ComboFix 12-02-25.02 - Gebruiker 27/02/2012  15:11:47.3.4 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.32.1043.18.3071.2320 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Gebruiker\Bureaublad\ComboFix.exe
AV: Norman Security Suite *Enabled/Updated* {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
.
((((((((((((((((((((   Bestanden Gemaakt van 2012-01-27 to 2012-02-27  ))))))))))))))))))))))))))))))
.
.
2012-02-27 11:40 . 2012-02-27 11:42	--------	d-----w-	c:\documents and settings\Gebruiker\Application Data\QuickScan
2012-02-26 17:56 . 2012-02-26 17:56	388096	----a-r-	c:\documents and settings\Gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-26 17:56 . 2012-02-26 17:56	--------	d-----w-	c:\program files\Trend Micro
2012-02-23 15:22 . 2012-02-23 15:30	--------	d-----w-	C:\kris
2012-02-23 01:13 . 2010-11-10 13:48	378000	----a-w-	c:\windows\system32\drivers\tdi_nf.sys
2012-02-23 01:13 . 2010-11-10 13:47	68176	----a-w-	c:\windows\system32\drivers\ale_nf64.sys
2012-02-23 01:13 . 2010-11-10 13:47	61472	----a-w-	c:\windows\system32\drivers\ale_nf.sys
2012-02-23 01:13 . 2010-06-21 13:54	48272	----a-w-	c:\windows\system32\drivers\nnetsec.sys
2012-02-23 01:13 . 2010-05-28 11:40	30584	----a-w-	c:\windows\system32\drivers\nnetsecl.sys
2012-02-23 01:13 . 2010-05-25 13:28	34192	----a-w-	c:\windows\system32\drivers\nnetsecl64.sys
2012-02-23 00:30 . 2010-11-11 12:01	24176	----a-w-	c:\windows\system32\drivers\nvcw32mf.sys
2012-02-23 00:30 . 2010-11-10 07:06	222352	----a-w-	c:\windows\system32\nscrnsav.scr
2012-02-23 00:30 . 2012-02-23 12:05	--------	d-----w-	c:\program files\Norman
2012-02-22 22:24 . 2012-02-22 22:24	--------	d-----w-	c:\documents and settings\NetworkService\Menu Start
2012-02-22 20:37 . 2012-02-22 20:37	--------	d-----w-	c:\windows\system32\wbem\Repository
2012-02-15 19:54 . 2012-02-15 19:54	--------	d-----w-	c:\program files\Denda Games
2012-02-14 23:14 . 2012-01-11 19:07	3072	-c----w-	c:\windows\system32\dllcache\iacenc.dll
2012-02-14 23:14 . 2012-01-11 19:07	3072	------w-	c:\windows\system32\iacenc.dll
2012-02-07 19:05 . 2012-02-07 19:05	1491	----a-w-	C:\user.js
2012-02-07 19:05 . 2012-02-07 19:05	--------	d-----w-	c:\program files\DealPly
2012-02-07 19:04 . 2012-02-07 19:04	--------	d-----w-	c:\documents and settings\Gebruiker\Local Settings\Application Data\Babylon
2012-02-07 19:04 . 2012-02-07 19:04	--------	d-----w-	c:\documents and settings\Gebruiker\Application Data\Babylon
2012-02-03 20:31 . 2012-02-03 20:31	--------	d-----w-	c:\documents and settings\Gebruiker\Local Settings\Application Data\PackageAware
2012-02-02 21:15 . 2012-02-15 19:08	--------	d-----w-	C:\temp
2012-02-01 19:03 . 2012-02-01 19:03	--------	d-----w-	c:\program files\Ask.com
2012-01-31 20:09 . 2012-01-31 20:20	--------	d-----w-	c:\documents and settings\All Users\Application Data\PferdeHof
2012-01-31 20:09 . 2012-01-31 20:09	--------	d-----w-	c:\program files\Mijn manege
2012-01-29 21:31 . 2012-01-29 21:31	--------	d-----w-	c:\documents and settings\Gebruiker\Local Settings\Application Data\WMTools Downloaded Files
2012-01-29 20:55 . 2012-01-29 20:55	--------	d-----w-	c:\documents and settings\Gebruiker\Application Data\Nero
2012-01-29 17:57 . 2012-01-29 17:57	--------	d-----w-	c:\program files\Common Files\xing shared
2012-01-29 17:57 . 2012-01-29 17:58	--------	d-----w-	c:\program files\Real
.
.
.
(((((((((((((((((((((((((((((((((((((((   Find3M Rapport   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-29 17:57 . 2011-04-19 12:00	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-01-12 17:20 . 2008-04-15 12:00	1860096	----a-w-	c:\windows\system32\win32k.sys
2012-01-11 12:05 . 2011-07-23 20:59	11139944	----a-w-	c:\windows\system32\libmfxsw32.dll
2011-12-17 19:42 . 2008-04-15 12:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2008-04-15 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2008-04-15 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2008-04-15 12:00	385024	------w-	c:\windows\system32\html.iec
2011-12-10 14:24 . 2011-04-20 13:43	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-26 21:50 . 2011-07-26 21:50	639864	----a-w-	c:\program files\utorrent.exe
2011-06-09 10:03 . 2011-07-23 21:13	143240	----a-w-	c:\program files\Common Files\ApnStub.exe
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-02-23_15.29.04   )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-27 13:07 . 2012-02-27 13:07	16384              c:\windows\temp\Perflib_Perfdata_750.dat
+ 2012-01-27 16:15 . 2012-01-27 16:15	728344              c:\windows\Downloaded Program Files\qsax.dll
+ 2012-02-26 17:56 . 2012-02-26 17:56	1094656              c:\windows\Installer\603122.msi
.
(((((((((((((((((((((((((((((((((((((   Reg Opstartpunten   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-12-20 16860672]
"Ai Nap"="c:\program files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-12-10 1412608]
"CPU Power Monitor"="c:\program files\ASUS\Ai Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="c:\program files\ASUS\Ai Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving"="c:\program files\ASUS\Ai Suite\EnergySaving\PwSave.exe" [2008-01-24 1352192]
"C-Media Mixer"="Mixer.exe" [2002-10-15 1818624]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-02-19 1089536]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-12-21 86016]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-12 421736]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-01-29 296056]
"Norman ZANDA"="c:\program files\Norman\Npm\Bin\ZLH.EXE" [2011-03-22 189824]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Ulead Photo Express 3.0 SE Calendar Checker.lnk - c:\program files\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [2011-5-22 61440]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2011-11-07 19:27	28846216	----a-w-	c:\program files\Origin\Origin.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
.
R1 NGS;Norman General Security Driver;c:\program files\Norman\Ngs\Bin\ngs.sys [23/02/2012 2:13 26744]
R1 NPROSEC;Norman Security driver;c:\program files\Norman\Ngs\Bin\nprosec.sys [23/02/2012 2:13 74144]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [24/02/2010 11:22 185472]
R2 Ndiskio;Ndiskio;c:\program files\Norman\Nse\Bin\Ndiskio.sys [23/02/2012 1:30 22880]
R2 NNFSVC;Norman Network Filtering service;c:\program files\Norman\Ngs\Bin\nnf.exe [23/02/2012 2:13 223000]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [27/01/2010 3:09 50704]
R2 NPROSECSVC;Norman Security service;c:\program files\Norman\Ngs\Bin\nprosec.exe [23/02/2012 2:13 90144]
R2 nregsec;Norman Registry Security driver;c:\program files\Norman\Ngs\Bin\nregsec.sys [23/02/2012 2:13 40384]
R2 NVOY;Norman Resource Provider;c:\program files\Norman\Npm\Bin\nvoy.exe [23/02/2012 1:30 100336]
R3 nsesvc;Norman Scanner Engine Service;c:\program files\Norman\Nse\Bin\Nsesvc.exe [23/02/2012 1:55 288072]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [23/02/2012 1:30 24176]
R3 nvcoas;Norman Virus Control on-access component;c:\program files\Norman\nvc\bin\Nvcoas.exe [23/02/2012 1:30 198168]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [16/08/2011 14:23 119528]
R3 Scheduler;Norman Scheduler Service;c:\program files\Norman\Npm\Bin\scheduler.exe [23/02/2012 2:10 99312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 12:16 130384]
S2 PCSUService;PC Speed Up Service;c:\program files\PC Speed Up\PCSUService.exe [21/11/2011 14:56 206336]
S3 NVCScheduler;Norman Virus Control Scheduler;"c:\program files\Norman\Npm\bin\NVCSCHED.EXE" --> c:\program files\Norman\Npm\bin\NVCSCHED.EXE [?]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [15/04/2008 13:00 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 12:16 753504]
.
--- Andere Services/Drivers In Geheugen ---
.
*Deregistered* - mchInjDrv
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
Inhoud van de 'Gedeelde Taken' map
.
2012-02-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-07-30 15:57]
.
2012-02-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1409082233-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
2012-02-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1409082233-1417001333-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 15:02]
.
.
------- Bijkomende Scan -------
.
TCP: Interfaces\{391FC46A-7123-4291-B96B-4537281F1DC2}: NameServer = 195.238.2.22 195.238.2.21
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
AddRemove-MostFun.com Games - Farm Frenzy 3 - c:\program files\MostFun\FarmFrenzy3\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-27 15:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ... 
.
scannen van verborgen autostart items ... 
.
scannen van verborgen bestanden ... 
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(504)
c:\program files\Norman\nvc\bin\Niphk.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-02-27  15:16:44
ComboFix-quarantined-files.txt  2012-02-27 14:16
ComboFix2.txt  2012-02-23 15:30
.
Pre-Run: 514.984.226.816 bytes beschikbaar
Post-Run: 515.085.983.744 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 7934244AD4A4CE8A463F042377E4D667