uiterst trage internetverbindingen

ariekuij · 16 augustus 2010

Dit moet het goede dan zijn. De scan van HiJack in mijn vorige bericht is gebaseerd op een cf. jouw advies bijgewerkt combofix. Excuus voor misverstand.

Als dit niet het goede is, dan is het me niet gelukt om jouw adveis op te volgen en de voorgestelde wijzigingen in mijn combofix te plakken.

ComboFix 10-08-15.02 - Dhr. A. Kuijvenhoven 16-08-2010 10:36:29.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.461 [GMT 2:00]

Gestart vanuit: d:\documents and settings\Dhr. A. Kuijvenhoven\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: d:\documents and settings\Dhr. A. Kuijvenhoven\Bureaublad\CFScript.txt.lnk

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-16 to 2010-08-16 ))))))))))))))))))))))))))))))

.

2010-08-14 07:48 . 2010-08-16 08:31 -------- d--h--r- d:\documents and settings\Dhr. A. Kuijvenhoven\Onlangs geopend

2010-08-13 19:54 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-13 19:54 . 2010-08-13 19:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-13 19:54 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-13 09:56 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-08-13 09:56 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-08-13 09:56 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-08-13 09:56 . 2010-06-28 20:37 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-08-13 09:56 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-08-13 09:56 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-08-13 09:56 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-08-13 09:55 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-13 09:55 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-08-13 09:55 . 2010-08-13 09:55 -------- d-----w- d:\documents and settings\All Users\Application Data\Alwil Software

2010-08-13 09:55 . 2010-08-13 09:55 -------- d-----w- c:\program files\Alwil Software

2010-08-13 09:54 . 2010-08-13 09:55 49348328 ----a-w- c:\program files\setup_av_free_dut.exe

2010-08-13 09:43 . 2010-08-13 09:43 388096 ----a-r- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-11 17:34 . 2010-08-11 17:34 -------- d-----w- c:\program files\Common Files\Java

2010-08-11 14:14 . 2010-08-11 14:14 -------- d-----w- c:\windows\Performance

2010-08-11 14:14 . 2010-08-11 14:14 -------- d-----w- d:\documents and settings\Dhr. A. Kuijvenhoven\Local Settings\Application Data\Microsoft Corporation

2010-08-09 12:02 . 2010-08-09 12:02 503808 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c15b93e-n\msvcp71.dll

2010-08-09 12:02 . 2010-08-09 12:02 499712 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c15b93e-n\jmc.dll

2010-08-09 12:02 . 2010-08-09 12:02 348160 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-3c15b93e-n\msvcr71.dll

2010-08-09 12:02 . 2010-08-09 12:02 12800 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-56b22dbe-n\decora-d3d.dll

2010-08-09 12:02 . 2010-08-09 12:02 61440 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-56b22dbe-n\decora-sse.dll

2010-07-31 09:10 . 2010-07-23 15:22 1496064 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Mozilla\Firefox\Profiles\d53xk6w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

2010-07-31 09:10 . 2010-07-23 15:22 43008 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Mozilla\Firefox\Profiles\d53xk6w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll

2010-07-31 09:10 . 2010-07-23 15:22 338944 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Mozilla\Firefox\Profiles\d53xk6w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll

2010-07-31 09:10 . 2010-07-23 15:22 346112 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Mozilla\Firefox\Profiles\d53xk6w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll

2010-07-26 18:42 . 2010-07-26 18:42 -------- d-----w- c:\program files\Uniblue

2010-07-26 12:45 . 2010-07-26 12:45 0 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\OpenCandy\OpenCandy_90025766732D4C77946B0E95C225C87F\DLMgr_3_1.6.44.exe

2010-07-26 12:45 . 2010-07-26 12:45 -------- d-----w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\OpenCandy

2010-07-26 12:45 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll

2010-07-26 12:45 . 2006-09-28 14:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll

2010-07-26 12:45 . 2010-07-26 12:45 -------- d-----w- c:\windows\Logs

2010-07-26 12:45 . 2010-07-26 12:45 -------- d-----w- c:\program files\Winamp Detect

2010-07-26 12:45 . 2010-07-26 12:45 -------- d-----w- c:\program files\Winamp Toolbar

2010-07-26 12:35 . 2010-07-26 12:36 8098640 ----a-w- c:\program files\Firefox Setup 3.5.11.exe

2010-07-26 10:37 . 2010-07-26 10:37 -------- d-----w- d:\documents and settings\LocalService.NT AUTHORITY.004\Application Data\McAfee

2010-07-21 20:05 . 2010-07-21 20:05 -------- d-----w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\FastStone

2010-07-21 20:04 . 2010-07-21 20:05 -------- d-----w- c:\program files\FastStone Image Viewer

2010-07-21 20:04 . 2010-07-21 20:04 4769574 ----a-w- c:\program files\FSViewerSetup42.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-16 08:36 . 2007-08-20 15:21 -------- d-----w- c:\program files\Spyware Doctor

2010-08-16 08:31 . 2007-07-16 10:25 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP

2010-08-16 08:14 . 2007-02-27 11:32 61088 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\wklnhst.dat

2010-08-16 07:01 . 2007-03-02 13:04 -------- d-----w- d:\documents and settings\All Users\Application Data\Google Updater

2010-08-13 19:41 . 2009-12-09 13:10 -------- d-----w- c:\program files\AskBarDis

2010-08-13 19:41 . 2007-02-28 10:13 -------- d-----w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\OpenOffice.org2

2010-08-13 09:57 . 2010-08-13 09:57 579 ----a-w- c:\program files\Snelkoppeling naar setup_av_free_dut.lnk

2010-08-13 09:07 . 2008-06-03 13:08 -------- d-----w- c:\program files\PC Veilig

2010-08-13 09:04 . 2008-06-03 13:08 -------- d-----w- d:\documents and settings\All Users\Application Data\F-Secure

2010-08-13 09:04 . 2004-09-10 16:24 92008 ----a-w- c:\windows\system32\perfc013.dat

2010-08-13 09:04 . 2004-09-10 16:24 511734 ----a-w- c:\windows\system32\perfh013.dat

2010-08-11 17:34 . 2007-02-26 21:49 -------- d-----w- c:\program files\Java

2010-07-27 11:59 . 2009-12-07 21:43 -------- d-----w- c:\program files\CCleaner

2010-07-27 06:33 . 2008-11-20 10:06 -------- d-----w- c:\program files\Winamp

2010-07-26 19:27 . 2007-02-27 11:13 -------- d-----w- c:\program files\Encarta

2010-07-26 12:57 . 2007-02-26 21:49 -------- d-----w- c:\program files\Common Files\Adobe

2010-07-26 12:49 . 2008-11-20 10:06 -------- d-----w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Winamp

2010-07-26 12:08 . 2009-12-10 09:19 -------- d-----w- d:\documents and settings\All Users\Application Data\NOS

2010-07-26 10:33 . 2007-02-26 21:49 -------- d-----w- c:\program files\QuickTime

2010-07-21 08:18 . 2009-11-24 08:53 767928 ----a-w- c:\windows\BDTSupport.dll

2010-07-19 13:15 . 2007-02-27 10:05 -------- d-----w- c:\program files\ABBYY FineReader 4.0 Sprint

2010-07-19 07:26 . 2009-11-24 08:53 192 ----a-w- c:\windows\UDB.zip

2010-07-19 07:26 . 2009-11-24 08:53 149456 ----a-w- c:\windows\SGDetectionTool.dll

2010-07-19 07:26 . 2009-11-24 08:53 264144 ----a-w- c:\windows\PCTBDRes.dll

2010-07-19 07:26 . 2009-11-24 08:53 1435600 ----a-w- c:\windows\PCTBDCore.dll

2010-07-17 03:00 . 2010-05-10 20:26 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-09 13:06 . 2010-07-09 13:06 -------- d-----w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\CompleteGuide.D7AEE78E2D43EBD31B3DBE76266084994F93EC42.1

2010-07-09 13:06 . 2010-07-09 13:06 -------- d-----w- c:\program files\Complete Guide

2010-06-30 12:33 . 2004-09-10 16:23 149504 ----a-w- c:\windows\system32\schannel.dll

2010-06-24 12:27 . 2004-09-10 16:23 916480 ----a-w- c:\windows\system32\wininet.dll

2010-06-24 09:02 . 2004-09-10 16:23 1852032 ----a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 2004-09-10 16:23 354304 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 2004-09-10 16:23 80384 ----a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-09-10 16:46 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2010-06-14 07:43 . 2004-09-10 16:23 1172480 ----a-w- c:\windows\system32\msxml3.dll

2010-05-26 07:06 . 2010-05-26 07:06 503808 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d153c80-n\msvcp71.dll

2010-05-26 07:06 . 2010-05-26 07:06 499712 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d153c80-n\jmc.dll

2010-05-26 07:06 . 2010-05-26 07:06 12800 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7a906f1f-n\decora-d3d.dll

2010-05-26 07:06 . 2010-05-26 07:06 61440 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7a906f1f-n\decora-sse.dll

2010-05-26 07:06 . 2010-05-26 07:06 348160 ----a-w- d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-6d153c80-n\msvcr71.dll

2010-04-08 07:33 . 2010-04-08 07:33 3376656 ----a-w- c:\program files\ccsetup230.exe

2010-03-10 16:27 . 2010-03-10 16:27 38824552 ----a-w- c:\program files\FileFormatConverters.exe

2010-03-07 15:30 . 2010-03-07 15:30 3396856 ----a-w- c:\program files\ccsetup229.exe

2010-02-10 19:09 . 2010-02-10 19:09 564064 ----a-w- c:\program files\googleupdatesetup.exe

2009-12-24 17:55 . 2009-12-24 17:55 3357024 ----a-w- c:\program files\ccsetup227.exe

2009-12-09 13:09 . 2009-12-09 13:08 5359048 ----a-w- c:\program files\FoxitReader31_enu_Setup_091125.exe

2009-12-07 21:40 . 2009-12-07 21:40 544 ----a-w- c:\program files\Snelkoppeling naar ccsetup226.lnk

2009-12-07 21:40 . 2009-12-07 21:40 3326576 ----a-w- c:\program files\ccsetup226.exe

2009-12-03 11:16 . 2009-12-03 11:16 4045528 ----a-w- c:\program files\mbam-setup.exe

2009-12-03 11:01 . 2009-12-03 11:01 812344 ----a-w- c:\program files\HijackThisInstaller.exe

2009-12-03 11:00 . 2009-12-03 11:00 401720 ----a-w- c:\program files\HijackThis.exe

2009-02-23 10:39 . 2009-02-23 10:19 1234120 -c--a-w- c:\program files\Winrar3.80.exe

2009-02-19 19:05 . 2009-02-19 19:05 9506496 -c--a-w- c:\program files\YouSendItAcrobatPluginSetup1_0_0.exe

2009-02-17 18:34 . 2009-02-17 18:34 21878064 -c--a-w- c:\program files\QuickTimeInstaller.exe

2009-02-11 20:38 . 2009-02-11 20:38 4865408 -c--a-w- c:\program files\Silverlight.2.0.exe

2008-11-20 09:58 . 2008-11-20 09:58 11485056 -c--a-w- c:\program files\winamp5541_full_all.exe

2008-10-21 15:22 . 2008-10-21 15:22 527 -c--a-w- c:\program files\Snelkoppeling naar agsetup.lnk

2008-10-21 12:10 . 2008-10-21 12:10 1665325 -c--a-w- c:\program files\agsetup.exe

2008-08-08 09:47 . 2008-08-08 09:46 1945800 -c--a-w- c:\program files\PPVIEWER.EXE

2008-07-19 13:08 . 2008-07-19 13:08 467968 -c--a-w- c:\program files\ZoekWekkerDesktopSetup.msi

2008-06-03 13:07 . 2008-06-03 13:06 68244328 -c--a-w- c:\program files\PCveilig.exe

2008-05-30 08:53 . 2008-02-06 13:22 25827912 -c--a-w- c:\program files\wmp11-windowsxp-x86-nl-nl.exe

2008-05-29 09:21 . 2008-05-29 09:21 5754289 -c--a-w- c:\program files\DigiLeenSetup_v1.1.00.0025.exe

2008-04-07 10:10 . 2008-04-07 10:10 59782440 -c--a-w- c:\program files\iTunesSetup.exe

2007-12-12 17:35 . 2007-12-12 17:35 2402832 -c--a-w- c:\program files\WLinstaller.exe

2007-07-20 20:10 . 2007-07-20 20:09 4507040 -c--a-w- c:\program files\AlexAdvancedPlusIndicatorpackSetup.exe

2007-07-16 12:09 . 2007-07-16 15:34 22278 -c--a-w- c:\program files\20070716_0600_GFS_120912.grb

2007-07-16 12:04 . 2007-07-15 19:00 2692662 -c--a-w- c:\program files\install_UGRIB.exe

2007-07-16 10:54 . 2007-07-16 10:54 5320856 -c--a-w- c:\program files\ps2pdf995.exe

2007-07-16 10:52 . 2007-07-16 10:52 2572952 -c--a-w- c:\program files\pdf995s.exe

2007-07-10 10:43 . 2007-07-10 10:43 19302104 -c--a-w- c:\program files\AlexAdvancedPlusSetup.exe

2007-05-14 10:57 . 2007-05-14 10:56 22456888 -c--a-w- c:\program files\AdbeRdr80_nl_NL.exe

2007-05-02 14:51 . 2007-05-02 14:50 3838056 -c--a-w- c:\program files\msgrplus.exe

2008-09-19 06:26 . 2007-03-18 17:37 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-12-08 975360]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-20 68856]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

"Windows Registry Repair Pro"="c:\program files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe" [2005-09-08 1363968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]

"NECHotkey"="mHotkey.exe" [2006-01-11 548864]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-08-02 7110656]

"nwiz"="nwiz.exe" [2005-08-02 1519616]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-08-02 86016]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]

"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]

"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]

"OmniPass"="c:\apps\Softex\OmniPass\scureapp.exe" [2005-08-12 1859584]

"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 90112]

"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-05-11 127118]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-09-19 29744]

"eFax 4.2"="c:\program files\eFax Messenger 4.2\J2GDllCmd.exe" [2006-07-14 107008]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-17 202256]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]

"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2010-05-27 1287120]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

d:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

eFax 4.2.lnk - c:\program files\eFax Messenger 4.2\J2GTray.exe [2007-5-2 612352]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]

2005-08-12 16:01 49152 ----a-w- c:\apps\Softex\OmniPass\OPXPGina.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\GRIB.US\\Ugrib.exe"=

"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\agent.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [24-11-2009 10:52 218592]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [13-8-2010 11:56 165456]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13-8-2010 11:56 17744]

R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [24-11-2009 10:53 198608]

R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10-5-2010 22:11 366840]

S2 gupdate1c9abb1bbf3ed3a;Google Updateservice (gupdate1c9abb1bbf3ed3a);c:\program files\Google\Update\GoogleUpdate.exe [23-3-2009 14:20 133104]

S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [18-3-2007 19:37 29744]

S3 hitmanpro3;Hitman Pro 3 Support Driver;c:\windows\system32\drivers\hitmanpro3.sys [1-7-2008 8:13 3328]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - PCTSDInjDriver32

.

Inhoud van de 'Gedeelde Taken' map

2010-08-16 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-27 08:02]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 12:19]

2010-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-23 12:19]

2010-08-16 c:\windows\Tasks\Master CD_DVD Creator.job

- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]

2010-08-16 c:\windows\Tasks\PC instellen.job

- c:\apps\SMP\PCSETUP.EXE [2005-11-17 09:03]

2010-08-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-779791498-3118289738-2137124882-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-08-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-779791498-3118289738-2137124882-1006.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-08-16 c:\windows\Tasks\Uitgebreide garantie.job

- c:\apps\SMP\PBCARNOT.EXE [2005-11-09 12:55]

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.omroep.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader4.cab

FF - ProfilePath - d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Mozilla\Firefox\Profiles\d53xk6w4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:nl:official

FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=

FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll

FF - component: c:\program files\Spyware Doctor\BDT\FireFox\platform\WINNT_x86-msvc\components\libheuristic.dll

FF - component: d:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll

FF - component: d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Mozilla\Firefox\Profiles\d53xk6w4.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll

FF - component: d:\documents and settings\Dhr. A. Kuijvenhoven\Application Data\Mozilla\Firefox\Profiles\d53xk6w4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-16 10:45

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwClose

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-779791498-3118289738-2137124882-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(580)

c:\apps\Softex\OmniPass\opxpgina.dll

c:\windows\system32\MPR.dll

- - - - - - - > 'explorer.exe'(3504)

c:\apps\Softex\OmniPass\SCUREDLL.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\MPR.dll

c:\windows\system32\WS2_32.dll

c:\windows\system32\WS2HELP.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2010-08-16 10:49:13

ComboFix-quarantined-files.txt 2010-08-16 08:49

ComboFix2.txt 2010-08-13 21:11

ComboFix3.txt 2009-12-04 11:03

Pre-Run: 15.145.660.416 bytes beschikbaar

Post-Run: 15.130.329.088 bytes beschikbaar

- - End Of File - - F4C2D14B0D888038C95DD5B4493C76E9

kape · 16 augustus 2010

Dit is wél een logje van vandaag ... maar de opdracht is niet helemaal correct uitgevoerd (zodat de aangeduide items niet verwijderd zijn). Bedoeling is dat je het bestandje CFScript.txt IN de rode snelkoppeling van Combofix op je bureaublad sleept. Dan start Combofix opnieuw op om de aanpassingen te doen.

Nu heb je enkel een link (zonder opdrachten) en niet het bestandje (mét opdrachten) naar Combofix gesleept. Wil je het nog eens proberen op de hogervermelde manier ?

ariekuij · 16 augustus 2010

Heb nieuw log bijgevoegd. Mocht dit weer niet voldoende zijn, dan weet ik niet hoe ik de nieuwe opdrachen in ComboFix moet plakken.

OVerigens werden na de scan een hele rij bestandjes verwijderd. Ook werd er een server geupload, maar dat proces werd tot twee keer toe afgebroken. ALhoewel met de nodige reserve heb ik dat verzenden maar oegestaan. Was dat de bedoeling?

ComboFix 10-08-15.04 - Dhr. A. Kuijvenhoven 16-08-2010 14:37:48.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.501 [GMT 2:00]

Gestart vanuit: d:\documents and settings\Dhr. A. Kuijvenhoven\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: d:\documents and settings\Dhr. A. Kuijvenhoven\Mijn documenten\Downloads\CFScript.txt.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\program files\20070716_0600_GFS_120912.grb"

"c:\program files\AdbeRdr80_nl_NL.exe"

"c:\program files\agsetup.exe"

"c:\program files\AlexAdvancedPlusIndicatorpackSetup.exe"

"c:\program files\AlexAdvancedPlusSetup.exe"

"c:\program files\ccsetup226.exe"

"c:\program files\ccsetup227.exe"

"c:\program files\ccsetup229.exe"

"c:\program files\ccsetup230.exe"

"c:\program files\DigiLeenSetup_v1.1.00.0025.exe"

"c:\program files\Firefox Setup 3.5.11.exe"

"c:\program files\FoxitReader31_enu_Setup_091125.exe"

"c:\program files\googleupdatesetup.exe"

"c:\program files\HijackThisInstaller.exe"

"c:\program files\install_UGRIB.exe"

"c:\program files\iTunesSetup.exe"

"c:\program files\mbam-setup.exe"

"c:\program files\QuickTimeInstaller.exe"

"c:\program files\setup_av_free_dut.exe"

"c:\program files\Snelkoppeling naar agsetup.lnk"

"c:\program files\Snelkoppeling naar ccsetup226.lnk"

"c:\program files\Snelkoppeling naar setup_av_free_dut.lnk"

"c:\program files\winamp5541_full_all.exe"

"c:\program files\wmp11-windowsxp-x86-nl-nl.exe"

"c:\program files\YouSendItAcrobatPluginSetup1_0_0.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\20070716_0600_GFS_120912.grb

c:\program files\AdbeRdr80_nl_NL.exe

c:\program files\agsetup.exe

c:\program files\AlexAdvancedPlusIndicatorpackSetup.exe

c:\program files\AlexAdvancedPlusSetup.exe

c:\program files\AskBarDis\bar\bin\askPopStp.dll

c:\program files\AskBarDis\bar\bin\psvince.dll

c:\program files\AskBarDis\bar\Cache\0003D216

c:\program files\AskBarDis\bar\Cache\00F0DADF.bin

c:\program files\AskBarDis\bar\Cache\00F0DD31.bin

c:\program files\AskBarDis\bar\Cache\00F0DF73.bin

c:\program files\AskBarDis\bar\Cache\00F0E129.bin

c:\program files\AskBarDis\bar\Cache\00F0E2CF.bin

c:\program files\AskBarDis\bar\Cache\00F0E455.bin

c:\program files\AskBarDis\bar\Cache\00F0E5CC.bin

c:\program files\AskBarDis\bar\Cache\00F0E743.bin

c:\program files\AskBarDis\bar\Cache\00F0E918.bin

c:\program files\AskBarDis\bar\Cache\00F0EA8F.bin

c:\program files\AskBarDis\bar\Cache\files.ini

c:\program files\AskBarDis\bar\History\search

c:\program files\AskBarDis\bar\Settings\config.dat

c:\program files\AskBarDis\bar\Settings\config.dat.bak

c:\program files\AskBarDis\bar\Settings\prevcfg.htm

c:\program files\ccsetup226.exe

c:\program files\ccsetup227.exe

c:\program files\ccsetup229.exe

c:\program files\ccsetup230.exe

c:\program files\DigiLeenSetup_v1.1.00.0025.exe

c:\program files\Firefox Setup 3.5.11.exe

c:\program files\FoxitReader31_enu_Setup_091125.exe

c:\program files\googleupdatesetup.exe

c:\program files\HijackThisInstaller.exe

c:\program files\install_UGRIB.exe

c:\program files\iTunesSetup.exe

c:\program files\mbam-setup.exe

c:\program files\QuickTimeInstaller.exe

c:\program files\setup_av_free_dut.exe

c:\program files\Snelkoppeling naar agsetup.lnk

c:\program files\Snelkoppeling naar ccsetup226.lnk

c:\program files\Snelkoppeling naar setup_av_free_dut.lnk

c:\program files\winamp5541_full_all.exe

c:\program files\wmp11-windowsxp-x86-nl-nl.exe

c:\program files\YouSendItAcrobatPluginSetup1_0_0.exe

d:\documents and settings\LocalService.NT AUTHORITY.004\Application Data\McAfee

d:\documents and settings\LocalService.NT AUTHORITY.004\Application Data\McAfee\sacore\sacore.db

d:\documents and settings\LocalService.NT AUTHORITY.004\Application Data\McAfee\sacore\sacore_cache.db

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-16 to 2010-08-16 ))))))))))))))))))))))))))))))

.

2010-08-16 10:19 . 2010-08-16 12:24 -------- d--h--r- d:\documents and settings\Dhr. A. Kuijvenhoven\Onlangs geopend