ComboFix 09-11-29.06 - erw 30/11/2009 17:47.1.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.511.101 [GMT 1:00]
Gestart vanuit: c:\documents and settings\erw\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\install.exe

.
((((((((((((((((((((   Bestanden Gemaakt van 2009-10-28 to 2009-11-30  ))))))))))))))))))))))))))))))
.

2009-11-28 16:56 . 2009-11-28 16:56	4045528	----a-w-	c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-22 16:01 . 2009-11-22 16:01	--------	d-----w-	c:\program files\MSECache
2009-11-22 10:28 . 2009-11-22 10:28	--------	d-----w-	C:\FOUND.005
2009-11-14 19:59 . 2009-11-14 19:59	--------	d-----w-	c:\program files\Microsoft Silverlight
2009-11-11 16:22 . 2009-11-11 16:19	2064152	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-11 16:22 . 2009-11-11 16:19	3513624	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-11 16:22 . 2009-11-11 16:19	2028312	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-11 16:17 . 2009-11-09 16:35	1142552	----a-w-	c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-11-09 19:21 . 2009-11-09 19:21	--------	d--h--r-	c:\documents and settings\erw\Onlangs geopend
2009-11-09 18:06 . 2009-11-09 18:06	--------	d-----w-	c:\documents and settings\erw\Local Settings\Application Data\Promosoft Corporation
2009-11-09 17:50 . 2009-11-09 17:50	--------	d-----w-	c:\program files\Common Files\PC Tools
2009-11-09 17:09 . 2009-09-02 10:58	1107200	----a-w-	c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-11-09 17:01 . 2009-11-09 17:01	--------	d-----w-	C:\FOUND.004
2009-11-09 16:35 . 2009-11-09 16:35	11952	----a-w-	c:\windows\system32\avgrsstx.dll
2009-11-09 16:35 . 2009-11-09 16:35	108552	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2009-11-09 16:35 . 2009-11-09 16:35	335240	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2009-11-09 16:35 . 2009-11-09 16:35	27784	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2009-11-09 16:35 . 2009-11-09 16:35	--------	d-----w-	c:\windows\system32\drivers\Avg
2009-11-09 16:35 . 2009-11-09 16:35	--------	d-----w-	c:\program files\AVG
2009-11-08 11:34 . 2009-11-08 11:34	--------	d-----w-	C:\AVGTemp
2009-11-04 10:49 . 2009-11-04 10:49	--------	d-----w-	c:\documents and settings\erw\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 07:42 . 2005-04-01 16:48	66328	----a-w-	c:\documents and settings\erw\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-02 19:42 . 2009-10-04 18:03	195456	------w-	c:\windows\system32\MpSigStub.exe
2009-10-17 16:23 . 2009-10-17 16:23	--------	d-----w-	c:\documents and settings\erw\Application Data\Media Player Classic
2009-10-07 14:38 . 2009-10-07 14:38	--------	d-----w-	c:\program files\K-Lite Codec Pack
2009-10-04 19:57 . 2009-10-04 19:57	--------	d-----w-	c:\program files\CCleaner
2009-09-11 15:20 . 1979-12-31 23:00	136192	----a-w-	c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-08-11 10:37	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-08-11 10:37	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-09-04 22:05 . 1979-12-31 23:00	58880	----a-w-	c:\windows\system32\msasn1.dll
2009-09-02 10:11 . 2009-09-02 10:11	152576	----a-w-	c:\documents and settings\erw\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-11 10:34 . 2009-08-11 10:34	3942048	----a-w-	c:\program files\mbam-setup.exe
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-09-02 10:58	1107200	----a-w-	c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-02 68856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"preload"="c:\windows\RUNXMLPL.exe" [2004-04-20 40960]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-07 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-07 536576]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2004-08-06 32768]
"PowerKey"="c:\program files\Launch Manager\PowerKey.exe" [2002-08-30 94208]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2004-07-15 49152]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2004-01-28 184320]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2004-09-08 245760]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2004-08-13 73728]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-13 4141056]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-16 114688]
"AudioDeck"="c:\program files\VIAudioi\SBADeck\ADeck.exe" [2004-04-19 7916032]
"Omnipage"="c:\program files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 49152]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 63712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-26 2029336]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2004-06-22 143360]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-09-01 53248]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-13 880640]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2003-07-25 88363]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-09 16:35	11952	----a-w-	c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MsnMsgr.Exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9/11/2009 17:35 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9/11/2009 17:35 108552]
R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [23/04/2007 18:08 81688]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [9/11/2009 17:35 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9/11/2009 17:35 297752]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [9/11/2009 18:50 583640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 18:19 13592]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.SYS [2/01/2003 22:53 2343]
S1 mailKmd;mailKmd; [x]
S3 IPN2220;acer IPN2220 Wireless LAN Card Driver;c:\windows\system32\drivers\i2220ntx.sys [18/09/2004 2:33 140288]
.
Inhoud van de 'Gedeelde Taken' map

2009-11-30 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2005-04-07 15:46]

2009-11-30 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-11-02 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Bijkomende Scan -------
.
mWindow Title = Telenet Internet
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.telenet.be/sys/tisp/ocx/PlaNetSysInfo.cab
.
- - - - ORPHANS VERWIJDERD - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvudisp.exe UninstallGUI
AddRemove-Windows Live Toolbar - c:\program files\Windows Live Toolbar\UnInstall.exe {CE0E8D6F-1F0A-433A-98E1-2096568E968F}



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-30 17:58
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-860090644-83117623-3436304734-1005\Software\Microsoft\Protected Storage System Provider\S-1-5-21-860090644-83117623-3436304734-1005\Data\220d5cd0-853a-11d0-84bc-00c04fd43f8f\220d5cd1-853a-11d0-84bc-00c04fd43f8f\01c2e37c6fd61ba8*ŽÝ*ÜŽÝ*ÜŽÝ*(*]
"Behavior"=hex:02,00,00,00,02,00,00,00,10,00,00,00,57,00,69,00,6e,00,64,00,6f,
   00,77,00,73,00,00,00,14,00,00,00,1b,37,4d,89,e6,d3,6f,a8,c3,48,77,9d,12,e1,\
"Item Data"=hex:02,00,00,00,18,00,00,00,b3,2f,51,f6,e6,44,c7,33,ba,f0,2d,4a,b0,
   0a,9e,07,5d,69,ed,3f,f9,b2,a6,ce,30,00,00,00,05,18,e1,60,0e,cc,be,a6,c7,3c,\
.
Voltooingstijd: 2009-11-30 18:00
ComboFix-quarantined-files.txt  2009-11-30 17:00

Pre-Run: 1.762.000.896 bytes beschikbaar
Post-Run: 2.685.501.440 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect

- - End Of File - - 9C8B30DC8CA5AF63B313AB39207004DB