BWTimm

21 september 2009

Aan Kape

ComboFix 09-09-20.01 - B.W. Timmerarends 21-09-2009 12:41.1.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1016.528 [GMT 2:00]

Gestart vanuit: E:\ComboFix.exe

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\5b787.msi

c:\windows\system32\Data

c:\windows\system32\NTSVc.ocx

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-08-21 to 2009-09-21 ))))))))))))))))))))))))))))))

.

2009-09-17 16:00 . 2009-09-17 16:00 -------- d-----w- c:\documents and settings\B.W. Timmerarends\Application Data\Malwarebytes

2009-09-17 16:00 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-17 16:00 . 2009-09-17 16:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-17 16:00 . 2009-09-17 16:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-17 16:00 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-16 16:48 . 2009-09-16 16:48 -------- d-----w- c:\program files\Trend Micro

2009-09-15 20:39 . 2009-09-21 09:16 -------- d--h--r- c:\documents and settings\B.W. Timmerarends\Onlangs geopend

2009-09-15 18:25 . 2009-09-15 18:25 -------- d-----w- c:\documents and settings\B.W. Timmerarends\Application Data\Uniblue

2009-09-08 13:19 . 2009-09-14 07:50 -------- d-----w- c:\documents and settings\B.W. Timmerarends\Application Data\HpUpdate

2009-09-08 13:19 . 2009-09-08 13:19 -------- d-----w- c:\windows\Hewlett-Packard

2009-09-08 12:49 . 2009-09-08 12:49 262144 ----a-w- c:\windows\system32\default_user_class.dat

2009-09-08 08:30 . 2009-09-17 12:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-09-07 19:53 . 2009-09-07 19:53 -------- d-----w- c:\program files\UPHClean

2009-09-07 10:31 . 2009-09-07 10:31 -------- d-----w- c:\program files\Eusing Free Registry Cleaner

2009-09-07 07:16 . 2009-09-07 07:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters

2009-09-04 20:46 . 2009-09-04 20:46 -------- d-----w- c:\program files\ESET

2009-09-04 12:06 . 2009-09-08 16:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-09-04 12:06 . 2009-09-04 14:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-09-02 19:21 . 2009-09-02 19:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SurfRight

2009-08-27 14:20 . 2009-08-27 14:20 -------- d-----w- c:\documents and settings\B.W. Timmerarends\Local Settings\Application Data\SupportSoft

2009-08-27 14:20 . 2009-08-27 14:20 -------- d-----w- c:\program files\Common Files\SupportSoft

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-19 15:29 . 2008-08-09 19:40 2423 -c--a-w- c:\windows\NewRecorder.reg

2009-09-19 15:29 . 2008-08-09 19:40 1866853 -c--a-w- c:\windows\Recorder.reg

2009-09-07 12:32 . 2008-10-11 17:40 -------- d-----w- c:\program files\Acro Software

2009-09-07 12:27 . 2008-07-21 17:40 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-27 15:14 . 2009-07-16 16:33 -------- d-----w- c:\program files\KPN Mobile Connect

2009-08-05 09:01 . 2001-09-07 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-31 06:51 . 2009-01-20 20:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

2009-07-31 06:51 . 2009-01-20 20:46 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2009-07-31 06:51 . 2009-01-20 20:46 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2009-07-30 12:07 . 2009-07-30 12:07 -------- d-----w- c:\program files\TomTom International B.V

2009-07-30 12:06 . 2008-10-22 11:22 -------- d-----w- c:\program files\TomTom HOME 2

2009-07-17 19:04 . 2001-09-07 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-17 07:08 . 2009-07-17 07:03 123378 ----a-w- c:\windows\hpqins00.dat

2009-07-16 16:49 . 2001-09-07 12:00 69614 ----a-w- c:\windows\system32\perfc013.dat

2009-07-16 16:49 . 2001-09-07 12:00 442318 ----a-w- c:\windows\system32\perfh013.dat

2009-07-13 21:43 . 2004-08-04 08:03 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-07-03 17:00 . 2001-09-07 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-06-25 08:27 . 2001-09-07 12:00 735232 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2001-09-07 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2001-09-07 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2001-09-07 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:27 . 2001-09-07 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2001-09-07 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2001-09-07 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2007-09-17 12:16 . 2008-07-23 10:56 2686232 -c--a-w- c:\program files\vcredist_x86.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-19 247144]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-23 68856]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 1123840]

"InstantTray"="c:\program files\Pinnacle\Shared Files\InstantCDDVD\PCLETray.exe" [2004-05-06 772096]

"Creative Detector"="c:\program files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]

"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2002-07-26 155648]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2002-07-26 114688]

"CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-02-15 57344]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-18 2022680]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"P17Helper"="P17.dll" - c:\windows\system32\P17.dll [2005-05-03 64512]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

Sonic CinePlayer Quick Launch.lnk - c:\program files\Common Files\Sonic Shared\CineTray.exe [2006-7-25 114688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-07-31 06:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20-1-2009 22:46 12552]

R0 VOBID;VOBID;c:\windows\system32\drivers\vobid.sys [1-8-2003 15:47 29239]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20-1-2009 22:46 335240]

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20-1-2009 22:46 108552]

R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [6-7-2004 18:06 188416]

R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [20-1-2009 22:46 297752]

R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [25-4-2009 14:09 1370488]

R2 GBSApache;GBSApache;c:\program files\2G\GBS Digitaal\apache\bin\apache.exe [9-11-2006 10:39 16896]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [19-8-2009 17:37 92008]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [20-1-2009 22:45 29208]

R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [3-8-2004 12:10 62976]

S1 ctredr15.sys;ctredr15.sys;\??\c:\windows\system32\drivers\ctredr15.sys --> c:\windows\system32\drivers\ctredr15.sys [?]

S2 GBSMySQL;GBSMySQL;"c:\program files\2G\GBS Digitaal\mysql\bin\mysqld-nt" "--defaults-file=c:\program files\2G\GBS Digitaal\mysql\bin\myGBS.cnf" GBSMySQL --> c:\program files\2G\GBS Digitaal\mysql\bin\mysqld-nt [?]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [20-1-2009 22:45 29208]

S3 hitmanpro3;Hitman Pro 3 Support Driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://google.nl/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Settings,ProxyServer = proxy.kliksafe.nl:8080

uInternet Settings,ProxyOverride = <local>

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: 127.0.0.1

Trusted Zone: localhost

DPF: {1FEC8B6F-250A-4293-B12C-67A7EF0B758A} - hxxp://www.kerkomroep.nl/ocx/sIKNPlayer.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {E001C731-5E37-4538-A5CB-8168736A2360} - hxxp://91.199.104.31/cab/ActiveQscan.cab

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-09-21 12:49

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GBSMySQL]

"ImagePath"="\"c:\program files\2G\GBS Digitaal\mysql\bin\mysqld-nt\" \"--defaults-file=c:\program files\2G\GBS Digitaal\mysql\bin\myGBS.cnf\" GBSMySQL"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-448539723-220523388-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

.

Voltooingstijd: 2009-09-21 12:51

ComboFix-quarantined-files.txt 2009-09-21 10:51

Pre-Run: 32.015.347.712 bytes beschikbaar

Post-Run: 32.068.464.640 bytes beschikbaar

176 --- E O F --- 2009-09-09 07:12

Kape, ik hoop dat dit logje meer inzicht geeft.

BWTimm

19 september 2009

Beste Kape,

Helaas blijft het probleem voortbestaan. Wel heb ik bij de geavanceerde instellingen van de Weergave, bij mijn AVG virusscanner, het vinkje weggehaald bij:

"Systeemvakmeldingen over statuswijziging van onderdelen weergeven."

Dit heeft tot gevolg dat nu op het AVH-icoontje geen uitroepteken meer verschijnt.

Doch dit geeft uiteraard geen snellere opstart.

Ik denk dat het goed is als ik me eerst eens verdiep in de totale opstartprocedure, want misschien wordt door WindowsFirewall mijn AVG-programma tegengewerkt bij het opstarten.

Mocht je nog meer tips kunnen geven, dan houd ik mij aanbevolen.

Met dank en hartelijke groet,

BWTimm

17 september 2009

Kape Webstite Admin,

Heb de instructies uitgevoerd en de Snelle scan gedaan.

Er werd gemeld dat er geen kwaadaardige bestanden werden aangetroffen.

Hieronder staat de inhoud van de Log:

Malwarebytes' Anti-Malware 1.41

Database versie: 2816

Windows 5.1.2600 Service Pack 3

17-9-2009 18:37:54

mbam-log-2009-09-17 (18-37-54).txt

Scan type: Snelle Scan

Objecten gescand: 109452

Verstreken tijd: 6 minute(s), 37 second(s)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata bestanden geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 0

Geheugenprocessen geïnfecteerd: