ComboFix 09-03-01.01 - Erik 2009-03-02 11:45:59.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.31.1043.18.1023.669 [GMT 1:00]
Gestart vanuit: d:\download\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
 * Nieuw herstelpunt werd aangemaakt
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
D:\Autorun.inf
E:\Autorun.inf

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-02-02 to 2009-03-02  ))))))))))))))))))))))))))))))
.

2009-03-01 20:23 . 2009-03-01 20:23	<DIR>	d--------	c:\documents and settings\All Users\Application Data\nView_Profiles
2009-03-01 14:46 . 2005-09-25 19:11	10,752	--a------	c:\windows\system32\ImageDrive.cpl
2009-02-28 20:24 . 2009-03-02 00:01	<DIR>	d--hs----	c:\documents and settings\Erik\Onlangs geopend
2009-02-28 18:37 . 2009-02-28 18:37	<DIR>	d--------	c:\program files\Malwarebytes' Anti-Malware
2009-02-28 18:37 . 2009-02-28 18:37	<DIR>	d--------	c:\documents and settings\Erik\Application Data\Malwarebytes
2009-02-28 18:37 . 2009-02-28 18:37	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-28 18:37 . 2009-02-11 10:19	38,496	--a------	c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-28 18:37 . 2009-02-11 10:19	15,504	--a------	c:\windows\system32\drivers\mbam.sys
2009-02-28 14:29 . 2009-02-28 14:33	<DIR>	d--------	C:\k7update
2009-02-28 14:29 . 2009-02-28 14:29	<DIR>	d--------	c:\documents and settings\Erik\Application Data\gnupg
2009-02-27 12:56 . 2009-02-27 12:56	<DIR>	d--------	c:\documents and settings\Erik\Application Data\dvdcss
2009-02-27 11:54 . 2009-02-27 11:31	15,688	--a------	c:\windows\system32\lsdelete.exe
2009-02-27 11:31 . 2009-02-27 11:31	<DIR>	d----c---	c:\windows\system32\DRVSTORE
2009-02-27 11:31 . 2009-02-27 11:31	64,160	--a------	c:\windows\system32\drivers\Lbd.sys
2009-02-27 11:28 . 2009-02-27 11:28	<DIR>	d--------	c:\program files\Lavasoft
2009-02-27 11:28 . 2009-02-27 11:31	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-27 11:28 . 2009-02-27 11:28	<DIR>	d--h-c---	c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-27 10:35 . 2009-02-27 10:35	<DIR>	d--------	c:\program files\Spybot - Search & Destroy
2009-02-27 10:35 . 2009-03-01 12:28	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 10:24 . 2009-03-01 22:34	<DIR>	d--------	c:\program files\Ant Movie Catalog
2009-02-26 20:31 . 2009-02-26 20:32	<DIR>	d--------	c:\documents and settings\Erik\Application Data\vlc
2009-02-26 20:30 . 2009-03-01 23:57	116	--a------	c:\windows\NeroDigital.ini
2009-02-26 20:18 . 2009-02-26 20:18	2,359,350	--a------	c:\windows\BricoPack Wallpaper.bmp
2009-02-26 20:18 . 2009-02-26 20:18	65,109	--a------	c:\windows\BricoPackUninst.cmd
2009-02-26 20:16 . 2009-02-26 20:18	6,112	--a------	c:\windows\BricoPackFoldersDelete.cmd
2009-02-26 20:15 . 2009-02-26 20:15	<DIR>	d--------	c:\windows\BricoPacks
2009-02-26 20:07 . 2009-02-26 20:07	<DIR>	d--------	c:\program files\CCleaner
2009-02-26 19:30 . 2009-03-01 14:42	<DIR>	d--------	c:\documents and settings\Erik\Application Data\Ahead
2009-02-26 19:28 . 2009-02-26 19:28	<DIR>	d--------	c:\program files\Nero
2009-02-26 19:28 . 2009-02-26 19:28	<DIR>	d--------	c:\program files\Common Files\Ahead
2009-02-26 19:25 . 2009-02-26 19:25	<DIR>	d--------	c:\program files\MSBuild
2009-02-26 19:25 . 2009-02-26 19:25	<DIR>	d--------	c:\program files\Microsoft Works
2009-02-26 19:21 . 2009-02-26 19:24	<DIR>	d--------	c:\windows\SHELLNEW
2009-02-26 19:20 . 2009-02-26 19:20	<DIR>	dr-h-----	C:\MSOCache
2009-02-26 19:10 . 2009-02-26 19:26	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-26 18:23 . 2009-02-26 18:23	<DIR>	d--------	c:\program files\VideoLAN
2009-02-26 18:16 . 2009-02-26 18:16	<DIR>	d--------	c:\program files\Common Files\Adobe
2009-02-26 18:14 . 2009-03-01 12:12	<DIR>	d--h-----	C:\$AVG8.VAULT$

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-26 19:18	219,136	----a-w	c:\windows\system32\uxtheme.dll
2009-02-26 10:59	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-02-26 10:59	---------	d-----w	c:\program files\D-Link
2009-02-26 10:59	---------	d-----w	c:\program files\ANI
2009-02-26 10:58	---------	d-----w	c:\documents and settings\Erik\Application Data\InstallShield
2009-02-26 10:57	325,128	----a-w	c:\windows\system32\drivers\avgldx86.sys
2009-02-26 10:57	107,272	----a-w	c:\windows\system32\drivers\avgtdix.sys
2009-02-26 10:57	10,520	----a-w	c:\windows\system32\avgrsstx.dll
2009-02-26 10:57	---------	d-----w	c:\program files\AVG
2009-02-26 10:57	---------	d-----w	c:\documents and settings\All Users\Application Data\avg8
2009-02-26 10:54	---------	d-----w	c:\program files\SiSLan
2009-02-26 10:54	---------	d-----w	c:\program files\Common Files\InstallShield
2009-02-26 10:32	---------	d-----w	c:\program files\microsoft frontpage
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-12-17 3059712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-26 1601304]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link RangeBooster N DWA-140"="c:\program files\D-Link\D-Link RangeBooster N DWA-140\AirNCFG.exe" [2007-08-20 1671168]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2005-09-25 155648]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-27 509784]
"SoundMan"="SOUNDMAN.EXE" [2004-11-15 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2003-12-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-02-26 11:57 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-27 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-26 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-26 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-26 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-26 298264]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2009-02-26 517632]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0689234f-0433-11de-9399-00030d162d5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4f4fc6b0-04ba-11de-939e-00030d162d5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f37eeb2b-03f2-11de-9396-00030d162d5c}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Wscript.exe /e:vbs winfile.jpg
.
Inhoud van de 'Gedeelde Taken' map

2009-02-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-27 11:31]
.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Erik\Application Data\Mozilla\Firefox\Profiles\j2ht7xrz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-02 11:47:38
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
Voltooingstijd: 2009-03-02 11:49:18
ComboFix-quarantined-files.txt  2009-03-02 10:49:15

Pre-Run: 9.445.400.576 bytes beschikbaar
Post-Run: 9,722,814,464 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

146