ComboFix 10-10-22.05 - Carine 24/10/2010  17:39:05.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.3.1252.31.1043.18.320.209 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Carine\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((   Bestanden Gemaakt van 2010-09-24 to 2010-10-24  ))))))))))))))))))))))))))))))
.

2010-10-17 18:59 . 2010-10-17 18:59	--------	d-----w-	c:\documents and settings\Carine\Application Data\Malwarebytes
2010-10-17 18:58 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 18:58 . 2010-10-17 18:58	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-10-17 18:58 . 2010-10-17 18:58	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 18:58 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-10-15 18:43 . 2010-10-15 18:43	--------	d-----w-	c:\documents and settings\Carine\Application Data\AVG10
2010-10-15 18:36 . 2010-10-15 18:36	--------	d--h--w-	c:\documents and settings\All Users\Application Data\Common Files
2010-10-15 18:36 . 2010-10-15 19:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-10-15 18:32 . 2010-10-16 11:06	--------	d-----w-	c:\windows\system32\drivers\AVG
2010-10-15 18:32 . 2010-10-15 18:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\AVG10
2010-10-15 18:18 . 2010-10-15 18:29	--------	d-----w-	c:\documents and settings\All Users\Application Data\MFAData
2010-10-15 17:31 . 2010-10-15 17:31	388096	----a-r-	c:\documents and settings\Carine\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-10-15 17:31 . 2010-10-15 17:31	--------	d-----w-	c:\program files\Trend Micro
2010-09-24 18:59 . 2010-10-15 18:03	--------	d-----w-	c:\documents and settings\Administrator

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 10:23 . 2008-04-18 12:00	974848	----a-w-	c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2008-04-18 12:00	974848	----a-w-	c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2008-04-18 12:00	954368	----a-w-	c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2008-04-18 12:00	953856	----a-w-	c:\windows\system32\mfc40u.dll
2010-09-13 14:27 . 2010-09-13 14:27	25680	----a-w-	c:\windows\system32\drivers\AVGIDSEH.sys
2010-09-10 05:52 . 2008-04-18 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-09-10 05:52 . 2008-04-18 12:00	43520	----a-w-	c:\windows\system32\licmgr10.dll
2010-09-10 05:52 . 2008-04-18 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-09-07 01:49 . 2010-09-07 01:49	298448	----a-w-	c:\windows\system32\drivers\avgtdix.sys
2010-09-07 01:48 . 2010-09-07 01:48	34384	----a-w-	c:\windows\system32\drivers\avgmfx86.sys
2010-09-07 01:48 . 2010-09-07 01:48	249424	----a-w-	c:\windows\system32\drivers\avgldx86.sys
2010-09-07 01:48 . 2010-09-07 01:48	26064	----a-w-	c:\windows\system32\drivers\avgrkx86.sys
2010-09-01 11:52 . 2008-04-18 12:00	285824	----a-w-	c:\windows\system32\atmfd.dll
2010-09-01 07:57 . 2008-04-18 12:00	1852928	----a-w-	c:\windows\system32\win32k.sys
2010-08-27 08:03 . 2008-04-18 12:00	119808	----a-w-	c:\windows\system32\t2embed.dll
2010-08-27 05:55 . 2008-04-18 12:00	99840	----a-w-	c:\windows\system32\srvsvc.dll
2010-08-27 01:43 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-08-26 13:39 . 2008-04-18 12:00	357248	----a-w-	c:\windows\system32\drivers\srv.sys
2010-08-23 16:13 . 2008-04-18 12:00	617472	----a-w-	c:\windows\system32\comctl32.dll
2010-08-19 19:42 . 2010-08-19 19:42	30288	----a-w-	c:\windows\system32\drivers\AVGIDSFilter.sys
2010-08-19 19:42 . 2010-08-19 19:42	123472	----a-w-	c:\windows\system32\drivers\AVGIDSDriver.sys
2010-08-19 19:42 . 2010-08-19 19:42	26192	----a-w-	c:\windows\system32\drivers\AVGIDSShim.sys
2010-08-17 13:17 . 2008-04-18 12:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 08:45 . 2008-04-18 12:00	590848	----a-w-	c:\windows\system32\rpcrt4.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2010-08-27 13:25	2565448	----a-w-	c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2010-08-27 2565448]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-22 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus XtremeG DWL-G122"="c:\program files\D-Link\AirPlus XtremeG DWL-G122\AirGCFG.exe" [2008-01-02 1552384]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2010-09-15 2745696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-18 15360]

c:\documents and settings\Carine\Menu Start\Programma's\Opstarten\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-6-12 576000]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/09/2010 3:48 26064]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/09/2010 3:49 298448]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/09/2010 3:48 249424]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [3/09/2010 10:35 6104144]
S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [10/09/2010 1:45 265400]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [22/06/2010 16:28 136176]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [15/10/2010 20:35 488776]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [19/08/2010 21:42 123472]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [19/08/2010 21:42 30288]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [19/08/2010 21:42 26192]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [25/08/2010 20:12 27064]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPService	REG_MULTI_SZ   	HPSLPSVC
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
getPlusHelper	REG_MULTI_SZ   	getPlusHelper
.
Inhoud van de 'Gedeelde Taken' map

2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 14:27]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-22 14:27]

2010-10-19 c:\windows\Tasks\User_Feed_Synchronization-{4E0114D7-677D-4B30-807F-79284DC1A408}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]

2010-10-16 c:\windows\Tasks\WebReg HP Photosmart C4700 Series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2009-05-21 18:40]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
- - - - ORPHANS VERWIJDERD - - - -

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-24 17:56
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-24  18:01:34
ComboFix-quarantined-files.txt  2010-10-24 16:01

Pre-Run: 69.824.032.768 bytes beschikbaar
Post-Run: 70.385.860.608 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3E5348D759AFED10D9C8AB07F97C4A4F