ComboFix 09-06-13.09 - Johan De Jaeger 14/06/2009 10:08.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.32.1043.18.1023.578 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Johan De Jaeger\Bureaublad\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((   Bestanden Gemaakt van 2009-05-14 to 2009-06-14  ))))))))))))))))))))))))))))))
.

2009-06-11 15:03 . 2009-06-11 15:03	--------	d-sh--w-	c:\documents and settings\Johan De Jaeger\PrivacIE
2009-06-11 15:02 . 2009-06-11 15:02	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2009-06-11 06:09 . 2009-06-11 06:09	--------	d-sh--w-	c:\documents and settings\Johan De Jaeger\IETldCache
2009-06-11 06:07 . 2009-04-30 21:18	12800	-c----w-	c:\windows\system32\dllcache\xpshims.dll
2009-06-11 06:07 . 2009-04-30 21:17	246272	-c----w-	c:\windows\system32\dllcache\ieproxy.dll
2009-06-11 06:07 . 2009-06-11 06:07	--------	d-----w-	c:\windows\ie8updates
2009-06-11 06:06 . 2009-05-12 05:11	102912	-c----w-	c:\windows\system32\dllcache\iecompat.dll
2009-06-11 06:03 . 2009-06-11 06:06	--------	dc-h--w-	c:\windows\ie8
2009-06-08 11:38 . 2009-06-13 19:45	--------	d--h--r-	c:\documents and settings\Johan De Jaeger\Onlangs geopend
2009-06-08 11:32 . 2009-06-08 11:32	--------	d-----w-	c:\program files\CCleaner
2009-06-04 06:09 . 2009-05-26 11:20	40160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-04 06:08 . 2009-06-04 06:09	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-06-04 06:08 . 2009-05-26 11:19	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-06-04 06:05 . 2009-06-04 06:05	--------	d-----w-	c:\documents and settings\Johan De Jaeger\Application Data\Malwarebytes
2009-06-04 06:05 . 2009-06-04 06:05	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-03 05:43 . 2009-06-03 05:43	--------	d-----w-	c:\program files\Trend Micro
2009-06-02 16:45 . 2009-06-02 16:45	--------	d-----w-	c:\program files\Navigram
2009-05-29 08:01 . 2009-05-29 08:01	--------	d-----w-	c:\documents and settings\Johan De Jaeger\Local Settings\Application Data\The Weather Channel
2009-05-17 12:40 . 2009-05-17 12:40	--------	d-----w-	c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-13 17:03 . 2008-11-18 19:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Google Updater
2009-06-08 11:38 . 2006-06-11 17:18	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-07 17:32 . 2005-11-10 21:35	--------	d-----w-	c:\program files\Common Files\Adobe
2009-06-03 05:50 . 2005-11-10 13:52	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-05-30 12:44 . 2008-06-12 20:45	75096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-05-17 13:46 . 2005-11-14 22:59	95928	----a-w-	c:\documents and settings\Johan De Jaeger\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-13 05:06 . 2005-06-17 23:27	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-07 15:34 . 2003-04-08 12:00	347136	----a-w-	c:\windows\system32\localspl.dll
2009-04-29 08:17 . 2005-11-10 21:10	--------	d-----w-	c:\program files\Java
2009-04-29 08:17 . 2009-04-29 08:17	152576	----a-w-	c:\documents and settings\Johan De Jaeger\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-19 19:51 . 2003-04-08 12:00	1847296	----a-w-	c:\windows\system32\win32k.sys
2009-04-15 15:24 . 2003-04-08 12:00	82192	----a-w-	c:\windows\system32\perfc013.dat
2009-04-15 15:24 . 2003-04-08 12:00	468568	----a-w-	c:\windows\system32\perfh013.dat
2009-04-15 14:55 . 2004-03-06 02:19	585216	----a-w-	c:\windows\system32\rpcrt4.dll
2009-03-19 06:54 . 2009-03-19 06:54	152576	----a-w-	c:\documents and settings\Johan De Jaeger\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2008-08-09 10:54 . 2008-06-22 12:44	88	--sh--r-	c:\windows\system32\727EF40089.sys
2008-08-09 10:54 . 2008-06-22 12:30	2516	--sha-w-	c:\windows\system32\KGyGaAvL.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2006-01-11 190024]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-19 29744]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-07-18 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"PRISMSTA.EXE"="PRISMSTA.EXE" - c:\windows\system32\PRISMSTA.exe [2003-08-04 215552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Belkin F5D8053 N Wireless USB Adapter Utility.lnk - c:\program files\Belkin\F5D8053\Belkinwcui.exe [2007-9-17 1732608]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-1-14 525664]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\[u]0[/u]sprecovr \SystemRoot\sprecovr.txt

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Johan De Jaeger^Menu Start^Programma's^Opstarten^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Johan De Jaeger^Menu Start^Programma's^Opstarten^ubisoft register.lnk]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R3 PRISM_A00;PRISM 802.11g Driver;c:\windows\system32\drivers\PRISMA00.sys [10/11/2005 16:58 362688]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [28/07/2007 15:50 517632]
S0 lceahhd;lceahhd;c:\windows\system32\drivers\cpmxp.sys --> c:\windows\system32\drivers\cpmxp.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [17/03/2008 22:48 29744]
S3 s3m;s3m;c:\windows\system32\drivers\s3m.sys [14/11/2005 20:18 166720]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\svcntaux.exe [28/08/2007 10:08 729416]
S3 VNICPKT5;VNICPKT5 Protocol Driver;\??\c:\windows\System32\VNICPKT5.SYS --> c:\windows\System32\VNICPKT5.SYS [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Inhoud van de 'Gedeelde Taken' map

2009-06-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-11 21:04]
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl


.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Telenet Internet
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Easy-WebPrint Afdrukken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint Afdrukvoorbeeld - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Toevoegen aan afdruklijst - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint Versneld afdrukken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} - hxxp://www.navigram.com/engine/v911/Navigram.cab
FF - ProfilePath - 
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-14 10:14
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(964)
c:\windows\system32\WRLogonNTF.dll

- - - - - - - > 'explorer.exe'(3396)
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PSIService.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\CF11531.exe
c:\windows\system32\rundll32.exe
c:\program files\MSN Messenger\livecall.exe
c:\program files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Voltooingstijd: 2009-06-14 10:19 - machine werd herstart
ComboFix-quarantined-files.txt  2009-06-14 08:19

Pre-Run: 86.518.026.240 bytes beschikbaar
Post-Run: 87.238.025.216 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

169	--- E O F ---	2009-06-11 06:07