problemen ie8

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::c:\windows\system32\B4D9D9ED02.sys

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[nicola]

Daar ben ik weer. Hier komt mijn logje:

ComboFix 09-08-10.06 - familie timmermans 17-08-2009 22:58.3.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.519 [GMT 2:00]

Gestart vanuit: c:\documents and settings\familie timmermans\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\familie timmermans\Bureaublad\CFScript.txt..txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-17 to 2009-08-17 ))))))))))))))))))))))))))))))

.

2009-08-17 14:04 . 2009-08-17 20:56 -------- d--h--r- c:\documents and settings\familie timmermans\Onlangs geopend

2009-08-12 20:00 . 2009-08-12 20:00 -------- d-----w- c:\program files\Trend Micro

2009-08-12 05:45 . 2009-07-10 13:31 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-09 17:21 . 2009-08-09 17:24 -------- d-----w- c:\program files\Hyves Desktop

2009-08-05 09:01 . 2009-08-05 09:01 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-24 05:55 . 2009-07-24 05:55 -------- d-----w- c:\program files\iPod

2009-07-24 05:55 . 2009-07-24 05:55 -------- d-----w- c:\program files\iTunes

2009-07-24 05:50 . 2009-07-24 05:50 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

2009-07-24 05:46 . 2009-07-24 05:46 -------- d-----w- c:\program files\QuickTime

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-17 14:04 . 2009-05-15 19:14 -------- d-----w- c:\program files\SPAMfighter

2009-08-14 15:43 . 2005-10-06 21:05 -------- d-----w- c:\program files\LimeWire

2009-08-09 16:57 . 2009-06-28 08:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT

2009-08-05 09:01 . 2004-09-14 07:38 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-24 05:55 . 2008-09-05 05:08 -------- d-----w- c:\program files\Common Files\Apple

2009-07-18 06:27 . 2009-02-02 14:13 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-17 19:04 . 2004-09-14 07:38 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-09-14 07:39 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-09 10:16 . 2009-04-23 04:48 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-07-09 10:16 . 2008-09-05 05:08 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-07-03 17:00 . 2004-09-14 07:38 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-03 15:38 . 2009-07-03 15:38 -------- d-----w- c:\documents and settings\familie timmermans\Application Data\Zylom

2009-07-03 15:38 . 2009-07-03 15:38 -------- d-----w- c:\program files\Zylom Games

2009-06-28 16:53 . 2009-06-28 16:53 88 --sh--r- c:\windows\system32\B4D9D9ED02.sys

2009-06-28 16:53 . 2009-06-28 16:53 -------- d-----w- c:\documents and settings\familie timmermans\Application Data\Corel

2009-06-28 16:53 . 2009-06-28 16:45 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-06-28 16:53 . 2009-06-28 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-06-28 08:05 . 2009-06-28 08:02 -------- d-----w- c:\documents and settings\familie timmermans\Application Data\Nikon

2009-06-28 08:05 . 2009-06-28 08:02 -------- d-----w- c:\program files\Common Files\Nikon

2009-06-28 08:04 . 2009-06-28 08:04 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLck.DAT

2009-06-28 08:04 . 2009-06-28 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15

2009-06-28 08:04 . 2009-06-28 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp

2009-06-28 08:03 . 2009-06-28 08:03 49152 ----a-r- c:\documents and settings\familie timmermans\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2009-06-28 08:03 . 2009-06-28 08:03 57344 ----a-r- c:\documents and settings\familie timmermans\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2009-06-28 08:02 . 2009-06-28 08:02 -------- d-----w- c:\program files\Nikon

2009-06-28 08:01 . 2009-06-28 08:00 45173352 ----a-w- C:\nikon.exe

2009-06-25 08:27 . 2004-09-14 07:38 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-09-14 07:38 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-09-14 07:38 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-09-14 07:38 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-09-14 07:38 735232 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-09-14 07:38 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-09-14 07:38 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-18 06:06 . 2009-02-02 14:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-16 14:40 . 2004-09-14 07:38 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2004-09-14 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:45 . 2004-09-14 07:38 79872 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:16 . 2004-09-14 07:38 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:22 . 2004-09-14 07:48 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2004-09-14 07:38 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-08 15:48 . 2005-10-07 21:44 69568 -c--a-w- c:\documents and settings\familie timmermans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-06-07 17:34 . 2009-06-07 17:34 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-03 19:11 . 2004-09-14 07:38 1295360 ----a-w- c:\windows\system32\quartz.dll

2009-05-21 21:20 . 2007-06-22 21:44 17 -c--a-w- c:\windows\popcinfo.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-05-27 1573104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-16 148888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]

c:\documents and settings\familie timmermans\Menu Start\Programma's\Opstarten\

Dialer Detect.lnk - c:\program files\FSG\DialerDetect\dd.exe [2006-2-24 333312]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]

Gigaset WLAN Adapter Monitor.lnk - c:\program files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-2-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-05-03 07:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2-2-2009 16:13 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2-2-2009 16:13 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2-2-2009 16:13 907032]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2-2-2009 16:13 298776]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [14-9-2004 9:38 14336]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12-3-2009 10:44 184968]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]

S3 hitmanpro3;Hitman Pro 3 Support Driver; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-17 c:\windows\Tasks\CCleaner.job

- c:\progra~1\CCleaner\ccleaner.exe [2009-05-27 13:40]

2009-08-17 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-08-17 c:\windows\Tasks\SLOW-PCfighter.job

- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-05-26 14:08]

2009-08-17 c:\windows\Tasks\User_Feed_Synchronization-{001EB311-F809-4968-AEC6-CEC4B7E5C720}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-17 23:05

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1436)

c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(4092)

c:\windows\system32\btmmhook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2009-08-17 23:07

ComboFix-quarantined-files.txt 2009-08-17 21:07

ComboFix2.txt 2009-08-17 13:07

Pre-Run: 103.689.850.880 bytes beschikbaar

Post-Run: 103.658.311.680 bytes beschikbaar

190 --- E O F --- 2009-08-11 03:23

Ik hoor het wel weer,

Bedankt,

Nicole

[kape]

Dit is deels goed gegaan, maar wil je nog even hetzelfde herhalen ... nu met de volgende opdracht :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\B4D9D9ED02.sys

Driver::

hitmanpro3

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[nicola]

ComboFix 09-08-10.06 - familie timmermans 18-08-2009 10:21.4.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1022.469 [GMT 2:00]

Gestart vanuit: c:\documents and settings\familie timmermans\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\familie timmermans\Bureaublad\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::

"c:\windows\system32\B4D9D9ED02.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\B4D9D9ED02.sys

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_HITMANPRO3

-------\Service_hitmanpro3

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-18 to 2009-08-18 ))))))))))))))))))))))))))))))

.

2009-08-18 08:26 . 2009-08-18 08:26 -------- d--h--r- c:\documents and settings\familie timmermans\Onlangs geopend

2009-08-18 07:40 . 2009-08-18 08:22 -------- d-----w- c:\documents and settings\familie timmermans\Tracing

2009-08-18 07:34 . 2009-02-06 16:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys

2009-08-18 07:34 . 2009-08-18 07:34 -------- d-----w- c:\program files\Microsoft Sync Framework

2009-08-18 07:34 . 2009-08-18 07:34 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2009-08-18 07:33 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll

2009-08-18 07:33 . 2009-08-18 07:33 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition

2009-08-18 07:32 . 2009-08-18 07:35 -------- d-----w- c:\program files\Microsoft

2009-08-18 07:31 . 2009-08-18 07:31 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-08-18 07:31 . 2009-08-18 07:34 -------- d-----w- c:\program files\Windows Live

2009-08-18 07:21 . 2009-08-18 07:21 -------- d-----w- c:\program files\Common Files\Windows Live

2009-08-12 20:00 . 2009-08-12 20:00 -------- d-----w- c:\program files\Trend Micro

2009-08-12 05:45 . 2009-07-10 13:31 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

2009-08-09 17:21 . 2009-08-09 17:24 -------- d-----w- c:\program files\Hyves Desktop

2009-08-05 09:01 . 2009-08-05 09:01 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll

2009-07-24 05:55 . 2009-07-24 05:55 -------- d-----w- c:\program files\iPod

2009-07-24 05:55 . 2009-07-24 05:55 -------- d-----w- c:\program files\iTunes

2009-07-24 05:50 . 2009-07-24 05:50 75040 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe

2009-07-24 05:46 . 2009-07-24 05:46 -------- d-----w- c:\program files\QuickTime

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-18 08:36 . 2009-05-15 19:14 -------- d-----w- c:\program files\SPAMfighter

2009-08-18 07:35 . 2005-10-07 21:44 70152 -c--a-w- c:\documents and settings\familie timmermans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-14 15:43 . 2005-10-06 21:05 -------- d-----w- c:\program files\LimeWire

2009-08-09 16:57 . 2009-06-28 08:01 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT

2009-08-05 09:01 . 2004-09-14 07:38 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-24 05:55 . 2008-09-05 05:08 -------- d-----w- c:\program files\Common Files\Apple

2009-07-18 06:27 . 2009-02-02 14:13 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-17 19:04 . 2004-09-14 07:38 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-13 21:43 . 2004-09-14 07:39 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-09 10:16 . 2009-04-23 04:48 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll

2009-07-09 10:16 . 2008-09-05 05:08 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2009-07-03 17:00 . 2004-09-14 07:38 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-03 15:38 . 2009-07-03 15:38 -------- d-----w- c:\documents and settings\familie timmermans\Application Data\Zylom

2009-06-28 16:53 . 2009-06-28 16:53 -------- d-----w- c:\documents and settings\familie timmermans\Application Data\Corel

2009-06-28 16:53 . 2009-06-28 16:45 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

2009-06-28 16:53 . 2009-06-28 16:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2009-06-28 08:05 . 2009-06-28 08:02 -------- d-----w- c:\documents and settings\familie timmermans\Application Data\Nikon

2009-06-28 08:05 . 2009-06-28 08:02 -------- d-----w- c:\program files\Common Files\Nikon

2009-06-28 08:04 . 2009-06-28 08:04 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLck.DAT

2009-06-28 08:04 . 2009-06-28 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ultima_T15

2009-06-28 08:04 . 2009-06-28 08:01 -------- d-----w- c:\documents and settings\All Users\Application Data\EnterNHelp

2009-06-28 08:03 . 2009-06-28 08:03 49152 ----a-r- c:\documents and settings\familie timmermans\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe

2009-06-28 08:03 . 2009-06-28 08:03 57344 ----a-r- c:\documents and settings\familie timmermans\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe

2009-06-28 08:02 . 2009-06-28 08:02 -------- d-----w- c:\program files\Nikon

2009-06-28 08:01 . 2009-06-28 08:00 45173352 ----a-w- C:\nikon.exe

2009-06-25 08:27 . 2004-09-14 07:38 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2004-09-14 07:38 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2004-09-14 07:38 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2004-09-14 07:38 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-25 08:27 . 2004-09-14 07:38 735232 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2004-09-14 07:38 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-24 11:18 . 2004-09-14 07:38 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-18 06:06 . 2009-02-02 14:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-06-16 14:40 . 2004-09-14 07:38 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-16 14:40 . 2004-09-14 07:38 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-15 10:45 . 2004-09-14 07:38 79872 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:16 . 2004-09-14 07:38 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 07:22 . 2004-09-14 07:48 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2004-09-14 07:38 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-07 17:34 . 2009-06-07 17:34 664 ----a-w- c:\windows\system32\d3d9caps.dat

2009-06-03 19:11 . 2004-09-14 07:38 1295360 ----a-w- c:\windows\system32\quartz.dll

2009-05-21 21:20 . 2007-06-22 21:44 17 -c--a-w- c:\windows\popcinfo.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ccleaner"="c:\program files\CCleaner\ccleaner.exe" [2009-05-27 1573104]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

"SPAMfighter Agent"="c:\program files\SPAMfighter\SFAgent.exe" [2009-03-12 326792]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-16 148888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]

c:\documents and settings\familie timmermans\Menu Start\Programma's\Opstarten\

Dialer Detect.lnk - c:\program files\FSG\DialerDetect\dd.exe [2006-2-24 333312]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-27 561213]

Gigaset WLAN Adapter Monitor.lnk - c:\program files\Siemens\Gigaset USB Adapter 108\Gcc.exe [2007-2-20 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-05-03 07:43 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

SecurityProviders msapsspc.dll, schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=

"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2-2-2009 16:13 335752]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2-2-2009 16:13 108552]

R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2-2-2009 16:13 907032]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2-2-2009 16:13 298776]

R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [18-8-2009 9:34 55152]

R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [14-9-2004 9:38 14336]

R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\SPAMfighter\sfus.exe [12-3-2009 10:44 184968]

R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 19:19 13592]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; [x]

S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6-2-2009 18:08 533360]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - FSSFLTR

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-17 c:\windows\Tasks\CCleaner.job

- c:\progra~1\CCleaner\ccleaner.exe [2009-05-27 13:40]

2009-08-18 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2009-08-18 c:\windows\Tasks\SLOW-PCfighter.job

- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2009-05-26 14:08]

2009-08-18 c:\windows\Tasks\User_Feed_Synchronization-{001EB311-F809-4968-AEC6-CEC4B7E5C720}.job

- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth-apparaat... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {BC0AE9E6-E549-4554-A222-EA083A894683} - hxxp://a01-b01.mypicturetown.com/P2PwebCmdController/x/Upld_47.CAB

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-18 10:34

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]

"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(1520)

c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(1700)

c:\windows\system32\btmmhook.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\HPZipm12.exe

c:\windows\system32\PSIService.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG8\avgrsx.exe

c:\progra~1\AVG\AVG8\avgnsx.exe

c:\program files\AVG\AVG8\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\msiexec.exe

c:\program files\Siemens\Gigaset USB Adapter 108\OdHost.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2009-08-18 10:38 - machine werd herstart

ComboFix-quarantined-files.txt 2009-08-18 08:38

ComboFix2.txt 2009-08-17 21:07

ComboFix3.txt 2009-08-17 13:07

Pre-Run: 103.144.996.864 bytes beschikbaar

Post-Run: 103.043.698.688 bytes beschikbaar

234 --- E O F --- 2009-08-18 06:38

Bedankt weer!

[kape]

Perfect. Alles opgeruimd Hoe staat het nu met de snelheid ?

[nicola]

Ja volgens mij ben ik weer op volle snelheid!Helemaal goed!

Bedankt weer hoor, als we jullie toch niet hadden!

Fijne dag en geniet van het weer!

Nicole

---------- Post toegevoegd om 09:32 ---------- Vorige post was om 09:31 ----------

Er was trouwens een speciale manier om hijackthis en combofix te verwijderen. Wat was dit ook alweer?

Bedankt!

[kape]

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Verwijder volgende vetgedrukte map met Windows Verkenner : C:\Qoobox (indien nog aanwezig).

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !