ComboFix 12-06-14.01 - Administrator 14-06-2012  15:11:24.1.1 - x86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.3.1252.31.1043.18.1215.972 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator.SELECTIN-2\Bureaublad\ComboFix.exe
AV: Norman Endpoint Protection *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
.
((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.SELECTIN-2\WINDOWS
c:\documents and settings\administrator\WINDOWS
c:\documents and settings\All Users\Application Data\pytptpyzavdwngq
c:\documents and settings\Compaq_Eigenaar\WINDOWS
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\p.j.knape\ms.exe
c:\documents and settings\p.j.knape\prf1A.tmp
c:\documents and settings\p.j.knape\WINDOWS
c:\windows\IsUn0413.exe
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ps2.bat
D:\Autorun.inf
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-05-14 to 2012-06-14  ))))))))))))))))))))))))))))))
.
.
2012-06-13 11:42 . 2012-06-13 11:42	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-13 11:42 . 2012-06-13 11:42	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2012-06-13 11:42 . 2012-04-04 13:56	22344	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-06-13 09:59 . 2012-06-14 13:18	--------	d-----w-	c:\documents and settings\Administrator.SELECTIN-2
2012-06-13 06:41 . 2001-09-06 17:04	12288	-c--a-w-	c:\windows\system32\dllcache\mouhid.sys
2012-06-13 06:41 . 2001-09-06 17:04	12288	----a-w-	c:\windows\system32\drivers\mouhid.sys
2012-06-13 06:41 . 2008-04-13 18:45	10368	-c--a-w-	c:\windows\system32\dllcache\hidusb.sys
2012-06-13 06:41 . 2008-04-13 18:45	10368	----a-w-	c:\windows\system32\drivers\hidusb.sys
2012-06-04 14:16 . 2012-06-04 14:16	--------	d-----w-	C:\kandidaten
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2006-03-02 12:00	602624	----a-w-	c:\windows\system32\crypt32.dll
2012-05-05 07:53 . 2012-04-10 07:15	419488	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2012-05-05 07:53 . 2011-05-23 06:31	70304	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-01 06:17 . 2012-05-01 06:17	476960	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-05-01 06:17 . 2007-07-18 08:41	73728	----a-w-	c:\windows\system32\javacpl.cpl
2012-05-01 06:17 . 2010-05-20 14:08	472864	----a-w-	c:\windows\system32\deployJava1.dll
2012-04-11 13:55 . 2004-08-04 00:58	2073472	----a-w-	c:\windows\system32\ntkrnlpa.exe
2012-04-11 13:55 . 2006-03-02 12:00	1862400	----a-w-	c:\windows\system32\win32k.sys
2012-04-11 13:55 . 2006-03-02 12:00	2196992	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-08-20 155648]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-11 61440]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-06-09 286720]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"VTTimer"="VTTimer.exe" [2004-10-22 53248]
"SiSPower"="SiSPower.dll" [2004-09-24 49152]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"gemstrmw"="c:\windows\system32\gemstrmw.exe" [2002-12-10 24576]
"PS2"="c:\windows\system32\ps2.exe" [2003-09-12 98304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-08-17 122368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-05-18 341344]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\OfficeNet Extra\\eblink.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2868:TCP"= 2868:TCP:Norman
"2868:UDP"= 2868:UDP:Norman
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R0 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2-5-2011 15:55 31632]
S1 NGS;Norman General Security Driver;c:\program files\Norman\ngs\bin\ngs.sys [2-5-2011 15:56 26744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
S2 MLPTDR_B;MLPTDR_B;c:\windows\system32\MLPTDR_B.SYS [2-9-2003 23:06 20064]
S2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\ndiskio.sys [2-5-2011 15:56 22880]
S2 NVOY;Norman Resource Provider;c:\program files\Norman\npm\bin\nvoy.exe [2-5-2011 15:56 100336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [10-4-2012 9:15 257696]
S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [21-6-2011 16:27 21888]
S3 nnetsec;Norman Network Security service;c:\windows\system32\drivers\nnetsec.sys [2-5-2011 15:56 50576]
S3 NNetSecC;Norman Network Filter NDIS common driver;c:\program files\Norman\ngs\bin\nnetsecc.sys [2-5-2011 15:56 29968]
S3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\nsesvc.exe [10-6-2011 14:36 288072]
S3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\Bin\nvcoas.exe [2-5-2011 15:55 196608]
S3 Scheduler;Norman Scheduler Service;c:\program files\Norman\npm\bin\scheduler.exe [2-5-2011 15:56 99312]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 07:53]
.
2012-06-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Bijkomende Scan -------
.
TCP: Interfaces\{F2B9D74A-8E5F-4A6C-82A9-98771A124A51}: NameServer = 192.168.20.254
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
DPF: {BD1C418C-953D-11D4-B14B-0060089EF400} - hxxps://www.easyflex.net/tpactivex/tp32.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-36240662.sys
AddRemove-HijackThis - c:\documents and settings\Administrator.SELECTIN-2\Bureaublad\HijackThis.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0413.exe
AddRemove-web2date - c:\windows\IsUn0413.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-14 15:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\S-1-5-21-2120516567-3023722158-3957864698-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,d2,16,0d,e4,b4,f4,4c,ad,b9,6c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,09,d2,16,0d,e4,b4,f4,4c,ad,b9,6c,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"3140AC1900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
Voltooingstijd: 2012-06-14  15:21:23
ComboFix-quarantined-files.txt  2012-06-14 13:21
.
Pre-Run: 33.794.224.128 bytes beschikbaar
Post-Run: 34.141.507.584 bytes beschikbaar
.
- - End Of File - - 5742FBEDA8C8D6ED0B8F0ECCB87166A5