ComboFix 09-05-14.07 - Administrator 15/05/2009 18:59.2 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.31.1043.18.511.365 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Administrator.XP-EBBD87C404E6\Bureaublad\Combo-Fix.exe
 * Nieuw herstelpunt werd aangemaakt
.

((((((((((((((((((((   Bestanden Gemaakt van 2009-04-15 to 2009-05-15  ))))))))))))))))))))))))))))))
.

2009-05-15 04:58 . 2009-05-15 16:01	--------	d--h--r	c:\documents and settings\Administrator.XP-EBBD87C404E6\Onlangs geopend
2009-05-13 17:08 . 2009-05-13 17:09	--------	d-----w	C:\32788R22FWJFW.0.tmp
2009-05-12 17:25 . 2009-05-12 17:25	--------	d-----w	c:\documents and settings\Administrator.XP-EBBD87C404E6\Application Data\Malwarebytes
2009-05-12 17:25 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-05-12 17:25 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 17:25 . 2009-05-12 17:25	--------	d-----w	c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 17:25 . 2009-05-12 17:28	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-05-12 17:03 . 2009-05-12 17:03	--------	d-----w	C:\backups
2009-05-11 15:17 . 2009-05-11 15:17	396288	----a-w	C:\HijackThis.exe
2009-05-04 16:24 . 2001-09-06 17:04	12288	----a-w	c:\windows\system32\drivers\mouhid.sys
2009-04-29 21:19 . 2009-04-29 21:19	41808	----a-w	c:\windows\system32\xfcodec.dll
2009-04-28 14:44 . 2009-05-12 17:02	--------	d-----w	c:\documents and settings\Administrator.XP-EBBD87C404E6\Local Settings\Application Data\ant.com
2009-04-24 15:30 . 2009-04-24 15:30	--------	d-----w	C:\CFLog
2009-04-23 20:00 . 2009-04-24 17:27	--------	d-----w	c:\documents and settings\Administrator.XP-EBBD87C404E6\Local Settings\Application Data\PMB Files
2009-04-23 20:00 . 2009-04-24 14:41	--------	d-----w	c:\documents and settings\All Users\Application Data\PMB Files
2009-04-23 20:00 . 2009-04-23 20:00	--------	d-----w	c:\program files\Pando Networks
2009-04-23 16:52 . 2009-04-23 16:53	--------	d-----w	c:\program files\Common Files\Adobe
2009-04-23 16:47 . 2009-04-23 17:15	--------	d-----w	c:\documents and settings\Administrator.XP-EBBD87C404E6\Local Settings\Application Data\Adobe
2009-04-21 16:05 . 2009-05-12 17:08	--------	d-----w	c:\program files\Project64 1.6

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-15 14:38 . 2008-12-06 20:37	--------	d-----w	c:\program files\Xfire
2009-05-15 14:37 . 2009-01-29 16:33	--------	d-----w	c:\program files\DNA
2009-04-23 19:56 . 2008-12-20 09:45	--------	d-----w	c:\program files\NOS
2009-03-31 15:29 . 2009-03-31 15:29	2981749	----a-w	c:\windows\system32\1600x1200_DB.scr
2009-03-29 10:08 . 2001-09-07 13:00	52296	----a-w	c:\windows\system32\perfc013.dat
2009-03-29 10:08 . 2001-09-07 13:00	362074	----a-w	c:\windows\system32\perfh013.dat
2009-03-22 15:51 . 2009-03-22 15:40	--------	d---a-w	c:\program files\Silkroad
2009-03-21 11:57 . 2009-03-10 17:24	--------	d-----w	c:\program files\BBLACK
.

------- Sigcheck -------

[-] 2007-08-17 08:41	824320	1E9D35BA9240592A68BB5980AA23FDB9	c:\windows\system32\wininet.dll

[-] 2007-10-30 23:45	504832	DEE17F316022857C5C7C82D2939A0EC4	c:\windows\system32\winlogon.exe

[-] 2007-08-09 02:16	3584	6AF930674AD61D2E18A8F63B9B93A338	c:\windows\system32\SFCFILES.DLL
.
(((((((((((((((((((((((((((((   SnapShot@2009-05-13_17.21.36   )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-15 14:37 . 2009-05-15 14:37	16384              c:\windows\TEMP\Perflib_Perfdata_c4.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"DU Meter"="d:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-04 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-11-07 21633320]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-01-29 342848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zBrowser Launcher"="c:\program files\Logitech\iTouch\iTouch.exe" [2001-12-19 204800]
"AVG7_CC"="c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-11-12 590848]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-30 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"AVG7_Run"="c:\progra~1\Grisoft\AVGFRE~1\avgw.exe" [2008-11-11 219136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2007-08-17 124928]

c:\documents and settings\Administrator.XP-EBBD87C404E6\Menu Start\Programma's\Opstarten\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-12-14 261120]
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2009-4-29 3145552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableStatusMessages"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\DU Meter\\DUMeter.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"59103:TCP"= 59103:TCP:*:Disabled:Pando Media Booster
"59103:UDP"= 59103:UDP:*:Disabled:Pando Media Booster

S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [10/10/2008 22:51 223232]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
6to4
AppMgmt
AudioSrv
Browser
CryptSvc
DMServer
DHCP
EventSystem
FastUserSwitchingCompatibility
HidServ
Ias
Iprip
Irmon
LanmanServer
LanmanWorkstation
Netman
Nla
Ntmssvc
NWCWorkstation
Nwsapagent
Rasauto
Rasman
Remoteaccess
Schedule
Seclogon
Sharedaccess
Tapisrv
Themes
TrkWks
W32Time
WZCSVC
Wmi
WmdmPmSp
winmgmt
xmlprov
BITS
ShellHWDetection
WmdmPmSN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

.
.
------- Bijkomende Scan -------
.
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} - hxxp://dist.globalgamecdn.com/dist/neffy/NeffyLauncher.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-15 19:03
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(1872)
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Voltooingstijd: 2009-05-15 19:06
ComboFix-quarantined-files.txt  2009-05-15 17:06
ComboFix2.txt  2009-05-13 17:24

Pre-Run: 15.858.774.016 bytes beschikbaar
Post-Run: 15.946.567.680 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

175