ComboFix 09-09-02.02 - Eigenaar 03/09/2009 14:23.1.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.32.1043.18.1016.673 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Eigenaar\Application Data\inst.exe
c:\windows\Installer\bdf1355.msi

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


((((((((((((((((((((   Bestanden Gemaakt van 2009-08-03 to 2009-09-03  ))))))))))))))))))))))))))))))
.

2009-09-02 17:08 . 2009-09-02 17:08	--------	d-----w-	c:\program files\Trend Micro
2009-09-02 11:27 . 2009-04-21 18:59	12576	----a-w-	c:\windows\system32\drivers\TfKbMon.sys
2009-09-02 11:24 . 2009-09-02 20:28	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\vlc
2009-09-01 13:08 . 2009-09-03 12:04	--------	d--h--r-	c:\documents and settings\Eigenaar\Onlangs geopend
2009-08-31 19:27 . 2002-08-14 13:03	4672	----a-w-	c:\windows\system\WOWPOST.EXE
2009-08-31 19:27 . 2002-08-14 13:03	5600	----a-w-	c:\windows\system\WINASPI.DLL
2009-08-31 19:27 . 2002-08-14 13:03	45056	----a-w-	c:\windows\system32\WNASPI32.DLL
2009-08-31 19:27 . 2002-08-14 13:03	17005	----a-w-	c:\windows\system32\drivers\ASPI32.SYS
2009-08-31 19:27 . 2009-08-31 19:27	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\Symantec
2009-08-31 19:26 . 2009-08-31 19:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2009-08-25 18:12 . 2009-08-25 18:12	--------	d-----w-	c:\program files\Xvid
2009-08-25 18:12 . 2009-06-07 14:24	180224	----a-w-	c:\windows\system32\xvidvfw.dll
2009-08-25 18:12 . 2009-06-07 14:16	819200	----a-w-	c:\windows\system32\xvidcore.dll
2009-08-22 12:20 . 2009-08-22 12:20	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\Canon
2009-08-22 12:18 . 2009-08-22 12:18	--------	d-----w-	c:\program files\Canon
2009-08-22 12:17 . 2009-08-22 12:17	--------	d-----w-	c:\program files\ArcSoft
2009-08-22 12:17 . 1995-08-01 02:44	212480	----a-w-	c:\windows\PCDLIB32.DLL
2009-08-22 12:16 . 2005-02-28 11:20	57344	----a-w-	c:\windows\system32\CNQU110.DLL
2009-08-22 12:16 . 2009-08-22 12:16	--------	d--h--w-	C:\CanoScan
2009-08-22 12:16 . 2005-06-23 20:17	352256	----a-w-	c:\windows\system32\CNQL1213.DLL
2009-08-22 09:23 . 2006-03-24 17:14	33536	----a-w-	c:\windows\system32\drivers\a38usb.sys
2009-08-22 09:23 . 2005-08-09 18:10	110592	----a-w-	c:\windows\system32\usbr38.dll
2009-08-21 11:43 . 2009-08-21 11:44	--------	d-----w-	c:\windows\system32\NtmsData
2009-08-04 19:10 . 2009-08-04 19:10	--------	d-----w-	c:\windows\system32\AGEIA
2009-08-04 19:10 . 2009-08-04 19:10	--------	d-----w-	c:\program files\AGEIA Technologies
2009-08-04 19:09 . 2009-08-04 19:09	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 12:09 . 2009-03-13 15:39	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-09-03 12:05 . 2009-03-13 15:39	--------	d-----w-	c:\program files\Spyware Doctor
2009-09-03 11:41 . 2009-03-13 13:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-09-01 19:46 . 2009-09-01 19:46	7396	----a-w-	c:\windows\system32\drivers\pctcore.cat
2009-09-01 19:46 . 2009-03-13 15:39	206256	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2009-09-01 18:29 . 2009-03-13 13:04	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\uTorrent
2009-09-01 12:53 . 2009-04-10 11:49	--------	d-----w-	c:\program files\Roxio
2009-09-01 12:50 . 2009-04-10 11:49	--------	d-----w-	c:\program files\Common Files\Roxio Shared
2009-09-01 12:33 . 2009-05-31 14:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\Nero
2009-09-01 11:58 . 2009-04-29 20:45	--------	d-----w-	c:\program files\Common Files\Nero
2009-08-22 21:16 . 2009-05-10 08:51	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\U3
2009-08-22 12:18 . 2009-03-13 12:02	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-08-17 14:36 . 2009-03-13 12:58	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-08-17 14:36 . 2009-03-13 12:58	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 14:36 . 2009-03-13 12:58	335240	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-08-13 16:14 . 2009-06-28 18:34	--------	d-----w-	c:\program files\Songbird
2009-08-08 20:47 . 2009-04-11 20:13	--------	d-----w-	c:\program files\SystemRequirementsLab
2009-08-08 20:46 . 2009-04-11 20:13	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\SystemRequirementsLab
2009-08-03 11:36 . 2009-03-13 13:03	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2009-03-13 13:03	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-29 10:54 . 2009-07-22 18:42	--------	d-----w-	c:\program files\Common Files\Blizzard Entertainment
2009-07-28 16:16 . 2009-07-28 16:06	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\DAEMON Tools Lite
2009-07-28 16:13 . 2009-07-28 16:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-07-28 16:13 . 2009-07-28 16:13	--------	d-----w-	c:\program files\DAEMON Tools Lite
2009-07-28 16:06 . 2009-07-28 16:06	721904	----a-w-	c:\windows\system32\drivers\sptd.sys
2009-07-27 20:01 . 2009-07-27 20:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\Trymedia
2009-07-27 19:59 . 2009-07-27 19:59	--------	d-----w-	c:\program files\BFG
2009-07-26 12:05 . 2009-04-03 18:37	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\Vso
2009-07-18 20:13 . 2009-04-28 19:26	--------	d-----w-	c:\documents and settings\Eigenaar\Application Data\dvdcss
2009-06-10 18:50 . 2009-03-13 18:32	77994	----a-w-	c:\windows\system32\perfc013.dat
2009-06-10 18:50 . 2009-03-13 18:32	459606	----a-w-	c:\windows\system32\perfh013.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" [2003-09-11 99840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"EPSON Stylus Photo R200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE" [2003-09-11 99840]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-11-16 226224]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2003-06-10 55296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "c:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 14:36	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Belkin F5D8053 N Wireless USB Adapter Utility.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Belkin F5D8053 N Wireless USB Adapter Utility.lnk
backup=c:\windows\pss\Belkin F5D8053 N Wireless USB Adapter Utility.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"wuauserv"=2 (0x2)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"Nero BackItUp Scheduler 3"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"Boonty Games"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [13-3-2009 17:39 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [13-3-2009 17:52 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [13-3-2009 17:52 39200]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13-3-2009 14:58 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13-3-2009 14:58 108552]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [13-3-2009 17:40 159600]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [13-3-2009 14:58 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [15-3-2009 13:40 297752]
R2 AWISp50;AWISp50 NDIS Protocol Driver;c:\windows\system32\drivers\AWISp50.sys [15-3-2006 16:35 17664]
R2 wmcmgc;Windows Management Configuration;c:\windows\System32\svchost.exe -k netsvcs [13-3-2009 20:31 14336]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [28-7-2007 14:50 517632]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [22-8-2009 11:23 33536]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [13-3-2009 17:39 64392]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [13-3-2009 17:39 348752]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [13-3-2009 17:52 33056]
S3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
wmcmgc
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.zdnet.be/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\lskv9udy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.zdnet.be
FF - component: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\lskv9udy.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Eigenaar\Application Data\Mozilla\Firefox\Profiles\lskv9udy.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Eigenaar\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-03 14:33
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(760)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\scardsvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2009-09-03 14:37 - machine werd herstart
ComboFix-quarantined-files.txt  2009-09-03 12:37

Pre-Run: 107.647.270.912 bytes beschikbaar
Post-Run: 107.561.771.008 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

204