ComboFix 10-08-12.03 - Computer 13/08/2010  11:08:09.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.32.1043.18.511.290 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Computer\Bureaublad\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Computer\LOCALS~1\Temp\install_flash_player.exe

.
((((((((((((((((((((   Bestanden Gemaakt van 2010-07-13 to 2010-08-13  ))))))))))))))))))))))))))))))
.

2010-08-12 21:25 . 2010-08-12 21:25	388096	----a-r-	c:\documents and settings\Computer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-12 21:25 . 2010-08-12 21:25	--------	d-----w-	c:\program files\Trend Micro
2010-08-12 15:36 . 2010-08-12 15:36	--------	d-----w-	c:\documents and settings\Computer\Application Data\Malwarebytes
2010-08-12 14:55 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-12 14:55 . 2010-08-12 14:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-12 14:55 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-08-12 14:55 . 2010-08-12 14:56	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-08-10 09:07 . 2010-08-10 09:07	503808	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a55bf65-n\msvcp71.dll
2010-08-10 09:07 . 2010-08-10 09:07	499712	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a55bf65-n\jmc.dll
2010-08-10 09:07 . 2010-08-10 09:07	348160	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-6a55bf65-n\msvcr71.dll
2010-08-10 09:07 . 2010-08-10 09:07	61440	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5baa342a-n\decora-sse.dll
2010-08-10 09:07 . 2010-08-10 09:07	12800	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-5baa342a-n\decora-d3d.dll
2010-07-29 12:43 . 2010-07-17 03:00	423656	----a-w-	c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-12 15:08 . 2008-04-15 12:00	86022	----a-w-	c:\windows\system32\perfc013.dat
2010-08-12 15:08 . 2008-04-15 12:00	498912	----a-w-	c:\windows\system32\perfh013.dat
2010-08-07 16:45 . 2009-12-15 17:45	46	----a-w-	c:\documents and settings\Computer\jagex_runescape_preferences.dat
2010-08-07 16:45 . 2009-12-15 17:46	99	----a-w-	c:\documents and settings\Computer\jagex_runescape_preferences2.dat
2010-08-05 12:29 . 2009-10-24 11:52	--------	d-----w-	c:\documents and settings\Computer\Application Data\LimeWire
2010-08-02 12:40 . 2009-10-23 22:41	--------	d-----w-	c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-08-02 11:37 . 2009-10-24 10:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\CanonIJ
2010-07-29 13:02 . 2009-10-24 11:51	--------	d-----w-	c:\program files\Common Files\Java
2010-07-29 12:42 . 2009-10-24 11:51	--------	d-----w-	c:\program files\Java
2010-06-30 12:33 . 2008-04-15 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2010-06-29 10:40 . 2010-06-29 10:40	47472	----a-w-	c:\documents and settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-29 10:40 . 2010-03-06 11:12	--------	d-----w-	c:\program files\Microsoft Security Essentials
2010-06-24 12:27 . 2008-04-15 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-06-24 09:02 . 2008-04-15 12:00	1852032	----a-w-	c:\windows\system32\win32k.sys
2010-06-21 17:11 . 2009-10-23 22:22	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-06-21 15:27 . 2008-04-15 12:00	354304	----a-w-	c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-15 12:00	80384	----a-w-	c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2009-10-23 21:59	744448	----a-w-	c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:43 . 2008-04-15 12:00	1172480	----a-w-	c:\windows\system32\msxml3.dll
2010-06-01 17:37 . 2010-03-06 11:16	221568	------w-	c:\windows\system32\MpSigStub.exe
2010-05-24 19:38 . 2010-05-24 19:38	503808	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2729a8fc-n\msvcp71.dll
2010-05-24 19:38 . 2010-05-24 19:38	499712	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2729a8fc-n\jmc.dll
2010-05-24 19:38 . 2010-05-24 19:38	348160	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2729a8fc-n\msvcr71.dll
2010-05-24 19:38 . 2010-05-24 19:38	61440	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78f05a26-n\decora-sse.dll
2010-05-24 19:38 . 2010-05-24 19:38	12800	----a-w-	c:\documents and settings\Computer\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-78f05a26-n\decora-d3d.dll
2010-05-19 16:20 . 2010-05-19 16:20	96760	----a-w-	c:\windows\system32\90c67a0d.exe
2010-05-19 16:16 . 2010-05-19 16:16	2229	----a-w-	c:\windows\system32\3a78.vbs
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcWzrd"="ALCWZRD.EXE" [2005-06-29 2806272]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-23 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-17 767312]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-02-05 2056192]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06	976832	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04	35760	----a-w-	c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-10-23 22:10	133104	----atw-	c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 15:33	141600	----a-w-	c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-06-21 13:09	90112	----a-w-	c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-18 23:01	110592	----a-w-	c:\program files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SpaceQuery Service"=2 (0x2)
"SLService"=2 (0x2)
"ose"=3 (0x3)
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Bandoo Coordinator"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [8/10/2004 16:58 751104]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [14/02/2010 21:24 33536]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Inhoud van de 'Gedeelde Taken' map

2010-08-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1606980848-527237240-1003Core.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-23 22:10]

2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-73586283-1606980848-527237240-1003UA.job
- c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-23 22:10]

2010-08-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 19:40]

2010-08-13 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]
.
.
------- Bijkomende Scan -------
.
mSearch Bar = 
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Computer\Application Data\Mozilla\Firefox\Profiles\7sskj9f9.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchqu.com/
FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{50012027-8702-8c00-09e9-1de9969184b0}\components\bccb9b5b.dll
FF - plugin: c:\documents and settings\Computer\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS VERWIJDERD - - - -

MSConfigStartUp-Adparatus - c:\program files\Adparatus\Adparatus.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-13 11:13
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\hЦА|    дХА|∙Х9~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\Ati2evxx.dll
.
Voltooingstijd: 2010-08-13  11:15:27
ComboFix-quarantined-files.txt  2010-08-13 09:15

Pre-Run: 216.361.545.728 bytes beschikbaar
Post-Run: 218.158.706.688 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 6ED5ED862AF70BF538DFAD6EFB4F9386