ComboFix 12-04-26.01 - Ed 26-04-2012  16:56:05.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.3062.2325 [GMT 2:00]
Gestart vanuit: d:\downloads\ComboFix.exe
FW: Sygate Personal Firewall Pro *Disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Internet Explorer.lnk
c:\documents and settings\All Users\Menu Start\Programma's\Internet Explorer.lnk
c:\documents and settings\Default User\DelDF0.tmp
c:\documents and settings\Ed\Application Data\Microsoft\Messenger
c:\documents and settings\Ed\Application Data\Microsoft\Messenger\camp07@hotmail.com\ObjectStore\objectstore.v2
c:\documents and settings\Ed\Application Data\Microsoft\Messenger\camp07@hotmail.com\ObjectStore\UserTile\Hr1l2FYl+CF7MWfwr++KsbcZXPoM=.dt2
c:\documents and settings\Ed\Application Data\Microsoft\Messenger\camp07@hotmail.com\ObjectStore\UserTile\Hr1l2FYl+CF7MWfwr++KsbcZXPoM=.id2
c:\documents and settings\Ed\Application Data\Microsoft\Messenger\camp07@hotmail.com\SocialNews\WNResponse.xml
c:\documents and settings\Ed\Application Data\Microsoft\Messenger\ContactsLog.txt
c:\documents and settings\Ed\Application Data\Mozilla\Firefox\Profiles\wcz6yxmv.default\weave\toFetch
c:\program files\Internet Explorer\Internet Explorer.lnk
c:\program files\xp-AntiSpy
c:\program files\xp-AntiSpy\sponsoring\desktop.ico
c:\program files\xp-AntiSpy\sponsoring\ebay.ico
c:\program files\xp-AntiSpy\sponsoring\sponsor.html
c:\program files\xp-AntiSpy\sponsoring\xp-AntiSpy_sponsor.url
c:\program files\xp-AntiSpy\Uninstall.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.chm
c:\program files\xp-AntiSpy\xp-AntiSpy.exe
c:\program files\xp-AntiSpy\xp-AntiSpy.url
c:\windows\system32\config\systemprofile\DelDF0.tmp
c:\windows\system32\Desktop_.ini
c:\windows\system32\SET10.tmp
c:\windows\system32\SET100.tmp
c:\windows\system32\SET101.tmp
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET107.tmp
c:\windows\system32\SET108.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET12.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5A.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7E.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET8.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETA9.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAC.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETAF.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB6.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETB8.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC6.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDA.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE6.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF6.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\SETFF.tmp
c:\windows\system32\urttemp
c:\windows\system32\urttemp\regtlib.exe
c:\documents and settings\Ed\Application Data\Microsoft\Windows\UsrClass.dat . . . . konden niet verwijderd worden
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SSHNAS
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-03-26 to 2012-04-26  ))))))))))))))))))))))))))))))
.
.
2012-04-26 10:55 . 2012-04-26 10:55	--------	d-----w-	c:\program files\3.5G Connect
2012-04-25 15:12 . 2012-04-26 13:57	--------	d--h--r-	c:\documents and settings\Ed\Onlangs geopend
2012-04-25 10:20 . 2012-04-25 10:20	21361	----a-w-	c:\windows\system32\drivers\AegisP.sys
2012-04-25 10:20 . 2012-04-25 10:20	376832	----a-w-	c:\windows\system32\AegisI5Installer.exe
2012-04-25 10:20 . 2009-11-13 23:05	594048	------r-	c:\windows\system32\drivers\rtl8192su.sys
2012-04-25 10:20 . 2009-04-02 18:27	188416	------r-	c:\windows\RTLExtUI.dll
2012-04-25 10:20 . 2009-03-31 22:31	380928	------r-	c:\windows\RtlUI2.exe
2012-04-25 10:20 . 2008-07-01 20:31	614400	------r-	c:\windows\system32\Rtlihvs.dll
2012-04-25 10:20 . 2008-07-01 20:31	614400	------r-	c:\windows\Rtlihvs.dll
2012-04-25 10:19 . 2009-03-31 22:31	380928	------r-	c:\windows\system32\RtlUI2.exe
2012-04-25 10:19 . 2009-04-02 18:27	188416	------r-	c:\windows\system32\RTLExtUI.dll
2012-04-25 10:19 . 2012-04-25 10:19	--------	d-----w-	c:\windows\system32\RtlGina
2012-04-25 10:19 . 2009-02-05 00:49	451072	----a-w-	c:\windows\system32\ISSRemoveSP.exe
2012-04-25 06:26 . 2012-01-31 06:57	74640	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-25 06:26 . 2012-01-31 06:57	137416	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-25 06:26 . 2011-09-16 14:09	36000	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-04-25 06:26 . 2012-04-25 06:26	--------	d-----w-	c:\program files\Avira
2012-04-25 06:26 . 2012-04-25 06:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2012-04-24 19:32 . 2012-04-24 19:32	--------	d-sh--w-	c:\windows\ftpcache
2012-04-24 18:27 . 2010-10-24 05:06	598528	----a-w-	c:\windows\system32\ztv7z.dll
2012-04-24 18:27 . 2010-10-24 05:06	178176	----a-w-	c:\windows\system32\ztvunrar39.dll
2012-04-24 18:27 . 2006-06-19 11:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2012-04-24 18:27 . 2006-05-25 13:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2012-04-24 18:27 . 2005-08-25 23:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2012-04-24 18:27 . 2002-03-05 23:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2012-04-24 18:27 . 2003-02-02 18:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2012-04-24 18:26 . 2012-04-24 18:28	--------	d-----w-	c:\program files\Trojan Remover
2012-04-24 18:26 . 2012-04-24 18:26	--------	d-----w-	c:\documents and settings\Ed\Application Data\Simply Super Software
2012-04-24 18:26 . 2012-04-24 18:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Simply Super Software
2012-04-24 18:04 . 2012-04-24 18:04	54016	----a-w-	c:\windows\system32\drivers\xoyakn.sys
2012-04-24 16:00 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-23 18:15 . 2012-04-23 18:15	--------	d-----w-	c:\program files\Common Files\Java
2012-04-23 18:15 . 2012-04-23 18:15	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-04-23 17:06 . 2012-04-23 17:06	--------	d-----w-	c:\program files\CCleaner
2012-04-22 16:06 . 2012-04-22 16:06	--------	d-----w-	c:\program files\Common Files\Skype
2012-04-21 07:40 . 2011-11-15 13:51	105216	----a-w-	c:\windows\system32\drivers\bmusbser.sys
2012-04-21 07:40 . 2012-04-23 17:14	--------	d-----w-	c:\program files\neXon 3.5G Connect
2012-04-21 07:40 . 2011-11-15 13:51	103424	----a-w-	c:\windows\system32\MyDIT_GenClassCoInst.dll
2012-04-18 10:50 . 2009-10-03 19:49	--------	d-----w-	c:\documents and settings\Ed\Application Data\anpo.republika.pl
2012-04-17 09:29 . 2004-05-29 07:55	86016	------w-	c:\windows\system32\qtXLS.dll
2012-04-17 09:29 . 2000-01-30 20:24	421888	------w-	c:\windows\system32\DFORRT.DLL
2012-04-15 07:41 . 2012-04-15 07:41	--------	d-sh--w-	c:\documents and settings\LocalService\PrivacIE
2012-04-15 07:41 . 2012-04-15 07:41	--------	d-sh--w-	c:\documents and settings\LocalService\IETldCache
2012-04-08 09:16 . 2012-04-08 09:16	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-04-08 09:16 . 2012-04-08 09:16	--------	d-----w-	c:\program files\Windows Live SkyDrive
2012-04-07 17:54 . 2012-04-07 17:54	--------	d-----w-	c:\documents and settings\Lies\Local Settings\Application Data\Temp
2012-04-07 08:02 . 2012-04-07 08:02	--------	d-----w-	c:\documents and settings\Ed\Application Data\O&O
2012-04-02 19:13 . 2012-04-02 19:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\YTD YouTube Downloader & Converter
2012-04-02 18:53 . 2012-04-25 07:56	--------	d-----w-	c:\documents and settings\Ed\Application Data\Temp
2012-04-02 08:13 . 2012-04-02 08:13	--------	d-----w-	c:\documents and settings\Ed\Application Data\GARMIN_Corp
2012-04-01 19:09 . 2012-04-01 19:09	--------	d-----w-	c:\documents and settings\Ed\Application Data\GHISLER
2012-04-01 17:39 . 2012-04-01 17:39	--------	d-----w-	c:\documents and settings\Ed\Application Data\gtk-2.0
2012-03-28 09:04 . 2012-03-28 09:04	--------	d-----w-	c:\program files\uTorrent
2012-03-28 09:02 . 2012-04-24 19:31	--------	d-----w-	c:\documents and settings\Ed\Application Data\uTorrent
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-23 18:15 . 2011-02-27 16:46	472808	----a-w-	c:\windows\system32\deployJava1.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-05-15 . 8DC01159970C7FE4A4744F44389BC15C . 2188288 . . [5.1.2600.5512] . . c:\windows\system32\ntkrnlpa.exe
.
[-] 2008-05-15 . 1EC5AD82E87D7FF5443C0844941BB713 . 2309632 . . [5.1.2600.5512] . . c:\windows\system32\ntoskrnl.exe
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-25 39408]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2005-06-06 2614496]
"DU Meter"="c:\program files\DU Meter\DUMETER.EXE" [2003-05-21 81920]
"OODefragTray"="c:\program files\O&O-Defrag\oodtray.exe" [2011-01-12 2781000]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
.
c:\documents and settings\Ed\Menu Start\Programma's\Opstarten\
GpsGate.lnk - c:\program files\Franson\GpsGate 2.0\GpsGateXP.exe [2011-6-20 540672]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
BTTray.lnk - c:\program files\Bluetooth Software\BTTray.exe [2004-10-1 565309]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /r \??\f:\0autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^REALTEK 11n USB Wireless LAN Utility.lnk]
path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\REALTEK 11n USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK 11n USB Wireless LAN Utility.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Ed^Menu Start^Programma's^Opstarten^GpsGate.lnk]
backup=c:\windows\pss\GpsGate.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BroadCam
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mobile Partner]
c:\program files\3MobileWiFi\3MobileWiFi [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 20:33	110592	----a-w-	c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 20:32	15360	----a-w-	c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
2006-11-13 16:34	1289000	----a-w-	c:\program files\Microsoft ActiveSync\wcescomm.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-12-10 13:17	166424	----a-w-	c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-04-04 13:56	462408	----a-w-	c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2007-12-10 13:17	137752	----a-w-	c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-02-25 20:59	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2010-07-04 19:51	17408	----a-w-	c:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AgereModemAudio"=2 (0x2)
"MBAMService"=2 (0x2)
"BroadCamService"=2 (0x2)
"ExpatShieldService"=2 (0x2)
"ExpatTrayService"=3 (0x3)
"ExpatWd"=2 (0x2)
"ExpatSrv"=2 (0x2)
"Webcamera Plus Service"=2 (0x2)
"Crypkey License"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"PRTG7ProbeService"=2 (0x2)
"PRTG7CoreService"=2 (0x2)
"MDM"=2 (0x2)
"idsvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Access Point\\PRTG Network Monitor\\PRTG Probe.exe"=
"c:\\Program Files\\Access Point\\PRTG Network Monitor\\PRTG Server Administrator.exe"=
"c:\\Program Files\\Access Point\\PRTG Network Monitor\\PRTG Server.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Realtek\\11n USB Wireless LAN Utility\\RtWLan.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"86:TCP"= 86:TCP:BroadCam Video Streaming Server Web Server
"1935:TCP"= 1935:TCP:BroadCam Video Streaming Server Flash Video Server
"4100:UDP"= 4100:UDP:uPNP Router Control Port
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1542:TCP"= 1542:TCP:Realtek WPS TCP Prot
"1542:UDP"= 1542:UDP:Realtek WPS UDP Prot
"53:UDP"= 53:UDP:Realtek AP UDP Prot
.
R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [25-2-2011 22:46 40496]
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [25-4-2012 8:26 36000]
R1 bizVSerial;Franson VSerial;c:\windows\system32\drivers\bizVSerialNT.sys [3-4-2006 22:00 14949]
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25-4-2012 8:26 86224]
R2 OODefragAgent;O&O Defrag Agent;c:\program files\O&O-Defrag\oodag.exe [12-1-2011 13:06 2398536]
R3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [9-6-2011 11:36 12288]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [8-9-2011 13:02 100992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25-2-2011 22:58 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-2-2012 8:50 158856]
S3 bmusbser;Network Connect USB Device for Legacy Serial Communication;c:\windows\system32\drivers\bmusbser.sys [21-4-2012 9:40 105216]
S3 CH341SER;CH341SER;c:\windows\system32\drivers\CH341SER.SYS [7-3-2011 12:00 36080]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [8-9-2011 13:02 117504]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25-2-2011 22:58 136176]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [24-4-2012 18:00 22344]
S3 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [12-9-2011 12:46 38976]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [25-4-2012 12:20 594048]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [24-4-2012 18:00 654408]
S4 PRTG7CoreService;PRTG 7 Core Server Service;c:\program files\Access Point\PRTG Network Monitor\PRTG Server.exe [12-9-2011 13:18 7155712]
S4 PRTG7ProbeService;PRTG 7 Probe Service;c:\program files\Access Point\PRTG Network Monitor\PRTG Probe.exe [12-9-2011 13:18 3442472]
S4 Webcamera Plus Service;Webcamera Plus Service;c:\program files\WebCamera Plus\WebCamPlusSrv.exe [10-8-2011 9:35 46592]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 20:58]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-25 20:58]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1788223648-1417001333-1004Core.job
- c:\documents and settings\Ed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-19 16:54]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1788223648-1417001333-1004UA.job
- c:\documents and settings\Ed\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-01-19 16:54]
.
2012-04-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1788223648-1417001333-1005Core.job
- c:\documents and settings\Lies\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-31 15:37]
.
2012-04-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-746137067-1788223648-1417001333-1005UA.job
- c:\documents and settings\Lies\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-31 15:37]
.
2012-04-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2011-02-25 22:28]
.
2012-04-26 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2011-02-25 22:28]
.
2012-03-28 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2011-02-25 22:28]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.nl/
uInternet Settings,ProxyServer = 82.148.109.68:8080
uInternet Settings,ProxyOverride = 192;168;1;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.100 212.54.40.25 212.54.35.25
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://212.123.205.51/activex/AMC.cab
.
.
------- Bestandsassociaties -------
.
inifile="c:\program files\UltraEdit\uedit32.exe" "%1"
.txt=txt_file
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
Notify-WgaLogon - (no file)
AddRemove-xp-AntiSpy - c:\program files\xp-AntiSpy\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-04-26 17:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vsdatant]
"ImagePath"=""
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="56FBA3E3AC6C828C64AE069FE72A3319E1D58DE852F34575DEBC6A11CB8ACC6DE026E6EA522A7755603C36DC30FB3D692E7D910FF992694493CA20A4E2F76A5D4C7B3B88DCD0FA9FD18274C404059508EF2574EFE701345C32C1A8A39484EAE895293B8DF4804BD5980166FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E667A9C6AECB7A5D1407BBC11C47DA62390E57E38B64819EECC505706700F467AC1D9F24942D3697E25BB1BE32DFF286D34FFC6A7ACDDD12811E15E72D2810F8A35C8C92129AFA7B2DFBACAA0525E9DD61893FFE143D962BFDB9EDD4B1C049CC70BEA62DEEC08F7619011B554A0FF85EA610484312A6EC41F77611CCCEDD8D429751E9A0456FA98BBE43159D7EC83D4DEA28E6ED7032870309A8A6FAA3452A0A2694772CF3295F90B98F50F8E2323848FC0B0B48713E716FCD16F79E906D55ABA8FB11A59FA33032A9A6ACF27BDECF3EAC67CB319A5A18DBE9FBF50DBD86A47FB1EE9F732F49FAEC333E28268F154DF34EDFE31C334BCE728288B22B937114B3D9C9AF13CCBA0315FB7F6AC62CD15EFE3B0A2F8DC9874CAE3FDC63F5C144814ABA5DEF15E8C7F251B106BA172044134E506FB19F2FBEA9E05092657BB9473319F26C351D3678D51C02E38672014FE11FEC0F8F82F85066AEE533375EB1F84EC9253077622B869C44221F5E44A50B250675D814767F50E311B6BE7A58A3895FD8775351B282611BEBC92FF610ABC3986B5436AC54610669D47B27F632CDE0551A957784EE3D2B0A8AB302A9E8F1775D09757E6B837E71A019725497CD329684322DB0F30A9D3B86EA1F7873F91F5AFAF149018503FBBF19555C20EA1C17F8221BF105278BAA9A8F2CD066757F17D45907C4FE55E6C257C4CF00DAA42507894B231A72CA12AF880A3F1116734B8901C4815FAFD85401CF7927A6479A044F7DFEEADF67AECB3CF6BEED29C4584265AE71EC97BBB184A7F6F1CA9D9CC76904BDA1E8034A46FDA10EDAD06B23AE5D5E61F229EC4126C66BCBCB0036844C1678E9786844EFA98179A6EC572A55A92AED51C2E864D29FFDC5830C60479F6963C85131836CA695C19D4FEA44BBF59B4ACFE9BEB487F62C1FF28716572A01083C537AD82F44AE683FAD4CAC2E7E90007303CA28E9E027FE35F5F135A6BBAD301FB89F65B09BBAA68D0C926D00502771EDCB46A53603D06BDD929598E2DEA2149F60ABACA0C573F856E0CCCFF795AEB296B4E5BD1D81D6EC4D52F6D1F4784E846674C36A6D97F32AD49659D6A9358F28E086E2DF78750FA2C7814DD898F114F72CE1BABC59EB4EABD8DCCBEAFB9B2759CFD4AEDDF1FA43CB27B2850660B8CA8B425B9BA97923050F48A5E959A9B74775FCEFEB6B"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(264)
c:\windows\system32\ieframe.dll
c:\windows\system32\SSSensor.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\logonui.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Bluetooth Software\bin\btwdins.exe
c:\program files\Sygate\SPF\smc.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wscntfy.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-04-26  17:34:41 - machine werd herstart
ComboFix-quarantined-files.txt  2012-04-26 15:34
.
Pre-Run: 52.297.846.784 bytes beschikbaar
Post-Run: 52.110.311.424 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 962785879965E69F6C5D6E2DF3003A3F
