7a93a\atl90.dll
+ 2011-01-11 02:27 . 2011-01-11 02:27	632656              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcr80.dll
+ 2011-01-11 02:24 . 2011-01-11 02:24	554832              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcp80.dll
+ 2011-01-11 02:08 . 2011-01-11 02:08	479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_179798c8\msvcm80.dll
+ 2006-07-05 00:23 . 2011-06-09 14:16	393216              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-07-05 00:23 . 2011-06-09 01:54	393216              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2011-06-10 01:00 . 2011-06-10 01:00	459264              c:\windows\Installer\4f7889d.msi
+ 2011-06-10 01:00 . 2011-06-10 01:00	223232              c:\windows\Installer\4f78897.msi
+ 2011-06-09 14:18 . 2011-06-09 14:18	271872              c:\windows\Installer\2ac186f.msi
+ 2011-06-09 14:20 . 2011-06-09 14:20	223744              c:\windows\assembly\NativeImages_v2.0.50727_32\VistaBridgeLibrary\49750cafa94db71ffb099ec625b52251\VistaBridgeLibrary.ni.dll
+ 2011-06-09 14:20 . 2011-06-09 14:20	771584              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1d03df7f7548613e8beab2cc21e57910\System.Runtime.Remoting.ni.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	3780936              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90u.dll
+ 2011-01-11 08:59 . 2011-01-11 08:59	3766088              c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.5570_x-ww_d5fe2ecb\mfc90.dll
+ 2011-01-10 20:50 . 2011-01-10 20:50	1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80u.dll
+ 2011-01-10 20:50 . 2011-01-10 20:50	1101824              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.5592_x-ww_e87e0bcd\mfc80.dll
+ 2011-06-09 14:20 . 2011-06-09 14:20	1115136              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\5018d7d39ee99a18c2c17d68837a7a6d\System.Data.OracleClient.ni.dll
+ 2011-06-09 14:20 . 2011-06-09 14:20	4829696              c:\windows\assembly\NativeImages_v2.0.50727_32\Fences\b530230e2290203b72bedadfe9ac54f5\Fences.ni.exe
.
-- Snapshot teruggezet naar huidige datum --
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\
Snelkoppeling naar Startup.lnk - c:\batch\Startup.bat [2009-1-21 27]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Reader Snelle start.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Reader Snelle start.lnk
backup=c:\windows\pss\Adobe Reader Snelle start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HPAiODevice(hp officejet v series) - 1.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HPAiODevice(hp officejet v series) - 1.lnk
backup=c:\windows\pss\HPAiODevice(hp officejet v series) - 1.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Sonic CinePlayer Quick Launch.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Sonic CinePlayer Quick Launch.lnk
backup=c:\windows\pss\Sonic CinePlayer Quick Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Gebruiker^Menu Start^Programma's^Opstarten^LimeWire On Startup.lnk]
path=c:\documents and settings\Gebruiker\Menu Start\Programma's\Opstarten\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 17:02	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Free Codec]
2007-03-30 02:44	274432	----a-w-	c:\program files\DivX Free Codec\Divx Free Update.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DLA]
2005-09-28 03:10	122940	----a-w-	c:\windows\system32\DLA\DLACTRLW.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 14:50	221184	----a-w-	c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nod32kui]
2007-04-02 07:00	949376	----a-w-	c:\program files\ESET\nod32kui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\scheduler_monitor]
2007-06-15 08:17	27136	----a-w-	c:\program files\ReaConverter 5.5 Pro\init_scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-12-10 11:39	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
.
R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [17/06/2009 15:01 20744]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/08/2010 14:38 64288]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2/04/2007 9:00 15424]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/08/2010 16:36 366640]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/06/2009 14:46 92008]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/08/2010 14:47 15232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/08/2010 16:36 22712]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 13:39 136176]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/07/2010 10:55 2151128]
S2 rbhfnfjc;IPX Traffic Filter Support;c:\windows\System32\svchost.exe -k netsvcs [4/08/2004 4:00 14336]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [17/06/2009 15:02 29192]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [10/12/2010 13:39 136176]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [17/06/2009 15:01 25480]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/08/2004 4:00 14336]
S3 rcp_service;ReaConverter scheduler service;c:\program files\ReaConverter 5.5 Pro\rcp_scheduler.exe [30/11/2007 11:27 558592]
S3 Start BT in service;Start BT in service;c:\program files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [21/04/2007 15:54 52080]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - LAVASOFT_KERNEXPLORER
*Deregistered* - MBAMSwissArmy
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
rbhfnfjc
.
Inhoud van de 'Gedeelde Taken' map
.
2011-06-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-07-12 09:11]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 11:39]
.
2011-06-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-10 11:39]
.
2011-04-08 c:\windows\Tasks\pixillionShakeIcon.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2011-01-05 08:33]
.
2010-12-23 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Swift Sound\Switch\switch.exe [2010-12-23 08:01]
.
.
------- Bijkomende Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Zoeken - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Woord vertalen in het Nederlands - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Gelijkwaardige pagina's - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Koppelingspagina's - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Opgeslagen momentopname van de pagina - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Gebruiker\Application Data\Mozilla\Firefox\Profiles\sk3axlzg.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-10 14:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Udfs]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ultra]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VComm]
"ImagePath"="system32\DRIVERS\VComm.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VcommMgr]
"ImagePath"="System32\Drivers\VcommMgr.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\ViaIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VolSnap]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vxd]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WDICA]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WinTrust]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"
--
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{20213930-7CB9-49AA-9FBC-78BEA4C3EEC9}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{2B417556-D0CD-4597-BD72-CB269C24AC33}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{72B2F3F7-6816-4D61-872A-8E6E257BF6AC}]
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{CF88B2AA-7A43-4829-AB6E-BD184A3CA9C6}]
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7d,bc,3e,63,9c,ef,4d,8a,84,61,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,49,7d,bc,3e,63,9c,ef,4d,8a,84,61,\
.
[HKEY_USERS\S-1-5-21-2790544759-2844780689-2955542577-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2C610618-B51D-1730-ED7C-6D9F5EFD0878}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"eaoolonjda"=hex:66,61,69,62,6f,6c,63,6f,65,62,6a,61,00,31
"dabpmokd"=hex:64,62,63,62,6e,65,63,69,61,6a,66,61,63,61,66,6c,6f,67,62,67,66,
   68,63,6b,69,61,66,6e,68,67,67,69,6a,61,6e,63,6d,64,6a,63,00,00
"iagmljhkfioipoebhk"=hex:6a,61,6c,66,68,6f,68,6b,67,65,66,63,70,63,6e,70,62,61,
   65,6c,00,00
"haabjjmaoobjhhec"=hex:6a,61,6c,66,67,6f,6d,69,66,6f,6a,65,69,61,66,67,69,67,
   6d,6e,00,00
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ�|������|�9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(824)
c:\windows\system32\wbem\fastprox.dll
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\imon.dll
.
- - - - - - - > 'explorer.exe'(2688)
c:\windows\system32\AcSignIcon.dll
c:\program files\Common Files\Autodesk Shared\AcSignCore16.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Stardock\Fences\FencesMenu.dll
c:\program files\stardock\fences\DesktopDock.dll
.
Voltooingstijd: 2011-06-10  14:36:29
ComboFix-quarantined-files.txt  2011-06-10 12:36
ComboFix2.txt  2011-06-09 11:02
ComboFix3.txt  2011-06-08 13:24
.
Pre-Run: 109.865.472.000 bytes beschikbaar
Post-Run: 109.837.844.480 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 9D556748D67221442AF69E28C6E19270