ComboFix 11-11-15.06 - Eigenaar 18-11-2011  10:04:04.3.2 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.510.242 [GMT 1:00]
Gestart vanuit: c:\mijn documenten\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Eigenaar\Mijn documenten\PrintScreen Files\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
FILE ::
"c:\windows\system32\tmp03793.FOT"
"c:\windows\system32\tmp0B026.FOT"
"c:\windows\system32\tmp0F0E2.FOT"
"c:\windows\system32\tmp11386.FOT"
"c:\windows\system32\tmp12386.FOT"
"c:\windows\system32\tmp13386.FOT"
"c:\windows\system32\tmp166D2.FOT"
"c:\windows\system32\tmp20386.FOT"
"c:\windows\system32\tmp23A03.FOT"
"c:\windows\system32\tmp2C8B3.FOT"
"c:\windows\system32\tmp2F286.FOT"
"c:\windows\system32\tmp40026.FOT"
"c:\windows\system32\tmp433B3.FOT"
"c:\windows\system32\tmp4A286.FOT"
"c:\windows\system32\tmp4B286.FOT"
"c:\windows\system32\tmp552F2.FOT"
"c:\windows\system32\tmp5ABB2.FOT"
"c:\windows\system32\tmp65226.FOT"
"c:\windows\system32\tmp685B3.FOT"
"c:\windows\system32\tmp7F7B3.FOT"
"c:\windows\system32\tmp7FC16.FOT"
"c:\windows\system32\tmp92F16.FOT"
"c:\windows\system32\tmp937E2.FOT"
"c:\windows\system32\tmp98603.FOT"
"c:\windows\system32\tmpA1AD2.FOT"
"c:\windows\system32\tmpB47B3.FOT"
"c:\windows\system32\tmpB4C16.FOT"
"c:\windows\system32\tmpB51F2.FOT"
"c:\windows\system32\tmpB8126.FOT"
"c:\windows\system32\tmpBC1E2.FOT"
"c:\windows\system32\tmpBCFB2.FOT"
"c:\windows\system32\tmpDE3E2.FOT"
"c:\windows\system32\tmpF53F2.FOT"
"c:\windows\system32\tmpF86B3.FOT"
"c:\windows\system32\tmpFEBD2.FOT"
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2011-10-18 to 2011-11-18  ))))))))))))))))))))))))))))))
.
.
2011-11-16 07:59 . 2011-11-18 08:53	--------	d--h--r-	c:\documents and settings\Eigenaar\Onlangs geopend
2011-11-11 22:17 . 2011-11-11 22:18	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\vlc
2011-11-11 22:17 . 2011-11-11 22:17	--------	d-----w-	c:\documents and settings\Eigenaar\Local Settings\Application Data\Ilivid Player
2011-11-11 22:17 . 2011-11-11 22:17	--------	d-----w-	c:\documents and settings\Eigenaar\AppData
2011-11-11 22:14 . 2011-11-11 22:24	--------	d-----w-	c:\program files\iLivid
2011-11-11 22:13 . 2011-11-11 22:13	--------	d-----w-	c:\documents and settings\All Users.WINDOWS\Application Data\boost_interprocess
2011-11-11 22:13 . 2011-11-11 22:14	--------	d-----w-	c:\program files\Windows iLivid Toolbar
2011-11-11 22:13 . 2011-11-11 22:13	--------	d-----w-	c:\documents and settings\Eigenaar\Local Settings\Application Data\PackageAware
2011-11-11 11:51 . 2011-11-11 11:51	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\BabylonToolbar
2011-11-02 10:16 . 2011-11-02 10:16	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-14 14:45 . 2011-10-14 14:45	53248	----a-r-	c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-14 14:44 . 2011-10-14 14:44	16400	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2011-09-26 09:41 . 2011-04-05 02:55	23040	----a-w-	c:\windows\system32\oleaccrc.dll
2011-09-26 09:41 . 2008-07-29 17:59	614912	----a-w-	c:\windows\system32\uiautomationcore.dll
2011-09-26 09:41 . 2011-04-05 02:55	220160	----a-w-	c:\windows\system32\oleacc.dll
2011-09-23 08:04 . 2011-04-04 21:16	28256	----a-w-	c:\windows\system32\drivers\MxlW2k.sys
2011-09-09 09:12 . 2011-04-05 02:54	602624	----a-w-	c:\windows\system32\crypt32.dll
2011-09-06 14:09 . 2011-04-05 02:56	1859072	----a-w-	c:\windows\system32\win32k.sys
2011-09-01 10:17 . 2011-09-01 10:17	1409	----a-w-	c:\windows\system32\tmpF53F2.FOT
2011-09-01 10:17 . 2011-09-01 10:17	1409	----a-w-	c:\windows\system32\tmpB51F2.FOT
2011-09-01 10:17 . 2011-09-01 10:17	1409	----a-w-	c:\windows\system32\tmp552F2.FOT
2011-09-01 10:17 . 2011-09-01 10:17	1409	----a-w-	c:\windows\system32\tmpDE3E2.FOT
2011-09-01 10:17 . 2011-09-01 10:17	1409	----a-w-	c:\windows\system32\tmpBC1E2.FOT
2011-09-01 10:17 . 2011-09-01 10:17	1409	----a-w-	c:\windows\system32\tmpFEBD2.FOT
2011-09-01 10:17 . 2011-09-01 10:17	1409	----a-w-	c:\windows\system32\tmpA1AD2.FOT
2011-09-01 09:00 . 2011-09-01 09:00	1409	----a-w-	c:\windows\system32\tmp7F7B3.FOT
2011-09-01 09:00 . 2011-09-01 09:00	1409	----a-w-	c:\windows\system32\tmp2C8B3.FOT
2011-09-01 09:00 . 2011-09-01 09:00	1409	----a-w-	c:\windows\system32\tmpF86B3.FOT
2011-09-01 09:00 . 2011-09-01 09:00	1409	----a-w-	c:\windows\system32\tmpB47B3.FOT
2011-09-01 09:00 . 2011-09-01 09:00	1409	----a-w-	c:\windows\system32\tmp685B3.FOT
2011-09-01 09:00 . 2011-09-01 09:00	1409	----a-w-	c:\windows\system32\tmp433B3.FOT
2011-09-01 09:00 . 2011-09-01 09:00	1409	----a-w-	c:\windows\system32\tmp03793.FOT
2011-09-01 08:51 . 2011-09-01 08:51	1409	----a-w-	c:\windows\system32\tmp4B286.FOT
2011-09-01 08:51 . 2011-09-01 08:51	1409	----a-w-	c:\windows\system32\tmp4A286.FOT
2011-09-01 08:51 . 2011-09-01 08:51	1409	----a-w-	c:\windows\system32\tmp2F286.FOT
2011-09-01 08:51 . 2011-09-01 08:51	1409	----a-w-	c:\windows\system32\tmp20386.FOT
2011-09-01 08:51 . 2011-09-01 08:51	1409	----a-w-	c:\windows\system32\tmp13386.FOT
2011-09-01 08:51 . 2011-09-01 08:51	1409	----a-w-	c:\windows\system32\tmp12386.FOT
2011-09-01 08:51 . 2011-09-01 08:51	1409	----a-w-	c:\windows\system32\tmp11386.FOT
2011-09-01 08:00 . 2011-09-01 08:00	1409	----a-w-	c:\windows\system32\tmp23A03.FOT
2011-09-01 08:00 . 2011-09-01 08:00	1409	----a-w-	c:\windows\system32\tmp98603.FOT
2011-09-01 08:00 . 2011-09-01 08:00	1409	----a-w-	c:\windows\system32\tmp937E2.FOT
2011-09-01 08:00 . 2011-09-01 08:00	1409	----a-w-	c:\windows\system32\tmp0F0E2.FOT
2011-09-01 08:00 . 2011-09-01 08:00	1409	----a-w-	c:\windows\system32\tmp166D2.FOT
2011-09-01 08:00 . 2011-09-01 08:00	1409	----a-w-	c:\windows\system32\tmpBCFB2.FOT
2011-09-01 08:00 . 2011-09-01 08:00	1409	----a-w-	c:\windows\system32\tmp5ABB2.FOT
2011-09-01 07:27 . 2011-09-01 07:27	1409	----a-w-	c:\windows\system32\tmp65226.FOT
2011-09-01 07:27 . 2011-09-01 07:27	1409	----a-w-	c:\windows\system32\tmpB8126.FOT
2011-09-01 07:27 . 2011-09-01 07:27	1409	----a-w-	c:\windows\system32\tmp92F16.FOT
2011-09-01 07:27 . 2011-09-01 07:27	1409	----a-w-	c:\windows\system32\tmp40026.FOT
2011-09-01 07:27 . 2011-09-01 07:27	1409	----a-w-	c:\windows\system32\tmp0B026.FOT
2011-09-01 07:27 . 2011-09-01 07:27	1409	----a-w-	c:\windows\system32\tmpB4C16.FOT
2011-09-01 07:27 . 2011-09-01 07:27	1409	----a-w-	c:\windows\system32\tmp7FC16.FOT
2011-08-31 15:00 . 2011-04-06 12:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-26 08:19 . 2011-08-26 08:19	388096	----a-r-	c:\documents and settings\Eigenaar\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-22 23:41 . 2011-04-05 02:56	916480	----a-w-	c:\windows\system32\wininet.dll
2011-08-22 23:41 . 2011-04-05 02:55	43520	------w-	c:\windows\system32\licmgr10.dll
2011-08-22 23:41 . 2011-04-05 02:55	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-08-22 11:58 . 2011-04-05 02:55	385024	------w-	c:\windows\system32\html.iec
2006-12-27 14:41 . 2006-12-27 14:41	36808256	-c--a-w-	c:\program files\iTunesSetup.exe
2005-12-26 13:32 . 2005-12-26 13:31	9350344	-c--a-w-	c:\program files\Install_MSN_Messenger.EXE
2005-04-17 18:22 . 2005-04-17 18:22	4354084	-c--a-w-	c:\program files\spybotsd13.exe
2005-04-17 18:02 . 2005-04-17 18:01	2636408	-c--a-w-	c:\program files\aawsepersonal.exe
2005-04-17 17:51 . 2005-04-17 17:50	2135885	-c--a-w-	c:\program files\washandgo.exe
2011-03-18 18:03 . 2011-04-06 12:07	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-11-16_08.25.02   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-11-16 11:54 . 2011-11-16 11:54	304416              c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-09-01 07:16	2532680	----a-w-	c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-09-01 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8523776]
"Cmaudio"="cmicnfg.cpl" [BU]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^RaConfig2500.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\RaConfig2500.lnk
backup=c:\windows\pss\RaConfig2500.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Menu Start^Programma's^Opstarten^Snelstart HP Image Zone.lnk]
path=c:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk
backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
2004-06-29 07:06	88363	----a-w-	c:\windows\AGRSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belgacom]
2008-05-29 08:18	202016	----a-r-	c:\program files\Belgacom\bin\sprtcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BySoft FreeRAM]
2007-09-28 12:32	318976	----a-w-	c:\program files\BySoft FreeRAM\FreeRAM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
cmicnfg.cpl [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
2010-10-14 08:11	487424	----a-w-	c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2005-02-16 21:11	49152	----a-w-	c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
2003-10-10 11:25	53248	----a-w-	c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-10 11:25	118784	----a-w-	c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2007-11-06 18:00	1626112	----a-w-	c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Snelkoppeling naar eigenschappenvenster voor High Definition Audio]
2004-03-17 14:10	61952	------w-	c:\windows\system32\Hdaudpropshortcut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"VSS"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Windows iLivid Toolbar\\Datamngr\\ToolBar\\dtUser.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [22-2-2011 7:13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [16-3-2011 15:03 32592]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [4-4-2011 23:59 297168]
R3 UKBFLT;UKBFLT;c:\windows\system32\drivers\UKBFLT.sys [7-4-2011 22:53 11672]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7-1-2011 5:41 248656]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [18-8-2011 0:33 7390560]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [8-2-2011 4:33 269520]
S2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [14-10-2011 15:43 12184]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [5-4-2011 20:56 196912]
S2 sprtsvc_belgacom;SupportSoft Sprocket Service (belgacom);c:\program files\Belgacom\bin\sprtsvc.exe [29-5-2008 9:18 202016]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [14-4-2011 20:28 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [10-2-2011 6:53 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [10-2-2011 6:53 27216]
S3 cmudax;C-Media High Definition Audio Interface;c:\windows\system32\drivers\cmudax.sys [4-4-2011 21:56 1272000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [25-8-2011 21:42 27064]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [26-8-2011 12:18 1025352]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - LBEEPKE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
mStart Page = hxxp://search.myheritage.com
TCP: DhcpNameServer = 192.168.1.1
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://photoservice.fujicolor.eu/ips-opdata/objects/jordan.cab
FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\jovr3r8p.default\
FF - prefs.js: browser.search.selectedEngine - Search Results
FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=119&systemid=406&sr=0&q=
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-18 10:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2011-11-18  10:15:34
ComboFix-quarantined-files.txt  2011-11-18 09:15
ComboFix2.txt  2011-11-17 10:03
ComboFix3.txt  2011-11-16 08:28
.
Pre-Run: 57.775.448.064 bytes beschikbaar
Post-Run: 57.783.930.880 bytes beschikbaar
.
- - End Of File - - 4D1EC1955C9CA548D9D5BCC700C1583C