ComboFix 10-05-03.03 - RIck 03-05-2010  23:23:21.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.2.1252.31.1043.18.1535.1149 [GMT 2:00]
Gestart vanuit: c:\documents and settings\RIck.RICK-A640BE8BE9\Mijn documenten\Downloads\scan.exe
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\WindowsUpdate
c:\recycler\S-1-5-21-299502267-1532298954-725345543-1003
c:\windows\system32\e1000msg.dll

.
((((((((((((((((((((   Bestanden Gemaakt van 2010-04-03 to 2010-05-03  ))))))))))))))))))))))))))))))
.

2010-05-03 19:35 . 2010-05-03 19:35	--------	d-----w-	c:\documents and settings\RIck.RICK-A640BE8BE9\Local Settings\Application Data\SecondLife
2010-05-03 19:35 . 2010-05-03 19:37	--------	d-----w-	c:\documents and settings\RIck.RICK-A640BE8BE9\Application Data\SecondLife
2010-05-03 19:35 . 2010-05-03 21:19	--------	d-----w-	c:\documents and settings\RIck.RICK-A640BE8BE9\Local Settings\Application Data\Emerald
2010-05-03 18:54 . 2010-02-27 18:46	3691384	----a-w-	c:\documents and settings\RIck.RICK-A640BE8BE9\Application Data\Simply Super Software\Trojan Remover\qql1.exe
2010-05-03 18:40 . 2010-05-03 18:49	168371	----a-w-	c:\windows\system32\x.vir
2010-05-03 18:38 . 2005-02-25 03:35	22752	----a-w-	c:\windows\system32\spupdsvc.exe
2010-05-03 18:32 . 2009-08-06 17:24	44768	----a-w-	c:\windows\system32\wups2.dll
2010-05-03 18:31 . 2010-05-03 18:31	--------	d-s---w-	c:\documents and settings\RIck.RICK-A640BE8BE9\UserData
2010-05-03 18:28 . 2010-05-03 18:54	--------	d---a-w-	c:\documents and settings\All Users.WINDOWS\Application Data\TEMP
2010-05-03 18:28 . 2006-06-19 10:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2010-05-03 18:28 . 2006-05-25 12:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2010-05-03 18:28 . 2005-08-25 22:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2010-05-03 18:28 . 2003-02-02 17:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2010-05-03 18:28 . 2002-03-05 22:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2010-05-03 18:28 . 2010-05-03 18:28	--------	d-----w-	c:\program files\Trojan Remover
2010-05-03 18:28 . 2010-05-03 18:28	--------	d-----w-	c:\documents and settings\RIck.RICK-A640BE8BE9\Application Data\Simply Super Software
2010-05-03 18:28 . 2010-05-03 18:28	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Simply Super Software
2010-05-03 16:57 . 2010-05-03 16:57	--------	d-----w-	c:\program files\Lavasoft
2010-05-03 16:52 . 2010-05-03 16:56	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2010-05-03 16:45 . 2004-08-04 00:54	57856	----a-w-	c:\windows\system32\drivers\redbook.sys
2010-05-03 16:45 . 2007-10-04 15:14	6854464	----a-w-	c:\windows\system32\drivers\nv4_mini.sys
2010-05-03 16:45 . 2007-10-04 15:14	5783424	----a-w-	c:\windows\system32\nv4_disp.dll
2010-05-03 16:44 . 2004-08-03 23:07	42368	----a-w-	c:\windows\system32\drivers\AGP440.SYS
2010-05-03 16:44 . 2004-08-04 00:56	5632	----a-w-	c:\windows\system32\drivers\intelide.sys
2010-05-03 16:44 . 2004-08-04 01:03	76288	----a-w-	c:\windows\system32\usbui.dll
2010-05-03 16:42 . 2001-09-07 12:00	8192	-c--a-w-	c:\windows\system32\dllcache\kbdhept.dll
2010-05-03 16:41 . 2010-05-03 21:21	--------	d--h--w-	c:\documents and settings\Default User.WINDOWS
2010-05-03 16:41 . 2010-05-03 14:51	--------	d-----w-	c:\documents and settings\All Users.WINDOWS
2010-05-03 15:29 . 2005-01-02 03:43	4682	----a-w-	c:\windows\system32\npptNT2.sys
2010-05-03 15:25 . 2010-02-04 08:01	74072	----a-w-	c:\windows\system32\XAPOFX1_4.dll
2010-05-03 15:25 . 2010-02-04 08:01	528216	----a-w-	c:\windows\system32\XAudio2_6.dll
2010-05-03 15:25 . 2010-02-04 08:01	238936	----a-w-	c:\windows\system32\xactengine3_6.dll
2010-05-03 15:25 . 2010-02-04 08:01	22360	----a-w-	c:\windows\system32\X3DAudio1_7.dll
2010-05-03 15:25 . 2009-09-04 15:44	515416	----a-w-	c:\windows\system32\XAudio2_5.dll
2010-05-03 15:25 . 2009-09-04 15:44	238936	----a-w-	c:\windows\system32\xactengine3_5.dll
2010-05-03 15:25 . 2009-09-04 15:29	1974616	----a-w-	c:\windows\system32\D3DCompiler_42.dll
2010-05-03 15:25 . 2009-09-04 15:29	453456	----a-w-	c:\windows\system32\d3dx10_42.dll
2010-05-03 15:25 . 2009-09-04 15:29	235344	----a-w-	c:\windows\system32\d3dx11_42.dll
2010-05-03 15:25 . 2009-09-04 15:29	5501792	----a-w-	c:\windows\system32\d3dcsx_42.dll
2010-05-03 15:25 . 2009-09-04 15:29	1892184	----a-w-	c:\windows\system32\D3DX9_42.dll
2010-05-03 15:12 . 2003-07-11 10:15	118784	----a-w-	c:\windows\system32\Prounstl.exe
2010-05-03 15:12 . 2003-07-11 08:58	121856	----a-w-	c:\windows\system32\drivers\e1000325.sys
2010-05-03 15:12 . 2002-12-29 03:00	24064	----a-w-	c:\windows\system32\IntelNic.dll
2010-05-03 15:12 . 2010-05-03 15:12	--------	d-----w-	c:\documents and settings\RICK~1~RIC\LOCALS~1
2010-05-03 15:12 . 2010-05-03 15:12	--------	d-----w-	c:\documents and settings\RICK~1~RIC
2010-05-03 15:10 . 2010-05-03 15:10	2507	----a-w-	c:\windows\unins000.dat
2010-05-03 15:10 . 2010-05-03 15:10	1072989	----a-w-	c:\windows\unins000.exe
2010-05-03 15:06 . 2003-01-08 09:23	49152	----a-w-	c:\windows\system32\DSndUp.exe
2010-05-03 15:06 . 2002-04-17 13:05	45056	----a-w-	c:\windows\system32\CleanUp.exe
2010-05-03 15:06 . 2010-05-03 15:06	0	----a-w-	c:\windows\nsreg.dat
2010-05-03 15:06 . 2010-05-03 15:06	--------	d-----w-	c:\documents and settings\RIck.RICK-A640BE8BE9\Local Settings\Application Data\Mozilla
2010-05-03 15:02 . 2007-10-04 15:14	356352	----a-w-	c:\windows\system32\nvudisp.exe
2010-05-03 15:02 . 2007-10-04 16:16	356352	----a-w-	c:\windows\system32\NVUNINST.EXE
2010-05-03 14:58 . 2010-05-03 15:01	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2010-05-03 14:55 . 2001-09-07 12:00	41600	-c--a-w-	c:\windows\system32\dllcache\weitekp9.dll
2010-05-03 14:55 . 2001-09-07 12:00	31488	-c--a-w-	c:\windows\system32\dllcache\weitekp9.sys
2010-05-03 14:55 . 2004-08-03 23:03	76288	-c--a-w-	c:\windows\system32\dllcache\wam51.dll
2010-05-03 14:55 . 2004-08-03 23:03	53248	-c--a-w-	c:\windows\system32\dllcache\wamreg51.dll
2010-05-03 14:55 . 2004-08-03 23:03	362496	-c--a-w-	c:\windows\system32\dllcache\w3svc.dll
2010-05-03 14:55 . 2001-09-07 12:00	9216	-c--a-w-	c:\windows\system32\dllcache\wamps51.dll
2010-05-03 14:55 . 2001-09-07 12:00	5632	-c--a-w-	c:\windows\system32\dllcache\w3svapi.dll
2010-05-03 14:55 . 2004-08-03 20:32	86073	-c--a-w-	c:\windows\system32\dllcache\voicesub.dll
2010-05-03 14:55 . 2004-08-03 20:32	426041	-c--a-w-	c:\windows\system32\dllcache\voicepad.dll
2010-05-03 14:55 . 2001-09-07 12:00	73728	-c--a-w-	c:\windows\system32\dllcache\w3ext.dll
2010-05-03 14:55 . 2001-09-07 12:00	48256	-c--a-w-	c:\windows\system32\dllcache\w32.dll
2010-05-03 14:55 . 2001-09-07 12:00	4608	-c--a-w-	c:\windows\system32\dllcache\w3ctrs51.dll
2010-05-03 14:53 . 2001-09-07 12:00	10129408	-c--a-w-	c:\windows\system32\dllcache\hwxkor.dll
2010-05-03 14:52 . 2010-05-03 14:52	--------	d-----w-	c:\documents and settings\Default User.WINDOWS\Local Settings\Application Data\Microsoft
2010-05-03 14:51 . 2010-05-03 14:51	--------	d-sh--w-	c:\documents and settings\All Users.WINDOWS\DRM
2010-05-03 14:49 . 2010-05-03 14:49	21748	----a-w-	c:\windows\system32\emptyregdb.dat
2010-05-02 21:31 . 2010-05-02 21:31	--------	d-----w-	c:\windows\system32\LogFiles
2010-05-02 18:27 . 2010-05-02 21:15	--------	d-----w-	c:\documents and settings\Rick\Local Settings\Application Data\Emerald
2010-05-02 18:19 . 2010-05-02 18:19	--------	d-----w-	c:\documents and settings\Rick\Application Data\SecondLife
2010-05-02 18:19 . 2010-05-02 18:19	--------	d-----w-	c:\documents and settings\Rick\Local Settings\Application Data\SecondLife
2010-05-02 18:19 . 2010-05-02 18:19	--------	d-----w-	c:\program files\SecondLife
2010-05-02 18:11 . 2010-05-02 18:21	--------	d-----w-	c:\program files\Emerald Viewer
2010-05-02 17:11 . 2010-05-02 17:11	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-05-02 17:11 . 2010-05-02 17:11	--------	d-----w-	c:\program files\Analog Devices
2010-05-02 17:11 . 2003-02-28 07:17	545024	----a-w-	c:\windows\system32\drivers\smwdm.sys
2010-05-02 17:11 . 2002-10-28 09:26	3744	----a-w-	c:\windows\system32\drivers\smsens.sys
2010-05-02 17:11 . 2002-04-01 11:15	4816	----a-w-	c:\windows\system32\drivers\aeaudio.sys
2010-05-02 17:11 . 2001-09-19 11:32	720896	-c--a-w-	c:\windows\system32\dllcache\a3d.dll
2010-05-02 17:11 . 2001-09-19 11:32	720896	----a-w-	c:\windows\system32\a3d.dll
2010-05-02 17:11 . 2010-05-02 17:11	--------	d-s---w-	c:\documents and settings\LocalService\UserData

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-03 14:58 . 2001-09-07 12:00	53418	----a-w-	c:\windows\system32\perfc013.dat
2010-05-03 14:58 . 2001-09-07 12:00	364330	----a-w-	c:\windows\system32\perfh013.dat
2010-05-03 14:51 . 2010-05-03 14:51	86327	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-05-02 17:10 . 2010-05-02 11:49	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-05-02 13:04 . 2010-05-02 13:04	--------	d-----w-	c:\program files\Common Files\INCA Shared
2010-05-02 12:44 . 2010-05-02 12:33	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-02 12:34 . 2010-05-02 12:34	--------	d-----w-	c:\documents and settings\Rick\Application Data\Malwarebytes
2010-05-02 12:11 . 2010-05-02 12:11	388096	----a-r-	c:\documents and settings\Rick\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-02 12:11 . 2010-05-02 12:11	--------	d-----w-	c:\program files\Trend Micro
2010-05-02 12:05 . 2010-05-02 12:03	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-05-02 11:34 . 2010-05-02 11:34	12328	----a-w-	c:\documents and settings\Rick\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-02 11:27 . 2010-05-02 11:27	--------	d-----w-	c:\program files\microsoft frontpage
2004-08-03 23:03 . 2004-08-03 23:03	168096	--sha-r-	c:\windows\system32\ozhtofe.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-04 8491008]
"nwiz"="nwiz.exe" [2007-10-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-04 81920]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-27 1165192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1934:TCP"= 1934:TCP:wveufyq

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - WMIAPSRV
*Deregistered* - dump_wmimmc
*Deregistered* - NPPTNT2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
nhncpvfcy
iulbtwjv
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-03 23:27
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iulbtwjv]
"ServiceDll"="c:\windows\system32\ozhtofe.dll"
.
Voltooingstijd: 2010-05-03  23:27:59
ComboFix-quarantined-files.txt  2010-05-03 21:27

Pre-Run: 31.181.033.472 bytes beschikbaar
Post-Run: 31.210.864.640 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 86D5D7A62AFE936B1AC390ECE5B07AAE