ComboFix 09-03-15.01 - Claudine Liezen 2009-03-18 11:22:02.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1043.18.447.150 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Claudine Liezen\Bureaublad\ComboFix.exe
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Outdated)
AV: AntiVir PersonalEdition Classic Virus Protection *On-access scanning enabled* (Updated)
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
 * Nieuw herstelpunt werd aangemaakt
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\resycled
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\prsgrc.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-02-18 to 2009-03-18  ))))))))))))))))))))))))))))))
.

2009-03-18 10:09 . 2009-03-18 10:09	<DIR>	d--------	c:\program files\Trend Micro
2009-03-16 21:04 . 2009-03-18 10:12	<DIR>	dr-h-----	c:\documents and settings\Claudine Liezen\Onlangs geopend
2009-03-15 21:47 . 2009-01-18 22:35	15,688	--a------	c:\windows\system32\lsdelete.exe
2009-03-15 20:47 . 2009-01-18 22:30	64,160	--a------	c:\windows\system32\drivers\Lbd.sys
2009-03-15 20:12 . 2009-03-15 20:12	<DIR>	d--h-c---	c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-15 20:11 . 2009-03-15 20:11	<DIR>	d--------	c:\program files\Lavasoft
2009-03-15 20:11 . 2009-03-15 20:49	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-15 18:58 . 2009-03-15 19:00	<DIR>	d--------	c:\program files\GV_Killer
2009-03-15 18:56 . 2009-03-15 18:56	<DIR>	d--------	C:\deljob
2009-03-15 18:41 . 2009-03-15 18:41	<DIR>	d--------	c:\program files\CCleaner
2009-03-14 09:46 . 2009-03-14 09:46	<DIR>	d--------	c:\program files\Common Files\Windows Live
2009-03-14 09:45 . 2009-03-14 09:45	<DIR>	d--------	c:\program files\pingfordless
2009-03-14 09:45 . 2009-03-14 09:45	<DIR>	d--------	c:\program files\Messenger Plus! Live
2009-03-14 09:45 . 2009-03-15 20:36	<DIR>	d--------	c:\program files\Circle Developeent
2009-03-14 09:45 . 2009-03-15 20:10	<DIR>	d--------	c:\documents and settings\Claudine Liezen\Application Data\pingfordless
2009-03-14 09:45 . 2009-03-15 20:06	<DIR>	d--------	c:\documents and settings\All Users\Application Data\title 64 default software
2009-03-14 09:45 . 2009-03-14 09:45	<DIR>	d--------	c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-12 15:47 . 2009-03-12 15:48	<DIR>	d--------	c:\documents and settings\Claudine Liezen\Application Data\Belastingdienst
2009-03-12 15:46 . 2009-03-12 15:46	<DIR>	d--------	c:\program files\Belastingdienst
2009-03-03 21:18 . 2009-03-03 21:18	<DIR>	d--------	c:\program files\Free PDF to Word Doc Converter

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-16 20:40	---------	d-----w	c:\documents and settings\All Users\Application Data\Hitman Pro 3
2009-03-16 19:53	---------	d-----w	c:\program files\Java
2009-03-16 19:48	---------	d-----w	c:\program files\NCH Swift Sound
2009-03-16 19:47	---------	d-----w	c:\documents and settings\All Users\Application Data\Albumprinter Editor
2009-03-16 19:37	---------	d-----w	c:\program files\TuneUp Utilities 2009
2009-03-16 18:16	---------	d-----w	c:\program files\LimeWire
2009-03-16 18:14	---------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-03-12 05:57	---------	d-----w	c:\documents and settings\Claudine Liezen\Application Data\uTorrent
2009-01-27 16:00	603,904	----a-w	c:\windows\system32\TUProgSt.exe
2009-01-27 15:59	---------	d-sh--w	c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-01-27 15:53	---------	d-----w	c:\program files\Common Files\InstallShield
2009-01-27 15:52	---------	d--h--w	c:\program files\InstallShield Installation Information
2009-01-27 14:31	410,984	----a-w	c:\windows\system32\deploytk.dll
2009-01-26 17:55	---------	d-----w	c:\documents and settings\All Users\Application Data\Hitman Pro
2009-01-26 17:29	---------	d-----w	c:\program files\Hitman Pro 3
2009-01-26 17:05	---------	d-----w	c:\program files\Avira
2009-01-26 17:05	---------	d-----w	c:\documents and settings\All Users\Application Data\Avira
2009-01-22 17:45	---------	d-----w	c:\documents and settings\All Users\Application Data\DVD Shrink
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-06-14 180269]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-18 506712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-27 136600]
"VTTimer"="VTTimer.exe" [2005-11-09 c:\windows\system32\VTTimer.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-05-14 c:\windows\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]SsiEfr.e

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"NBJ"="c:\documents and settings\Claudine Liezen\Bureaublad\nero 6\Nero BackItUp\NBJ.exe"
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Screamer Radio\\screamer.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"=
"c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-03-15 64160]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2007-06-15 16512]
S3 Ca533av;Digital Camera, WDM Video Capture;c:\windows\system32\drivers\Ca533av.sys [2006-03-28 528917]
S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
S3 s3chipid;s3chipid;\??\c:\docume~1\CLAUDI~1\LOCALS~1\Temp\s3chipid.sys --> c:\docume~1\CLAUDI~1\LOCALS~1\Temp\s3chipid.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2009-02-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-03-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]

2009-03-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-18 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]

2005-07-28 c:\windows\Tasks\Herinnering voor registratie 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 18:03]

2005-08-03 c:\windows\Tasks\Herinnering voor registratie 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 18:03]

2005-07-27 c:\windows\Tasks\Herinnering voor registratie 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2008-04-14 18:03]

2009-03-18 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\Yogho\RegCure\RegCure.exe [2008-04-21 22:21]

2009-03-12 c:\windows\Tasks\RegCure.job
- c:\program files\Yogho\RegCure\RegCure.exe [2008-04-21 22:21]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = <local>;*.local
IE: &ICQ Toolbar Search - c:\program files\ICQToolbar\toolbaru.dll/SEARCH.HTML
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Openen in een nieuwe achtergrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/229?2040027a18374663bec0ad5fe8da0337
IE: Openen in een nieuwe voorgrondtab - c:\program files\Windows Live Toolbar\Components\nl-nl\msntabres.dll.mui/230?2040027a18374663bec0ad5fe8da0337
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-18 11:25:07
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2009-03-18 11:27:06
ComboFix-quarantined-files.txt  2009-03-18 10:26:52

Pre-Run: 127.542.149.120 bytes beschikbaar
Post-Run: 127,598,895,104 bytes beschikbaar

Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
185	--- E O F ---	2008-12-19 23:59:55