ComboFix 10-07-23.02 - ACER 24/07/2010  12:00:56.2.1 - FAT32x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.1022.144 [GMT 2:00]
Gestart vanuit: c:\documents and settings\ACER\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\ACER\LOCALS~1\Temp\IadHide4.dll
c:\docume~1\ACER\LOCALS~1\Temp\jna6947345569929727865.tmp
c:\documents and settings\ACER\Local Settings\temp\IadHide4.dll
c:\documents and settings\ACER\Local Settings\temp\jna6947345569929727865.tmp
.
---- Voorgaande Run -------
.
c:\docume~1\ACER\LOCALS~1\Temp\IadHide4.dll
c:\docume~1\ACER\LOCALS~1\Temp\jna6440936240927950404.tmp
c:\documents and settings\ACER\Application Data\3236D40434C92EBA1BC5B56D3BD29906\enemies-names.txt
c:\documents and settings\ACER\Application Data\3236D40434C92EBA1BC5B56D3BD29906\local.ini
c:\documents and settings\ACER\Application Data\3236D40434C92EBA1BC5B56D3BD29906\lsrslt.ini
c:\documents and settings\ACER\Local Settings\Temp\IadHide4.dll
c:\documents and settings\ACER\Local Settings\Temp\jna6440936240927950404.tmp
c:\program files\Securityessentials2010\SE2010.exe
c:\windows\g32.txt
c:\windows\system32\helpers32.dll
c:\windows\system32\winlogon32.exe

-- Voorgaande Run --

c:\windows\system32\drivers\null.sys was verdwenen 
Hersteld exemplaar van - c:\windows\system32\dllcache\null.sys

--------

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASPIMGR


((((((((((((((((((((   Bestanden Gemaakt van 2010-06-24 to 2010-07-24  ))))))))))))))))))))))))))))))
.

2010-07-23 21:48 . 2010-07-23 21:48	--------	d-----w-	c:\program files\iPod
2010-07-23 21:48 . 2010-07-23 21:48	--------	d-----w-	c:\program files\iTunes
2010-07-23 21:48 . 2010-07-23 21:48	--------	d-----w-	c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-23 21:44 . 2010-07-23 21:44	--------	d-----w-	c:\program files\QuickTime
2010-07-23 21:39 . 2010-07-23 21:39	--------	d-----w-	c:\program files\Bonjour
2010-07-23 21:36 . 2010-07-23 21:36	73000	----a-w-	c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.1.5\SetupAdmin.exe
2010-07-23 20:37 . 2004-08-04 03:00	2944	----a-w-	c:\windows\system32\drivers\null.sys
2010-07-23 20:37 . 2004-08-04 03:00	2944	----a-w-	c:\windows\system32\dllcache\null.sys
2010-07-23 15:38 . 2010-07-23 15:38	242896	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-07-23 15:38 . 2010-07-23 15:38	216200	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-07-23 15:38 . 2010-07-23 15:38	12536	----a-w-	c:\windows\system32\avgrsstx.dll
2010-07-23 15:37 . 2010-07-23 15:37	813336	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-07-23 15:37 . 2010-07-23 15:37	624920	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-07-23 15:37 . 2010-07-23 15:37	1690464	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-07-23 15:37 . 2010-07-23 15:37	1038688	----a-w-	c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-07-23 15:25 . 2010-07-23 15:25	--------	d-sh--w-	c:\windows\system32\config\systemprofile\IETldCache
2010-07-09 19:04 . 2010-07-09 19:04	41872	----a-w-	c:\windows\system32\xfcodec.dll
2010-07-08 15:56 . 2010-07-08 15:56	388096	----a-r-	c:\documents and settings\ACER\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-08 11:28 . 2010-07-08 11:28	--------	d-----w-	c:\documents and settings\ACER\Application Data\Malwarebytes
2010-07-08 11:27 . 2010-07-08 11:27	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-08 11:05 . 2010-07-08 11:05	--------	d-----w-	c:\program files\Trend Micro
2010-06-30 12:57 . 2010-06-30 12:57	--------	d-----w-	c:\documents and settings\ACER\Application Data\vlc
2010-06-24 12:24 . 2010-06-24 12:24	--------	d-----w-	c:\documents and settings\ACER\Application Data\DVDVideoSoftIEHelpers
2010-06-24 12:23 . 2010-06-24 12:23	--------	d-----w-	c:\program files\DVDVideoSoft
2010-06-24 12:23 . 2010-06-24 12:23	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 15:38 . 2010-01-10 19:32	243024	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-07-23 15:38 . 2010-01-10 19:32	216400	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-07-08 15:38 . 2008-10-09 15:20	214520	----a-w-	c:\windows\system32\PnkBstrB.exe
2010-07-08 15:34 . 2008-10-09 15:20	137464	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2010-07-07 16:08 . 2010-07-07 16:08	12	----a-w-	c:\documents and settings\NetworkService\Application Data\hwzypv.dat
2010-06-23 16:22 . 2005-01-27 07:22	93146	----a-w-	c:\windows\system32\perfc013.dat
2010-06-23 16:22 . 2005-01-27 07:22	514030	----a-w-	c:\windows\system32\perfh013.dat
2010-06-03 14:05 . 2010-01-10 19:32	29584	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 11:13 . 2008-10-15 11:25	90352	----a-w-	c:\documents and settings\ACER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-29 08:32 . 2010-05-29 08:32	--------	d-----w-	c:\program files\MSECache
2010-05-24 09:53 . 2010-05-24 09:53	503808	----a-w-	c:\documents and settings\ACER\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-78a9f577-n\msvcp71.dll
2010-05-24 09:53 . 2010-05-24 09:53	499712	----a-w-	c:\documents and settings\ACER\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-78a9f577-n\jmc.dll
2010-05-24 09:53 . 2010-05-24 09:53	348160	----a-w-	c:\documents and settings\ACER\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-78a9f577-n\msvcr71.dll
2010-05-18 14:35 . 2010-05-18 14:35	91424	----a-w-	c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35	75040	----a-w-	c:\windows\system32\jdns_sd.dll
2010-05-18 14:35 . 2010-05-18 14:35	197920	----a-w-	c:\windows\system32\dnssdX.dll
2010-05-18 14:35 . 2010-05-18 14:35	107808	----a-w-	c:\windows\system32\dns-sd.exe
2010-05-06 10:37 . 2005-07-03 01:17	916480	----a-w-	c:\windows\system32\wininet.dll
2010-05-02 08:10 . 2005-03-02 17:09	1851392	----a-w-	c:\windows\system32\win32k.sys
2008-11-13 17:33 . 2008-11-13 17:30	10268	----a-w-	c:\program files\pbgame.htm
2008-11-13 17:30 . 2008-11-13 17:30	35	----a-w-	c:\program files\pbuser.htm
2008-11-12 14:10 . 2008-11-13 17:28	846336	----a-w-	c:\program files\pbsetup.exe
.

------- Sigcheck -------

[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys

c:\windows\System32\drivers\beep.sys ... is niet aanwezig !!
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2004-06-01 196608]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-10-11 20480]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-06-30 322352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-01 7110656]
"nwiz"="nwiz.exe" [2005-08-01 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 148888]
"AspireService"="c:\program files\Acer\Acer eMode Management\AspireService.exe" [2005-09-29 114688]
"MediaSync"="c:\program files\Acer\Acer eConsole\MediaSync.exe" [2005-09-21 425984]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-10-31 393216]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2004-05-21 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-06-01 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-06-01 217088]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-08-05 647520]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2009-06-04 2056192]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-23 2065760]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\ACER\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-12 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-10-11 450560]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"c:\\WINDOWS\\System32\\mmc.exe"=
"c:\\WINDOWS\\System32\\PnkBstrA.exe"=
"c:\\WINDOWS\\System32\\PnkBstrB.exe"=
"c:\\Program Files\\Wolfenstein - Enemy Territory 2.60b\\ET.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/01/2010 21:32 216400]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/01/2010 21:32 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [23/07/2010 17:38 308136]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [6/11/2009 13:35 33536]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - INT15.SYS
*Deregistered* - efuve
.
Inhoud van de 'Gedeelde Taken' map

2010-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-07-24 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2010-07-23 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Settings,ProxyOverride = localhost;*.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\documents and settings\ACER\Application Data\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\0c9fy2um.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ACER\Application Data\Mozilla\Firefox\Profiles\0c9fy2um.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptidfusionplugin.dll
FF - plugin: c:\program files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-24 12:09
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\efuve]

.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(3968)
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\nl.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\System32\SCardSvr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Acer\Acer eConsole\MediaServerService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Java\jre6\bin\jucheck.exe
.
**************************************************************************
.
Voltooingstijd: 2010-07-24  12:17:52 - machine werd herstart
ComboFix-quarantined-files.txt  2010-07-24 10:17

Pre-Run: 15.170.273.280 bytes beschikbaar
Post-Run: 15.211.069.440 bytes beschikbaar

- - End Of File - - 421F960D2D89CBAEE3F86D1C869D78F9