Pc werkt plots tergend traag [Archief]

Volledige versie bekijken : Pc werkt plots tergend traag

UnderAttack

12 April 2010, 17:33

Sinds een paar weken werkt mijn pc tergend traag, opstarten duurt een eeuwigheid. Doodgewone handelingen zoals internet opstarten duurt ook lang. Filmpjes kijken of muziek luisteren gaat gepaard met haperingen wat vroeger zeker niet het geval was. Soms gewoon met de cursor bewegen gaat al haperen. Wat ik sinds kort ook krijg is dat er een kadertje in IE opent met een reclame pagina terwijl ik enkel met FF werk.

Hierbij plaats ik een Hijackthis logje in de hoop dat iemand mij kan helpen.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:20, on 12/04/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Telemeter 3.0\telemeter3.exe
C:\WINDOWS\Xtakua.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\s wg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\System32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Telemeter 3.0] "C:\Program Files\Telemeter 3.0\telemeter3.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\Kevin\LOCALS~1\Temp\Xcl.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Logitech . Productregistratie.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8270 bytes

Juisterr

12 April 2010, 19:33

Start Hijackthis op en kies voor 'Do a system scan only'
Selecteer alleen de items die hieronder zijn genoemd:

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\DOCUME~1\Kevin\LOCALS~1\Temp\Xcl.exe
O4 - Startup: PowerReg Scheduler V3.exe

Sluit alle vensters behalve Hijackthis
Klik op 'Fix checked' om de items te verwijderen.

Download Combofix (http://download.bleepingcomputer.com/sUBs/ComboFix.exe) naar je Bureaublad en gebruik het volgens deze handleiding (http://www.bleepingcomputer.com/combofix/nl/hoe-dient-combofix-gebruikt-te-worden).
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op Combofix.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Klik op OK in het "NirCmd" venstertje.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord

UnderAttack

13 April 2010, 16:26

ComboFix 10-04-12.06 - Kevin 13/04/2010 15:00:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2046.1467 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Kevin\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kevin\Application Data\chrtmp
c:\windows\OPTIONS\CABS\_desktop.ini
c:\windows\system32\cthelper.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DUMETERSVC
-------\Legacy_SSHNAS
-------\Service_DUMeterSvc

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-13 to 2010-04-13 ))))))))))))))))))))))))))))))
.

2010-04-12 16:50 . 2010-04-12 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-12 16:50 . 2010-04-12 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-12 15:43 . 2010-04-12 15:43 -------- d--h--r- c:\documents and settings\Kevin\Onlangs geopend
2010-04-12 15:41 . 2010-04-12 15:41 -------- d-----w- c:\program files\CCleaner
2010-04-12 15:26 . 2010-04-12 15:26 -------- d-----w- c:\program files\Trend Micro
2010-04-11 20:14 . 2010-04-11 20:14 177152 ----a-w- c:\windows\Xtakua.exe
2010-04-11 20:13 . 2010-04-09 20:20 249856 --sh--r- c:\documents and settings\Kevin\Application Data\yrvjm.exe
2010-03-22 16:28 . 2010-03-22 16:28 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-22 16:28 . 2010-03-22 16:28 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Downloaded Installations
2010-03-19 09:33 . 2010-03-19 09:35 -------- d-----w- c:\program files\iTunes
2010-03-19 09:25 . 2010-03-19 09:25 72488 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-03-18 12:08 . 2010-03-19 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-03-18 12:08 . 2010-03-18 12:11 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-03-18 12:08 . 2010-03-18 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-03-18 12:08 . 2010-03-18 12:08 -------- d-----w- c:\program files\Logitech
2010-03-18 12:00 . 2008-04-13 19:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-03-18 12:00 . 2008-04-13 19:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-03-18 12:00 . 2008-04-13 19:45 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-03-18 12:00 . 2008-04-13 19:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-03-16 11:27 . 2010-03-16 11:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-04-13 13:08 . 2009-08-13 19:31 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000002-80671102}.dat
2010-04-13 13:08 . 2009-08-13 19:31 288 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000002-80671102}.dat
2010-04-13 12:43 . 2009-12-01 17:46 0 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\prvlcl.dat
2010-04-12 19:24 . 2009-06-23 18:36 -------- d-----w- c:\program files\Google
2010-04-12 15:15 . 2009-06-09 16:42 -------- d-----w- c:\program files\Bonjour
2010-04-12 15:05 . 2010-02-15 18:45 -------- d-----w- c:\program files\DU Meter
2010-04-11 20:30 . 2009-06-09 19:31 -------- d-----w- c:\documents and settings\Kevin\Application Data\DMCache
2010-04-06 16:48 . 2009-06-17 19:48 -------- d-----w- c:\program files\TRUST
2010-03-28 09:04 . 2001-09-07 10:00 364660 ----a-w- c:\windows\system32\perfh013.dat
2010-03-28 09:04 . 2001-09-07 10:00 53622 ----a-w- c:\windows\system32\perfc013.dat
2010-03-19 09:34 . 2009-06-09 16:42 -------- d-----w- c:\program files\Common Files\Apple
2010-03-19 09:30 . 2009-11-12 16:15 -------- d-----w- c:\program files\QuickTime
2010-03-16 11:27 . 2009-06-09 14:59 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 11:27 . 2009-06-09 14:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 11:25 . 2009-06-09 14:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-22 13:18 . 2010-02-22 12:42 -------- d-----w- c:\documents and settings\Kevin\Application Data\Samsung
2010-02-22 13:13 . 2009-06-08 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-22 13:02 . 2010-02-15 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2010-02-22 12:56 . 2010-02-22 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-22 12:56 . 2010-02-22 12:56 -------- d-----w- c:\documents and settings\Kevin\Application Data\PC Suite
2010-02-22 12:43 . 2010-02-22 12:42 -------- d-----w- c:\program files\DIFX
2010-02-15 15:50 . 2010-02-15 15:50 -------- d-----w- c:\program files\IVT Corporation
2010-01-27 18:29 . 2010-01-27 18:29 503808 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-6be56691-n\msvcp71.dll
2010-01-27 18:29 . 2010-01-27 18:29 499712 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-6be56691-n\jmc.dll
2010-01-27 18:29 . 2010-01-27 18:29 348160 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-6be56691-n\msvcr71.dll
2010-01-27 18:29 . 2010-01-27 18:29 61440 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-65faf863-n\decora-sse.dll
2010-01-27 18:29 . 2010-01-27 18:29 12800 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-65faf863-n\decora-d3d.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-02-15 2749984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\System32\JMRaidSetup.exe" [2007-02-06 1953792]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Telemeter 3.0"="c:\program files\Telemeter 3.0\telemeter3.exe" [2009-08-22 1539072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 11:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Kevin^Menu Start^Programma's^Opstarten^Logitech . Productregistratie.lnk]
path=c:\documents and settings\Kevin\Menu Start\Programma's\Opstarten\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-02-15 17:07 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 12:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-13 17:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr. exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9-6-2009 16:59 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9-6-2009 16:59 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16-3-2010 13:26 308064]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-9-2009 19:02 133104]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.Sys [22-2-2010 14:42 36608]
S3 Hkmfdtsqrch;Hkmfdtsqrch; [x]
.
Inhoud van de 'Gedeelde Taken' map

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-23 17:01]

2010-04-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:02]

2010-04-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:02]
.
.
------- Bijkomende Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\juva3e70.default\
FF - prefs.js: browser.startup.homepage - www.google.be
FF - component: c:\documents and settings\Kevin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.d ll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-CTHelper - CTHELPER.EXE
HKLM-Run-NPSStartup - (no file)

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-13 15:11
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1659004503-2147167427-1003\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):77,5d,8d,6e,78,bd,82,42,f6,1a,06,48,61,bc, ea,b8,7e,3d,c9,ca,5e,
f5,64,be,54,90,2f,db,c8,20,09,d1,4d,fa,99,ca,41,60 ,50,9c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ef18a1e e-3231-480d-958b-6ca0a509a15a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000123
"Therad"=dword:00000019
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca, fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68 ,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(4588)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-04-13 15:14:52 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-13 13:14

Pre-Run: 418.148.614.144 bytes beschikbaar
Post-Run: 418.138.398.720 bytes beschikbaar

WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 50C360F460AA17501F24FCEA1416817C

UnderAttack

13 April 2010, 16:27

Die Xtakua.exe vertrouw ik niet.

UnderAttack

15 April 2010, 16:46

Iemand?

Juisterr

16 April 2010, 16:52

Open Kladblok, kopieer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:

File::
c:\windows\Xtakua.exe
c:\documents and settings\Kevin\Application Data\yrvjm.exe
Driver::
Hkmfdtsqrch

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
http://home.hetnet.nl/~stefsmeenk/CFScript.gif

http://crew.nucia.eu/smeenk/CFScript.gif

Dit zal ComboFix doen herstarten.

Na het herstarten van je computer, (indien het vraagt om te herstarten), kopieer en plak de inhoud van log.txt in je volgende antwoord.

UnderAttack

20 April 2010, 16:08

ComboFix 10-04-19.05 - Kevin 20/04/2010 15:56:22.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.32.1043.18.2046.1518 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Kevin\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Kevin\Bureaublad\CFScript.txt..txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Kevin\Application Data\yrvjm.exe"
"c:\windows\Xtakua.exe"
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Kevin\Application Data\yrvjm.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\Xtakua.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Hkmfdtsqrch

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-20 to 2010-04-20 ))))))))))))))))))))))))))))))
.

2010-04-13 20:14 . 2010-04-20 13:51 -------- d--h--r- c:\documents and settings\Kevin\Onlangs geopend
2010-04-13 17:17 . 2010-04-13 17:18 -------- d-----w- c:\documents and settings\Kevin\Application Data\ManyCam
2010-04-13 17:17 . 2010-04-13 17:18 -------- d-----w- c:\program files\ManyCam 2.4
2010-04-13 16:30 . 2010-04-13 16:30 -------- d-----w- c:\program files\iPod
2010-04-13 16:29 . 2010-04-13 16:31 -------- d-----w- c:\program files\iTunes
2010-04-13 16:29 . 2010-04-13 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-13 16:22 . 2010-04-13 16:22 -------- d-----w- c:\program files\Bonjour
2010-04-13 16:21 . 2010-04-13 16:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-04-12 16:50 . 2010-04-13 20:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-12 16:50 . 2010-04-12 16:52 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-12 15:41 . 2010-04-12 15:41 -------- d-----w- c:\program files\CCleaner
2010-04-12 15:26 . 2010-04-12 15:26 -------- d-----w- c:\program files\Trend Micro
2010-03-22 16:28 . 2010-03-22 16:28 -------- d-----w- c:\program files\Common Files\Logitech
2010-03-22 16:28 . 2010-03-22 16:28 -------- d-----w- c:\documents and settings\Kevin\Local Settings\Application Data\Downloaded Installations

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-04-20 14:01 . 2009-08-13 19:31 288 ----a-w- c:\windows\system32\DVCStateBkp-{00000005-00000000-00000000-00001102-00000002-80671102}.dat
2010-04-20 14:01 . 2009-08-13 19:31 288 ----a-w- c:\windows\system32\DVCState-{00000005-00000000-00000000-00001102-00000002-80671102}.dat
2010-04-20 13:43 . 2009-12-01 17:46 0 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\prvlcl.dat
2010-04-19 15:46 . 2009-06-09 19:31 -------- d-----w- c:\documents and settings\Kevin\Application Data\DMCache
2010-04-15 14:55 . 2009-12-05 10:40 -------- d-----w- c:\documents and settings\All Users\Application Data\TrackMania
2010-04-14 12:52 . 2009-11-23 14:57 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-04-13 16:30 . 2009-06-09 16:42 -------- d-----w- c:\program files\Common Files\Apple
2010-04-13 16:26 . 2009-11-12 16:15 -------- d-----w- c:\program files\QuickTime
2010-04-12 19:24 . 2009-06-23 18:36 -------- d-----w- c:\program files\Google
2010-04-12 15:05 . 2010-02-15 18:45 -------- d-----w- c:\program files\DU Meter
2010-04-06 16:48 . 2009-06-17 19:48 -------- d-----w- c:\program files\TRUST
2010-03-28 09:04 . 2001-09-07 10:00 364660 ----a-w- c:\windows\system32\perfh013.dat
2010-03-28 09:04 . 2001-09-07 10:00 53622 ----a-w- c:\windows\system32\perfc013.dat
2010-03-19 17:33 . 2010-03-18 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Logishrd
2010-03-18 12:11 . 2010-03-18 12:08 -------- d-----w- c:\program files\Common Files\LogiShrd
2010-03-18 12:08 . 2010-03-18 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2010-03-18 12:08 . 2010-03-18 12:08 -------- d-----w- c:\program files\Logitech
2010-03-16 11:27 . 2009-06-09 14:59 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-16 11:27 . 2010-03-16 11:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-16 11:27 . 2009-06-09 14:59 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-16 11:25 . 2009-06-09 14:59 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-22 13:18 . 2010-02-22 12:42 -------- d-----w- c:\documents and settings\Kevin\Application Data\Samsung
2010-02-22 13:13 . 2009-06-08 19:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-22 13:02 . 2010-02-15 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Bluetooth
2010-02-22 12:56 . 2010-02-22 12:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-22 12:56 . 2010-02-22 12:56 -------- d-----w- c:\documents and settings\Kevin\Application Data\PC Suite
2010-02-22 12:43 . 2010-02-22 12:42 -------- d-----w- c:\program files\DIFX
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-27 18:29 . 2010-01-27 18:29 503808 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-6be56691-n\msvcp71.dll
2010-01-27 18:29 . 2010-01-27 18:29 499712 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-6be56691-n\jmc.dll
2010-01-27 18:29 . 2010-01-27 18:29 348160 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-6be56691-n\msvcr71.dll
2010-01-27 18:29 . 2010-01-27 18:29 61440 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-65faf863-n\decora-sse.dll
2010-01-27 18:29 . 2010-01-27 18:29 12800 ----a-w- c:\documents and settings\Kevin\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-65faf863-n\decora-d3d.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-04-13_13.11.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-20 14:03 . 2010-04-20 14:03 16384 c:\windows\Temp\Perflib_Perfdata_474.dat
- 2010-03-18 12:11 . 2008-04-14 18:02 54272 c:\windows\system32\vfwwdm32.dll
+ 2010-03-18 12:11 . 2008-04-14 17:02 54272 c:\windows\system32\vfwwdm32.dll
- 2001-09-06 21:27 . 2008-04-14 17:02 16896 c:\windows\system32\msyuv.dll
+ 2001-09-06 21:27 . 2008-04-14 17:02 16896 c:\windows\system32\msyuv.dll
- 2009-06-09 16:27 . 2010-01-08 17:31 84661 c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
+ 2009-06-09 16:27 . 2010-04-16 10:41 84661 c:\windows\system32\Macromed\Flash\uninstall_plugi n.exe
- 2001-09-06 21:26 . 2008-04-14 17:02 47616 c:\windows\system32\iyuv_32.dll
+ 2001-09-06 21:26 . 2008-04-14 17:02 47616 c:\windows\system32\iyuv_32.dll
+ 2010-04-13 16:23 . 2009-10-16 00:33 41472 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C 59AEB6422181BF0AFABD8356D47\usbaapl.sys
- 2009-06-09 13:20 . 2008-04-13 19:45 49408 c:\windows\system32\drivers\stream.sys
+ 2009-06-09 13:20 . 2008-04-13 18:45 49408 c:\windows\system32\drivers\stream.sys
+ 2008-01-14 10:06 . 2008-01-14 10:06 21632 c:\windows\system32\drivers\ManyCam.sys
- 2010-03-18 12:11 . 2008-04-14 18:02 54272 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2010-03-18 12:11 . 2008-04-14 17:02 54272 c:\windows\system32\dllcache\vfwwdm32.dll
+ 2009-06-09 13:20 . 2008-04-13 18:45 49408 c:\windows\system32\dllcache\stream.sys
- 2009-06-09 13:20 . 2008-04-13 19:45 49408 c:\windows\system32\dllcache\stream.sys
+ 2001-09-06 21:27 . 2008-04-14 17:02 16896 c:\windows\system32\dllcache\msyuv.dll
+ 2001-09-06 21:26 . 2008-04-14 17:02 47616 c:\windows\system32\dllcache\iyuv_32.dll
- 2001-09-06 21:27 . 2001-09-07 10:00 8192 c:\windows\system32\tsbyuv.dll
+ 2001-09-06 21:27 . 2001-09-06 19:27 8192 c:\windows\system32\tsbyuv.dll
+ 2001-09-06 21:27 . 2001-09-06 19:27 8192 c:\windows\system32\dllcache\tsbyuv.dll
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUt il.exe
- 2009-06-09 13:20 . 2008-04-13 20:16 141056 c:\windows\system32\drivers\ks.sys
+ 2009-06-09 13:20 . 2008-04-13 19:16 141056 c:\windows\system32\drivers\ks.sys
+ 2009-06-09 13:20 . 2008-04-13 19:16 141056 c:\windows\system32\dllcache\ks.sys
- 2009-06-09 13:20 . 2008-04-13 20:16 141056 c:\windows\system32\dllcache\ks.sys
+ 2010-04-13 16:22 . 2010-04-13 16:22 791552 c:\windows\Installer\adc96e.msi
+ 2010-04-13 16:32 . 2010-04-13 16:32 372736 c:\windows\Installer\{996A2FAA-7514-4628-9D12-A8FC34A0016E}\iTunesIco.exe
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2010-04-13 16:23 . 2009-10-16 00:33 3003680 c:\windows\system32\DRVSTORE\usbaapl_E0F497D6C8B1C 59AEB6422181BF0AFABD8356D47\usbaaplrc.dll
+ 2010-04-13 16:32 . 2010-04-13 16:32 4911104 c:\windows\Installer\add8d2.msi
+ 2010-04-13 16:26 . 2010-04-13 16:26 9472000 c:\windows\Installer\add136.msi
+ 2010-04-13 16:23 . 2010-04-13 16:23 3165184 c:\windows\Installer\adc9b8.msi
+ 2010-04-13 16:22 . 2010-04-13 16:22 1984000 c:\windows\Installer\adc97e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2010-02-15 2749984]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"36X Raid Configurer"="c:\windows\System32\JMRaidSetup.exe" [2007-02-06 1953792]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"Jet Detection"="c:\program files\Creative\SBLive\PROGRAM\ADGJDet.exe" [2001-11-28 28672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Telemeter 3.0"="c:\program files\Telemeter 3.0\telemeter3.exe" [2009-08-22 1539072]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448]
"nwiz"="nwiz.exe" [2008-11-12 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-25 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-15 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 11:27 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\startupfolder\C:^Documents and Settings^Kevin^Menu Start^Programma's^Opstarten^Logitech . Productregistratie.lnk]
path=c:\documents and settings\Kevin\Menu Start\Programma's\Opstarten\Logitech . Productregistratie.lnk
backup=c:\windows\pss\Logitech . Productregistratie.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 15:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-25 23:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-02-13 12:06 2196240 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-09-13 17:01 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr. exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\TmNationsForever\\TmForever.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [9-6-2009 16:59 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [9-6-2009 16:59 242696]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [16-3-2010 13:26 308064]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14-1-2008 12:06 21632]
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-9-2009 19:02 133104]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbE xDisk.Sys [22-2-2010 14:42 36608]
.
Inhoud van de 'Gedeelde Taken' map

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-04-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-23 17:01]

2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:02]

2010-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 17:02]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Kevin\Application Data\Mozilla\Firefox\Profiles\juva3e70.default\
FF - prefs.js: browser.startup.homepage - www.google.be
FF - component: c:\documents and settings\Kevin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.d ll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere_ _temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-20 16:03
Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba77ecb8
\Driver\atapi -> atapi.sys @ 0xba710852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba604bb0
PacketIndicateHandler -> NDIS.sys @ 0xba611a21
SendHandler -> NDIS.sys @ 0xba5ef87b
malicious code @ sector 0x3a380d80 size 0x2c4 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

************************************************** ************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-839522115-1659004503-2147167427-1003\Software\Microsoft\SystemCertificates\Address Book*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):77,5d,8d,6e,78,bd,82,42,f6,1a,06,48,61,bc, ea,b8,7e,3d,c9,ca,5e,
f5,64,be,54,90,2f,db,c8,20,09,d1,4d,fa,99,ca,41,60 ,50,9c,00,00,00,00,00,00,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ef18a1e e-3231-480d-958b-6ca0a509a15a}]
@Denied: (Full) (Everyone)
"Model"=dword:00000123
"Therad"=dword:00000019
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca, fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68 ,ee,21,46,8f,3c,f2,5c,68,\
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'explorer.exe'(8116)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
.
************************************************** ************************
.
Voltooingstijd: 2010-04-20 16:07:18 - machine werd herstart
ComboFix-quarantined-files.txt 2010-04-20 14:07
ComboFix2.txt 2010-04-13 13:14

Pre-Run: 411.708.780.544 bytes beschikbaar
Post-Run: 411.700.301.824 bytes beschikbaar

- - End Of File - - 2DC2C999790B45D2D37D7F385E59B27E

Juisterr

21 April 2010, 13:01

Wat heb je intussen nog meer gedaan, je zit nu ineens met een rootkit infectie ?

************************************************** ************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8fcf28
\Driver\ACPI -> ACPI.sys @ 0xba77ecb8
\Driver\atapi -> atapi.sys @ 0xba710852
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba604bb0
PacketIndicateHandler -> NDIS.sys @ 0xba611a21
SendHandler -> NDIS.sys @ 0xba5ef87b
malicious code @ sector 0x3a380d80 size 0x2c4 !
copy of MBR has been found in sector 62 !
MBR rootkit infection detected ! Use: "mbr.exe -f" to fix.

Download mbr.exe (http://www2.gmer.net/mbr/mbr.exe) en sla deze op je bureaublad op.

Zet je Antivirus en Firewall tool tijdelijk uit.

Dubbelklik op mbr.exe om het programma te starten.

Mocht er een waarschuwing komen van een beveiligingsprogramma, sta dan toe dat mbr.exe start.

Open een kladblokbestand.
Kopieer onderstaande in dit kladblokbestand.

@echo off
cd %userprofile%\Desktop
start mbr.exe /f
exit

Ga naar Bestand - Opslaan als.
Bij "Opslaan in" kies je: Bureaublad
Bij "Bestandsnaam" zet je: fix.bat
Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).
Klik op de knop Opslaan.
Dubbelklik nu op fix.bat.

Je ziet een zwart schermpje komen dat snel weer verdwijnt.
Start hierna je computer opnieuw op. (belangrijk!)