in golven zeer trage laptop

ComboFix 10-08-17.04 - ….. 18-08-2010 21:28:35.3.1 - FAT32x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.502.230

Gestart vanuit: c:\documents and settings\……\Bureaublad\ComboFix.exe

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

c:\docume~1\MA~1\LOCALS~1\Temp\IadHide5.dll

c:\documents and settings\ma\Application Data\Microsoft\Internet Explorer\Quick Launch\Plug&Play.lnk

c:\documents and settings\ma\Local Settings\Temp\IadHide5.dll

c:\documents and settings\ma\Menu Start\Programma's\Opstarten\OpenOffice.org 2.4 .lnk

C:\Thumbs.db

c:\windows\Fonts\acrsec.fon

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-18 to 2010-08-18 ))))))))))))))))))))))))))))))

2010-08-18 19:24 . 2010-08-18 19:23 399872 —-a-w- c:\windows\system32\CF29230.exe

2010-08-16 20:14 . 2010-08-16 20:13 399872 —-a-w- c:\windows\system32\CF31804.exe

2010-08-16 19:35 . 2010-08-16 19:34 399872 —-a-w- c:\windows\system32\CF24110.exe

2010-08-16 19:31 . 2010-08-16 19:29 399872 —-a-w- c:\windows\system32\CF23235.exe

2010-08-12 21:14 . 2010-08-12 21:14 ——– d—–w- C:\ToolBar SD

2010-08-12 18:43 . 2010-08-12 18:43 ——– d—–w- C:\FyK

2010-08-12 16:34 . 2010-08-12 16:34 388096 —-a-r- c:\documents and settings\ma\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-09 12:00 . 2010-08-09 12:00 ——– d—–w- c:\program files\Little Shop 3

2010-08-08 18:39 . 2010-08-08 18:40 ——– d—–w- c:\program files\icons

2010-08-05 09:17 . 2010-08-05 09:17 503808 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-49174f60-n\msvcp71.dll

2010-08-05 09:17 . 2010-08-05 09:17 499712 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-49174f60-n\jmc.dll

2010-08-05 09:17 . 2010-08-05 09:17 348160 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-49174f60-n\msvcr71.dll

2010-08-05 09:17 . 2010-08-05 09:17 61440 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6faaa480-n\decora-sse.dll

2010-08-05 09:17 . 2010-08-05 09:17 12800 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-6faaa480-n\decora-d3d.dll

2010-07-27 06:30 . 2010-07-27 06:30 8509440 ——w- c:\windows\system32\dllcache\shell32.dll

2010-07-25 14:32 . 2010-07-25 14:32 ——– d—–w- c:\documents and settings\ma\Calibre Bibliotheek

2010-07-25 14:32 . 2010-07-25 14:32 ——– d—–w- c:\documents and settings\ma\Application Data\calibre

2010-07-25 14:30 . 2010-07-25 14:30 ——– d—–w- c:\program files\Calibre2

2010-07-25 11:55 . 2010-07-25 11:55 ——– d—–w- c:\documents and settings\ma\Local Settings\Application Data\CutePDF Writer

2010-07-25 11:48 . 2010-07-25 11:48 ——– d—–w- c:\program files\Acro Software

2010-07-23 15:09 . 2010-07-23 15:09 ——– d—–w- c:\documents and settings\ma\Local Settings\Application Data\JollyBear

2010-07-23 15:09 . 2010-07-23 15:09 ——– d—–w- c:\documents and settings\All Users\Application Data\JollyBear

2010-07-21 17:48 . 2010-07-21 17:48 ——– d—–w- c:\documents and settings\All Users\Application Data\NeptunesAdve

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2010-08-18 19:36 . 2006-01-18 02:24 12 —-a-w- c:\windows\bthservsdp.dat

2010-08-13 19:15 . 1979-12-31 22:00 87386 —-a-w- c:\windows\system32\perfc013.dat

2010-08-13 19:15 . 1979-12-31 22:00 500982 —-a-w- c:\windows\system32\perfh013.dat

2010-07-17 03:00 . 2010-06-29 20:29 423656 —-a-w- c:\windows\system32\deployJava1.dll

2010-06-30 12:33 . 1979-12-31 22:00 149504 —-a-w- c:\windows\system32\schannel.dll

2010-06-29 20:29 . 2010-06-29 20:29 61440 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ccaeca5-n\decora-sse.dll

2010-06-29 20:29 . 2010-06-29 20:29 12800 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-7ccaeca5-n\decora-d3d.dll

2010-06-29 20:29 . 2010-06-29 20:29 503808 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7356aab0-n\msvcp71.dll

2010-06-29 20:29 . 2010-06-29 20:29 499712 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7356aab0-n\jmc.dll

2010-06-29 20:29 . 2010-06-29 20:29 348160 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7356aab0-n\msvcr71.dll

2010-06-29 19:16 . 2010-06-29 19:16 503808 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6baf7500-n\msvcp71.dll

2010-06-29 19:16 . 2010-06-29 19:16 499712 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6baf7500-n\jmc.dll

2010-06-29 19:16 . 2010-06-29 19:16 348160 —-a-w- c:\documents and settings\ma\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-6baf7500-n\msvcr71.dll

2010-06-24 12:19 . 1979-12-31 22:00 832512 —-a-w- c:\windows\system32\wininet.dll

2010-06-24 12:19 . 1979-12-31 22:00 78336 —-a-w- c:\windows\system32\ieencode.dll

2010-06-24 12:19 . 1979-12-31 22:00 17408 ——w- c:\windows\system32\corpol.dll

2010-06-24 09:03 . 1979-12-31 22:00 1852032 —-a-w- c:\windows\system32\win32k.sys

2010-06-21 15:27 . 1979-12-31 22:00 354304 —-a-w- c:\windows\system32\drivers\srv.sys

2010-06-17 14:03 . 1979-12-31 22:00 80384 —-a-w- c:\windows\system32\iccvid.dll

2010-06-14 14:31 . 2004-09-14 16:59 744448 —-a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe

2010-06-14 07:43 . 1979-12-31 22:00 1172480 —-a-w- c:\windows\system32\msxml3.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

“EPSON Stylus DX3800 Series”=“c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE”

“preload”=“c:\windows\RUNXMLPL.exe”

“IgfxTray”=“c:\windows\system32\igfxtray.exe”

“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”

“SoundMan”=“SOUNDMAN.EXE”

“SynTPLpr”=“c:\program files\Synaptics\SynTP\SynTPLpr.exe”

“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”

“EPM-DM”=“c:\acer\epm\epm-dm.exe”

“ePowerManagement”=“c:\acer\ePM\ePM.exe”

“IMJPMIG8.1”=“c:\windows\IME\imjp8_1\IMJPMIG.EXE”

“MSPY2002”=“c:\windows\system32\IME\PINTLGNT\ImScInst.exe”

“PHIME2002ASync”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE”

“PHIME2002A”=“c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE”

“PCMService”=“c:\program files\Arcade\PCMService.exe”

“LaunchAp”=“c:\program files\Launch Manager\LaunchAp.exe”

“PowerKey”=“c:\program files\Launch Manager\PowerKey.exe”

“LManager”=“c:\program files\Launch Manager\HotkeyApp.exe”

“CtrlVol”=“c:\program files\Launch Manager\CtrlVol.exe”

“LMgrOSD”=“c:\program files\Launch Manager\OSDCtrl.exe”

“Wbutton”=“c:\program files\Launch Manager\Wbutton.exe”

“eRecoveryService”=“c:\program files\Acer\eRecovery\Monitor.exe”

“BluetoothAuthenticationAgent”=“bthprops.cpl”

“EPSON Stylus DX3800 Series”=“c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE”

“Adobe Photo Downloader”=“c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe”

“QuickTime Task”=“c:\program files\QuickTime\qttask.exe”

“Logitech Hardware Abstraction Layer”=“KHALMNPR.EXE”

“Kernel and Hardware Abstraction Layer”=“KHALMNPR.EXE”

“egui”=“c:\program files\ESET\ESET NOD32 Antivirus\egui.exe”

“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE

Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe

KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe

De uitvoeringstijd is overschreden voor script c:\combofix\lnkread.vbs.

De uitvoering van het script is be‰indigd.

@=“”

“%windir%\\system32\\sessmgr.exe”=

“c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe”=

“c:\program files\Microsoft ActiveSync\rapimgr.exe”= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

“c:\program files\Microsoft ActiveSync\WCESMgr.exe”= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

“c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe”=

“c:\\Program Files\\eMule\\emule.exe”=

“c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe”=

“%windir%\\Network Diagnostic\\xpnetdiag.exe”=

“c:\program files\Microsoft ActiveSync\wcescomm.exe”= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

“c:\\WINDOWS\\System32\\FXSCLNT.exe”=

“26675:TCP”= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 mailKmd;mailKmd;

R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys

R3 dtusb;Daewoo Teletech USB Network Adapter;c:\windows\system32\DRIVERS\dtusb.sys

S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys

S2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe

S3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys

Inhoud van de ‘Gedeelde Taken’ map

——- Bijkomende Scan ——-

uStart Page = hxxp://www.startpagina.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = “c:\program files\MSN Gaming Zone\Windows\bckgzm.exe”

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

IE: Verzenden naar &Bluetooth - c:\program files\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab

DPF: {91F52A42-C10D-49A7-B941-882C657C604F} - hxxp://kitcentral.wanadoo.nl/download/install/win32/nl/instwact/instwact.dll

DPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} - file:///E:/CDVIEWER/CdViewer.cab

- - - - ORPHANS VERWIJDERD - - - -

SafeBoot-AVG Anti-Spyware Driver

SafeBoot-aawservice

SafeBoot-AVG Anti-Spyware Guard

AddRemove-DVD Jewel Case and Label Creator - c:\progra~1\CDLABEL\UNWISE.EXE

AddRemove-Magic Ball 2 - c:\progra~1\GAMEHO~1\MAGICB~1\UNWISE.EXE

AddRemove-Super Mahjong_is1 - c:\program files\Super Mahjong\unins000.exe

AddRemove-Worm Wars III_is1 - c:\program files\Worm Wars III\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-08-18 21:38

Windows 5.1.2600 Service Pack 3 FAT NTAPI

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

——————— VERGRENDELDE REGISTER SLEUTELS ———————

“Name”=“ActiveSync”

“DisplayName”=“Microsoft ActiveSync”

“Param1”=“ActiveSync”

“Param2”=“”

“Type”=“wellknown”

“Order”=dword:00000000

“State”=dword:0000000b

“Name”=“oemDesktop1”

“DisplayName”=“Acrobat Reader for PC”

“Param1”=“oem\\APP\\AdbeRdr705_nld_full.exe”

“Param2”=“”

“Type”=“createprocess”

“Order”=dword:00000000

“State”=dword:0000001b

——————— DLLs Geladen Onder Lopende Processen ———————

- - - - - - - > ‘explorer.exe’(3908)

c:\docume~1\MA~1\LOCALS~1\Temp\IadHide5.dll

c:\program files\CyberLink\Shared Files\CLRCEngine.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

———————— Andere Aktieve Processen ————————

c:\acer\eManager\anbmServ.exe

c:\program files\Sitecom\Bluetooth Software\bin\btwdins.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\SOUNDMAN.EXE

c:\windows\system32\rundll32.exe

c:\program files\Microsoft ActiveSync\wcescomm.exe

c:\program files\Sitecom\Bluetooth Software\BTTray.exe

c:\program files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe

c:\progra~1\MICROS~4\rapimgr.exe

**************************************************************************

Voltooingstijd: 2010-08-18 21:51:59 - machine werd herstart

ComboFix-quarantined-files.txt 2010-08-18 19:51

ComboFix2.txt 2009-03-02 21:50

ComboFix3.txt 2008-06-22 19:28

Pre-Run: 3.806.052.352 bytes beschikbaar

Post-Run: 4.174.462.976 bytes beschikbaar

- - End Of File - - 33FDF586C6C99AB90EEFFDE4BE76CFF1

maria

Argus

maria

Argus

maria

Argus

maria

Argus