Browser Hijacker?

[Rooieborrels]

ComboFix 11-09-08.03 - gebruiker 08-09-2011 23:12:15.3.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1439 [GMT 2:00]Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exegebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt.txtAV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}..(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\gebruiker\Application Data\3846B8F6c:\documents and settings\gebruiker\Application Data\3846B8F6\3846B8F6.DATc:\documents and settings\gebruiker\Application Data\3846B8F6\3846B8F6.DAT.DATc:\documents and settings\gebruiker\Application Data\9019A174c:\documents and settings\gebruiker\Application Data\BabylonToolbar..(((((((((((((((((((( Bestanden Gemaakt van 2011-08-08 to 2011-09-08 ))))))))))))))))))))))))))))))..2011-09-07 19:39 . 2010-03-18 12:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys2011-09-07 12:47 . 2011-09-07 12:47 388096 ----a-r- c:\documents and settings\gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe2011-09-07 06:35 . 2011-09-07 07:08 -------- d-----w- c:\documents and settings\gebruiker\Application Data\AVG2011-09-06 20:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe2011-09-06 19:40 . 2011-09-06 19:40 -------- d-----w- c:\windows\system32\wbem\Repository2011-09-06 07:06 . 2011-09-06 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files2011-09-06 07:04 . 2011-09-07 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy2011-09-06 07:03 . 2011-09-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG20122011-09-06 06:58 . 2011-09-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData2011-09-05 21:41 . 2011-09-06 06:50 -------- d-----w- C:\sh4ldr2011-09-05 20:43 . 2011-09-05 20:43 -------- d-----w- c:\documents and settings\gebruiker\Application Data\Agnitum2011-09-05 20:43 . 2011-09-05 20:45 -------- d-----w- c:\windows\system32\Filt2011-09-05 20:41 . 2011-09-05 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum2011-09-05 20:18 . 2011-09-05 20:21 -------- dc-h--w- c:\windows\ie82011-09-04 18:36 . 2011-06-16 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe2011-08-19 13:27 . 2011-08-19 13:27 -------- d-----w- c:\documents and settings\LocalService\Mijn documenten2011-08-19 13:27 . 2011-08-19 13:27 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend2011-08-16 07:49 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys...((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-07-30 19:22 . 2010-03-25 21:31 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys2011-07-15 13:29 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-07-08 14:02 . 2001-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys2011-07-06 17:52 . 2011-07-30 20:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-07-06 17:52 . 2011-07-30 20:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-06-24 14:10 . 2007-05-03 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys2011-06-23 18:31 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll2011-06-23 18:31 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll2011-06-23 18:31 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl2011-06-23 12:05 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv(2).dll2007-05-15 20:38 . 2007-07-07 18:04 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll2007-05-15 20:38 . 2007-07-07 18:04 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll2007-05-15 20:38 . 2007-07-07 18:04 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll2007-05-15 20:38 . 2007-07-07 18:04 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll2007-05-15 20:38 . 2007-07-07 18:04 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll..((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))..*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872]"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]"nwiz"="nwiz.exe" [2006-07-20 1519616].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360].c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-13 113664]Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]@="".[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]@="".[HKEY_LOCAL_MACHINE\software\microsoft\security center]"AntiVirusOverride"=dword:00000001.[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]"DisableMonitoring"=dword:00000001.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\Program Files\\DAP\\DAP.exe"="c:\\Program Files\\ABC\\abc.exe"="c:\\Program Files\\LimeWire\\LimeWire.exe"="c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"="c:\\Program Files\\Call of Duty\\CoDMP.exe"="d:\\Battle for middle earth\\game.dat"="c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]"3389:TCP"= 3389:TCP:Remote Desktop"65533:TCP"= 65533:TCP:Services"52344:TCP"= 52344:TCP:Services.R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 14:53 64288]R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2007 16:47 697328]R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 21:39 95024]R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 12:15 1097728]R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?]S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664]S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1355968]S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664]S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 15:52 100480]S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?]S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?].Inhoud van de 'Gedeelde Taken' map.2011-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53].2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05].2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]..------- Bijkomende Scan -------.uStart Page = hxxp://www.google.com/IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htmIE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.htmlIE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.htmlIE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.htmlIE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.htmlIE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlTCP: DhcpNameServer = 212.54.35.25 212.54.40.25Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllName-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dllDPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cabFF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-09-08 23:15Windows 5.1.2600 Service Pack 3 NTFS.scannen van verborgen processen ... .scannen van verborgen autostart items ... .scannen van verborgen bestanden ... .Scan succesvol afgerondverborgen bestanden: 0.**************************************************************************.--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------.[HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*]@Allowed: (Read) (RestrictedCode)@Allowed: (Read) (RestrictedCode)"jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f, 68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80.[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]"3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL".--------------------- DLLs Geladen Onder Lopende Processen ---------------------.- - - - - - - > 'winlogon.exe'(856)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.Voltooingstijd: 2011-09-08 23:17:29ComboFix-quarantined-files.txt 2011-09-08 21:17ComboFix2.txt 2011-09-08 21:09ComboFix3.txt 2011-09-08 14:55.Pre-Run: 5.475.745.792 bytes beschikbaarPost-Run: 5.458.182.144 bytes beschikbaar.Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4- - End Of File - - 25010A43D0F51112C5E2A6A8C4A04CA6

[kweezie wabbit]

Kan je het laatste logje opnieuw plaatsen want op deze manierr is het niet te lezen

[Rooieborrels]

ComboFix 11-09-09.03 - gebruiker 09-09-2011 11:28:56.4.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2046.1424 [GMT 2:00]

Gestart vanuit: c:\documents and settings\gebruiker\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\gebruiker\Bureaublad\CFScript.txt.txt

AV: Avira AntiVir PersonalEdition *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

AV: BitDefender Antivirus *Disabled/Updated* {6C4BB89C-B0ED-4F41-A29C-4373888923BB}

FW: BitDefender Firewall *Disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

FW: Trend Micro Personal Firewall *Disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-08-09 to 2011-09-09 ))))))))))))))))))))))))))))))

.

.

2011-09-09 09:14 . 2011-09-09 09:14 -------- d-----w- c:\windows\LastGood

2011-09-07 19:39 . 2010-03-18 12:53 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2011-09-07 12:47 . 2011-09-07 12:47 388096 ----a-r- c:\documents and settings\gebruiker\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-09-07 06:35 . 2011-09-07 07:08 -------- d-----w- c:\documents and settings\gebruiker\Application Data\AVG

2011-09-06 20:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe

2011-09-06 19:40 . 2011-09-06 19:40 -------- d-----w- c:\windows\system32\wbem\Repository

2011-09-06 07:06 . 2011-09-06 07:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Common Files

2011-09-06 07:04 . 2011-09-07 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2011-09-06 07:03 . 2011-09-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012

2011-09-06 06:58 . 2011-09-07 14:37 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

2011-09-05 21:41 . 2011-09-06 06:50 -------- d-----w- C:\sh4ldr

2011-09-05 20:43 . 2011-09-05 20:43 -------- d-----w- c:\documents and settings\gebruiker\Application Data\Agnitum

2011-09-05 20:43 . 2011-09-05 20:45 -------- d-----w- c:\windows\system32\Filt

2011-09-05 20:41 . 2011-09-05 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Agnitum

2011-09-05 20:18 . 2011-09-05 20:21 -------- dc-h--w- c:\windows\ie8

2011-09-04 18:36 . 2011-06-16 11:54 15880 ----a-w- c:\windows\system32\lsdelete.exe

2011-08-19 13:27 . 2011-08-19 13:27 -------- d-----w- c:\documents and settings\LocalService\Mijn documenten

2011-08-19 13:27 . 2011-08-19 13:27 -------- d--h--r- c:\documents and settings\LocalService\Onlangs geopend

2011-08-16 07:49 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-30 19:22 . 2010-03-25 21:31 21064 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2011-07-15 13:29 . 2001-09-07 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-07-08 14:02 . 2001-09-07 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys

2011-07-06 17:52 . 2011-07-30 20:30 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-06 17:52 . 2011-07-30 20:30 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-24 14:10 . 2007-05-03 14:45 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2011-06-23 18:31 . 2001-09-07 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2011-06-23 18:31 . 2001-09-07 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2011-06-23 18:31 . 2001-09-07 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-06-23 12:05 . 2007-05-03 15:21 385024 ------w- c:\windows\system32\html.iec

2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2011-06-20 17:44 . 2001-09-07 12:00 293888 ----a-w- c:\windows\system32\winsrv(2).dll

2007-05-15 20:38 . 2007-07-07 18:04 66672 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2007-05-15 20:38 . 2007-07-07 18:04 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2007-05-15 20:38 . 2007-07-07 18:04 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2007-05-15 20:38 . 2007-07-07 18:04 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2007-05-15 20:38 . 2007-07-07 18:04 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

.

.

((((((((((((((((((((((((((((( SnapShot_2011-09-08_21.07.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-09-08 21:44 . 2011-09-08 21:44 16384 c:\windows\Temp\Perflib_Perfdata_264.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-23 68856]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-31 2424192]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-20 7581696]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-20 86016]

"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2006-06-23 225280]

"LogitechCameraAssistant"="c:\program files\Acer\OrbiCam\CameraAssistant.exe" [2006-06-26 331776]

"LogitechVideo[inspector]"="c:\program files\Acer\OrbiCam\InstallHelper.exe" [2006-06-26 13:55 73728]

"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]

"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 15961088]

"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]

"OPSE reminder"="c:\program files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe" [2003-07-07 729088]

"DownloadAccelerator"="c:\progra~1\DAP\DAP.EXE" [2007-05-10 1359872]

"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"nwiz"="nwiz.exe" [2006-07-20 1519616]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-5-13 113664]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-28 17:53 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RkHit.sys]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\DAP\\DAP.exe"=

"c:\\Program Files\\ABC\\abc.exe"=

"c:\\Program Files\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\MagneticOne\\Store Manager for osCommerce\\osCommerce_Manager.exe"=

"c:\\Program Files\\Call of Duty\\CoDMP.exe"=

"d:\\Battle for middle earth\\game.dat"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:Remote Desktop

"65533:TCP"= 65533:TCP:Services

"52344:TCP"= 52344:TCP:Services

.

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [18-03-2010 14:53 64288]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [09-07-2007 16:47 697328]

R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [07-09-2011 21:39 95024]

R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [04-05-2007 12:15 1097728]

R3 xcpip;Stuurprogramma voor TCP/IP-protocol;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?]

R3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?]

S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]

S1 SAS***IL;SAS***IL;\??\c:\program files\SUPERAntiSpyware\SAS***IL.sys --> c:\program files\SUPERAntiSpyware\SAS***IL.sys [?]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [04-02-2010 17:52 1355968]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [05-02-2010 14:06 135664]

S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [24-07-2010 15:52 100480]

S3 ldiskl;ldiskl;\??\c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\GEBRUI~1\LOCALS~1\Temp\ldiskl.sys [?]

S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]

.

Inhoud van de 'Gedeelde Taken' map

.

2011-09-05 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 11:53]

.

2011-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

2011-09-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 12:05]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.com/

IE: &Download with &DAP - c:\progra~1\DAP\dapextie.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

TCP: DhcpNameServer = 212.54.35.25 212.54.40.25

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll

DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab

FF - ProfilePath - c:\documents and settings\gebruiker\Application Data\Mozilla\Firefox\Profiles\bn8gdsqe.default\

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-09-09 11:37

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-1993962763-963894560-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{23633431-3CE3-7B2C-8B03-7EE2ED5247DA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"jabdcgdhgghfncpgkdph"=hex:6f,61,6a,65,70,63,67,70,6f,6f,64,6f,62,64,6f,66,6f,

68,61,68,63,66,70,67,6f,63,6b,65,68,6b,00,80

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

"3140C10900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(856)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

- - - - - - - > 'explorer.exe'(5156)

c:\windows\system32\nview.dll

c:\windows\system32\NVWRSNL.DLL

c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll

c:\windows\system32\nvwddi.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Voltooingstijd: 2011-09-09 11:39:34

ComboFix-quarantined-files.txt 2011-09-09 09:39

ComboFix2.txt 2011-09-08 21:17

ComboFix3.txt 2011-09-08 21:09

ComboFix4.txt 2011-09-08 14:55

.

Pre-Run: 5.415.772.160 bytes beschikbaar

Post-Run: 5.399.859.200 bytes beschikbaar

.

Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4

- - End Of File - - 42CFD6E1D60060F66FB2D34666CD34A9

[kape]

Dit is OK nu. Hoe gedraagt de PC zich nu ?

[Rooieborrels]

Nog altijd hetzelfde helaas. Zijn er nog andere opties?

[kape]

Nog altijd hetzelfde helaas. Zijn er nog andere opties?

Is de traagheid identiek bij Internet Explorer en Firefox ?

[Rooieborrels]

Explorer is nog altijd een drama. Firefox lijkt wel redelijk normaal te werken. Normaalgesproken werk ik altijd met Explorer.

[kape]

Kans bestaat dan dat de oorzaak bij Internet Explorer ligt. Om dit zeker te kunnen stellen, kan je nog een derde browser downloaden en dan eens bekijken hoe die werkt. Neem bvb. Google Chrome en zo kan je (mogelijk) uitmaken of IE of FF de norm is waar je je naar moet richten ?

[Rooieborrels]

Heb even met Firefox gewerkt en leek in beginsel goed te gaan maar is nu al net zo traag als Explorer. Ik begrijp er helemaal niets van.

Ik heb ook de internetverbinding getest via de pc van mijn vriendin maar daar is helemaal niets mis mee. Bij haar is internet supersnel en werkt Explorer ook prima.

Kunnen de virussen die op mijn pc aanwezig waren, iets op dieper niveau hebben aangetast misschien?

[kape]

Kunnen de virussen die op mijn pc aanwezig waren, iets op dieper niveau hebben aangetast misschien?

Dat kan natuurlijk altijd, alleen zijn er in je recente logjes geen aanwijzingen die dit zouden aantonen. Maar ... je hebt al eerder andere programma's gebruikt om je virus aan te pakken en mogelijk zouden daar sporen te vinden kunnen zijn van besmettingen die dieper op je systeem zouden kunnen ingrijpen. Heb je nog resultaten van de verwijderde items van SAS, Spybot, e.d. ?

Laat ondertussen dit nog even scannen :

Download TDSSKiller en plaats het op je bureaublad.

Pak de bestanden in tdsskiller.zip uit.

Open de map tdsskiller en dubbelklik op TDSSKiller.exe om de tool te starten.

Windows 7 en Windows Vista gebruikers:

Rechtsklik op TDSSKiller.exe -> Uitvoeren als Administrator om de tool te starten.

Als TDSSKiller bericht geeft van een beschikbare update, dan voer je deze eerst uit.

Klik op de knop "Start Scan" en volg de instructies.

Wanneer de scan klaar is klik je op de knop "Report".

Er opent een kladblokbestand. Post de inhoud van dit bestand.

Herstart de pc als TDSSKiller die optie geeft. (Reboot now)

Wanneer er een herstart nodig was, vind je de logfile in C:\TDSSKiller.[Version]_[Date]_[Time]_log.txt