ComboFix 10-03-07.04 - martin-edel 08-03-2010   9:03.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition  5.1.2600.2.1252.31.1043.18.1023.781 [GMT 1:00]
Gestart vanuit: c:\documents and settings\martin-edel\Mijn documenten\Downloads\ComboFix.exe
AV: Trend Micro PC-cillin Internet Security 2006 *On-access scanning enabled* (Outdated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: Trend Micro PC-cillin Internet Security (Firewall) *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((   Andere Verwijderingen   )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_IPRIP
-------\Service_Iprip


((((((((((((((((((((   Bestanden Gemaakt van 2010-02-08 to 2010-03-08  ))))))))))))))))))))))))))))))
.

2010-03-07 17:05 . 2010-03-07 17:05	388096	----a-r-	c:\documents and settings\martin-edel\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-03-07 17:05 . 2010-03-07 17:05	--------	d-----w-	c:\program files\TrendMicro
2010-03-07 16:55 . 2010-03-07 16:55	--------	d-----w-	c:\documents and settings\martin-edel\Application Data\Malwarebytes
2010-03-07 16:55 . 2010-01-07 15:07	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-07 16:55 . 2010-03-07 16:55	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-03-07 16:55 . 2010-03-07 16:55	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-07 16:55 . 2010-01-07 15:07	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-03-07 10:35 . 2004-08-03 21:31	20992	----a-w-	c:\windows\system32\drivers\RTL8139.sys
2010-03-06 22:35 . 2010-03-06 22:35	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-03-06 22:33 . 2010-03-06 22:33	--------	d-----w-	c:\windows\NV38762112.TMP
2010-03-06 21:13 . 2010-03-06 21:13	--------	d-s---w-	c:\documents and settings\martin-edel\UserData
2010-03-06 20:45 . 2010-03-06 20:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\SBSI
2010-03-06 20:42 . 1998-11-13 12:08	308224	----a-w-	c:\windows\IsUn0413.exe
2010-03-06 20:03 . 2010-03-06 20:03	552	----a-w-	c:\windows\system32\d3d8caps.dat

.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 11:09 . 2006-03-02 12:00	53418	----a-w-	c:\windows\system32\perfc013.dat
2010-03-07 11:09 . 2006-03-02 12:00	364330	----a-w-	c:\windows\system32\perfh013.dat
2010-03-06 20:45 . 2010-03-06 16:47	76487	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-06 17:48 . 2010-03-06 17:48	0	----a-w-	c:\windows\nsreg.dat
2010-03-06 17:36 . 2010-03-06 17:36	12328	----a-w-	c:\documents and settings\martin-edel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-06 17:17 . 2010-03-06 17:17	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallShield
2010-03-06 17:17 . 2010-03-06 17:17	--------	d-----w-	c:\program files\MyGuard
2010-03-06 17:17 . 2010-03-06 17:09	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-03-06 17:17 . 2010-03-06 17:05	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-03-06 17:14 . 2010-03-06 17:14	--------	d-----w-	c:\program files\Trend Micro
2010-03-06 17:12 . 2010-03-06 17:12	--------	d-----w-	c:\program files\Realtek
2010-03-06 16:48 . 2010-03-06 16:48	--------	d-----w-	c:\program files\microsoft frontpage
2010-03-06 16:45 . 2010-03-06 16:45	21748	----a-w-	c:\windows\system32\emptyregdb.dat
.

(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 2006\pccguide.exe" [2005-12-06 897089]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-08-09 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer-groepering
"3540:UDP"= 3540:UDP:PNRP (Peer Name Resolution Protocol)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 Tmfilter;Tmfilter;c:\windows\system32\drivers\tmxpflt.sys [27-9-2005 15:23 183808]
R2 Tmpreflt;Tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [27-9-2005 15:23 25088]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [6-12-2005 18:00 340040]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2-12-2005 13:17 634944]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2-12-2005 13:19 286791]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc	REG_MULTI_SZ   	p2psvc p2pimsvc p2pgasvc PNRPSvc
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
FF - ProfilePath - c:\documents and settings\martin-edel\Application Data\Mozilla\Firefox\Profiles\igab6nd3.default\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-08 09:06
Windows 5.1.2600 Service Pack 2 NTFS

scannen van verborgen processen ... 

scannen van verborgen autostart items ... 

scannen van verborgen bestanden ... 

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\RTHDCPL.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Voltooingstijd: 2010-03-08  09:06:59 - machine werd herstart
ComboFix-quarantined-files.txt  2010-03-08 08:06

Pre-Run: 496.364.789.760 bytes beschikbaar
Post-Run: 496.379.613.184 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 3FB219DB5519C0B4728A7D78BA604A87