Erg traag

[Knip]

Kan iemand kijken wat er mis is aub ?

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 11:47:48, on 15-7-2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16496)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\vsnp2std.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Steam\Steam.exe

C:\Users\Lars\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

E:\Office14\ONENOTEM.EXE

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Qvo6.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Qvo6.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: coontoiinueiTosave - {A5A843DD-7D4A-D7D4-4C51-F6A8D98C8479} - C:\ProgramData\coontoiinueiTosave\51989bf7d0bef.dll (file missing)

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Lars\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7DC7BBE999725974DBBB221652CA6934] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = E:\Office14\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LMIGuardianSvc - Unknown owner - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

--

End of file - 8438 bytes

[kape]

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Qvo6.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Qvo6.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Qvo6.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = Qvo6.com

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (file missing)

O2 - BHO: coontoiinueiTosave - {A5A843DD-7D4A-D7D4-4C51-F6A8D98C8479} - C:\ProgramData\coontoiinueiTosave\51989bf7d0bef.dll (file missing)

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (file missing)

O20 - AppInit_DLLs: c:\progra~1\contin~1\sprote~1.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download AdwCleaner by Xplode naar het bureaublad.

• Sluit alle openstaande vensters.
  
• Dubbelklik op AdwCleaner om hem te starten.
  
• Klik vervolgens op Verwijderen.
  
• Klik bij AdwCleaner – Informatie op OK
  
• Klik bij AdwCleaner – Herstarten Noodzakelijk op OK
  

Dat tijdens de actie de snelkoppelingen verdwijnen, is normaal.

Nadat de PC opnieuw is opgestart, opent een logfile.

Post aansluitend de inhoud van dit log in je volgende bericht, samen met een nieuw logje van HijackThis.

[Knip]

# AdwCleaner v2.305 - Logfile created 07/15/2013 at 12:38:21

# Updated 11/07/2013 by Xplode

# Operating system : Windows Vista Business Service Pack 2 (32 bits)

# User : Lars - MEDIACENTER

# Boot Mode : Normal

# Running from : C:\Users\Lars\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\Common Files\AVG Secure Search

File Deleted : C:\Windows\Tasks\Plus-HD-2.2-updater.job

File Disinfected : C:\Users\Lars\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

File Disinfected : C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

File Disinfected : C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Folder Deleted : C:\Program Files\continuetosave

Folder Deleted : C:\Program Files\Plus-HD-2.2

Folder Deleted : C:\Program Files\WebSearch

Folder Deleted : C:\ProgramData\coontoiinueiTosave

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\coontoiinueiTosave

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro

Folder Deleted : C:\ProgramData\SEarcyhh-NewwTaabu

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\Lars\AppData\Local\PackageAware

Folder Deleted : C:\Users\Lars\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Lars\AppData\Roaming\eIntaller

Folder Deleted : C:\Users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com

***** [Registry] *****

Data Deleted : HKLM\...\StartMenuInternet\IEXPLORE.EXE [(Default)] = "C:\Program Files\Internet Explorer\iexplore.exe" hxxp://www.qvo6.com/?utm_source=b&utm_medium=ild&from=ild&uid=ST380815AS_5RW3V566XXXX5RW3V566&ts=1372839925

Key Deleted : HKCU\Software\1ClickDownload

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Plus-HD-2.2

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}

Key Deleted : HKLM\SOFTWARE\Classes\oneclick

Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11BF46C6-B3DE-48BD-BF70-3AD85CAB80B6}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C1C6816E-CBB3-A748-85F9-A8B47B68985B}

Key Deleted : HKLM\Software\Plus-HD-2.2

Key Deleted : HKLM\Software\qvo6Software

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\Tarma Installer

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16496

[OK] Registry is clean.

-\\ Google Chrome v28.0.1500.72

File : C:\Users\Lars\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[s5].txt - [895 octets] - [17/12/2012 21:29:44]

AdwCleaner[s6].txt - [359 octets] - [29/12/2012 15:21:04]

AdwCleaner[s7].txt - [4584 octets] - [15/07/2013 12:38:21]

########## EOF - C:\AdwCleaner[s7].txt - [4644 octets] ##########

en de

volgende

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:45:12, on 15-7-2013

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16496)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

C:\Windows\vsnp2std.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVG\AVG2013\avgui.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\Steam\Steam.exe

C:\Users\Lars\AppData\Roaming\uTorrent\uTorrent.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

E:\Office14\ONENOTEM.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll

O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe

O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [McRegWiz] C:\Program Files\McAfee.com\Agent\mcregwiz.exe /autorun

O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask

O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\mcagent.exe

O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe

O4 - HKLM\..\RunServices: [McShld9x] C:\Program Files\McAfee.com\VSO\mcshld9x.exe

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup

O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [steam] "C:\Program Files\Steam\Steam.exe" -silent

O4 - HKCU\..\Run: [uTorrent] "C:\Users\Lars\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_7DC7BBE999725974DBBB221652CA6934] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window

O4 - Startup: OneNote 2010 Schermopname en Snel starten.lnk = E:\Office14\ONENOTEM.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - E:\Office14\ONBttnIE.dll

O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - E:\Office14\ONBttnIELinkedNotes.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe

O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LMIGuardianSvc - Unknown owner - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe (file missing)

O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe

O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe

--

End of file - 7644 bytes

[kape]

AdwCleaner heeft een berg rotzooi van je PC gehaald en logje HijackThis ziet er al veel beter uit. Hoe staat het nu met de snelheid ?

[Knip]

Al een stuk beter !

[kape]

Dan zetten we toch nog een stapje verder:

Download ComboFix van één van de onderstaande locaties naar het bureaublad.

Bleeping Computer

Info Spyware

Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met ComboFix.exe

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

• Dubbelklik op "ComboFix" om de tool te starten, Windows Vista, 7 & 8 gebruikers zullen een melding krijgen van UAC (Gebruikersaccountbeheer), klik hier op Ja / yes.
  
• Op een Windows XP computer zal ComboFix de "Recovery Console" installeren als deze nog niet aanwezig is. (Een actieve internet verbinding is dan een vereiste).
  
• Klik in het venster bij het 'Installeren van de Recovery Console' op "Ok".
  
• Klik in het info scherm op "Ja" als de Recovery Console met succes is geïnstalleerd.
  
• Klik in het scherm van de disclaimer op "I Agree", de benodigde onderdelen worden nu uitgepakt en middels ERUNT wordt er een register back-up gemaakt.
  
• Wanneer dit gereed is zal ComboFix vanzelf starten, in het blauwe scherm ziet u de voortgang van de systeemscan die wordt uitgevoerd.
  
• Belangrijk! gebruik de computer tijdens de scan niet voor andere zaken.
  
• Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden zoals bijvoorbeeld bij de aanwezigheid van een rootkit, dit is normaal.
  
• Wanneer ComboFix gereed is, zal het een logbestand aanmaken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.
  

* Noot !!! Indien u één van de onderstaande meldingen krijgt na het gebruik van ComboFix herstart dan de computer.

• Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.
  
• Illegal operation attempted on a registry key that has been marked for deletion.
  

[Knip]

ComboFix 13-07-14.01 - Lars 15-07-2013 17:06:40.11.2 - x86

Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1033.18.2013.732 [GMT 2:00]

Gestart vanuit: c:\users\Lars\Pictures\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-06-15 to 2013-07-15 ))))))))))))))))))))))))))))))

.

.

2013-07-15 15:15 . 2013-07-15 15:15 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-07-15 15:15 . 2013-07-15 15:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-07-15 11:00 . 2005-07-14 10:34 63584 ----a-w- c:\windows\system32\vshield.vxd

2013-07-15 11:00 . 2005-07-14 10:34 26720 ----a-w- c:\windows\system32\vshinit.vxd

2013-07-15 11:00 . 2005-07-14 10:33 23639 ----a-w- c:\windows\system32\mcutil.vxd

2013-07-15 11:00 . 2005-07-14 10:33 28243 ----a-w- c:\windows\system32\mckrnl.vxd

2013-07-15 11:00 . 2005-05-04 09:10 1464566 ----a-w- c:\windows\system32\MCSCAN32.VXD

2013-07-15 10:50 . 2013-07-15 10:49 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-07-15 10:38 . 2013-07-15 11:44 230 ----a-w- c:\windows\DeleteOnReboot.bat

2013-07-15 09:52 . 2013-07-15 09:52 -------- d-----w- c:\programdata\McAfee.com

2013-07-15 09:52 . 2005-05-24 17:23 288320 ----a-w- c:\windows\system32\mcgdmgr.dll

2013-07-15 09:52 . 2013-07-15 09:52 -------- d-----w- c:\program files\McAfee.com

2013-07-15 09:52 . 2005-07-18 10:03 349760 ----a-w- c:\windows\system32\mcinsctl.dll

2013-07-14 17:56 . 2013-07-14 17:56 388096 ----a-r- c:\users\Lars\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-07-14 17:56 . 2013-07-14 17:56 -------- d-----w- c:\program files\Trend Micro

2013-07-13 17:50 . 2013-05-29 01:33 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-07-13 17:50 . 2013-05-29 02:24 149656 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2013-07-13 17:50 . 2013-05-29 01:39 768512 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2013-07-13 17:50 . 2013-05-29 01:36 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-07-13 17:50 . 2013-05-29 01:38 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2013-07-13 17:50 . 2013-05-29 01:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-07-12 16:57 . 2013-06-04 01:50 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-07-05 16:47 . 2013-07-05 16:49 -------- d-----w- c:\users\Lars\AppData\Roaming\ftblauncher

2013-07-02 08:48 . 2013-07-02 08:48 -------- d-----w- c:\users\Lars\AppData\Roaming\Samsung Multimedia Viewer

2013-07-02 08:46 . 2013-07-02 08:50 -------- d-----w- c:\users\Lars\AppData\Roaming\iLauncher

2013-07-02 08:46 . 2013-07-02 08:46 -------- d-----w- c:\program files\Samsung

2013-07-02 08:45 . 2013-07-02 08:45 -------- d-----w- c:\users\Lars\AppData\Roaming\iLinker

2013-06-23 17:10 . 2013-06-23 17:10 -------- d-----r- C:\MSOCache

2013-06-23 09:08 . 2013-06-23 09:08 -------- d-----w- c:\program files\Microsoft Analysis Services

2013-06-23 08:09 . 2013-06-23 08:09 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2013-06-21 17:13 . 2013-06-21 17:13 -------- d-----w- c:\users\Lars\AppData\Local\Microsoft Help

2013-06-21 17:12 . 2013-07-13 17:59 -------- d-----w- c:\programdata\Microsoft Help

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-15 10:49 . 2012-07-05 11:48 867240 ----a-w- c:\windows\system32\npdeployJava1.dll

2013-07-15 10:49 . 2011-11-23 12:43 789416 ----a-w- c:\windows\system32\deployJava1.dll

2013-05-17 16:52 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-08 04:37 . 2013-06-13 16:31 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-02 22:03 . 2013-06-13 16:31 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-02 22:03 . 2013-06-13 16:31 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-02 04:04 . 2013-06-13 16:31 443904 ----a-w- c:\windows\system32\win32spl.dll

2013-05-02 04:03 . 2013-06-13 16:31 37376 ----a-w- c:\windows\system32\printcom.dll

2013-04-24 04:00 . 2013-06-13 16:31 985600 ----a-w- c:\windows\system32\crypt32.dll

2013-04-24 04:00 . 2013-06-13 16:31 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-04-24 04:00 . 2013-06-13 16:31 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-04-24 04:00 . 2013-06-13 16:31 41984 ----a-w- c:\windows\system32\certenc.dll

2013-04-24 01:46 . 2013-06-13 16:31 812544 ----a-w- c:\windows\system32\certutil.exe

2013-04-17 12:30 . 2013-06-13 16:31 24576 ----a-w- c:\windows\system32\cryptdlg.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2008-01-19 49664]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-04-19 18678376]

"Steam"="c:\program files\Steam\Steam.exe" [2013-07-10 1672616]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]

"snp2std"="c:\windows\vsnp2std.exe" [2006-09-15 675840]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2013-04-28 4408368]

"McRegWiz"="c:\program files\McAfee.com\Agent\mcregwiz.exe" [2004-07-29 139264]

"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]

"MCAgentExe"="c:\progra~1\McAfee.com\Agent\mcagent.exe" [2005-07-01 303104]

"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2005-07-08 212992]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Lars\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Schermopname en Snel starten.lnk - e:\office14\ONENOTEM.EXE /tsr [2013-1-8 228448]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" -osboot

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

bthsvcs REG_MULTI_SZ BthServ

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-13 18:24 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 20:42]

.

2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-28 20:42]

.

.

------- Bijkomende Scan -------

.

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-07-15 17:15

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2013-07-15 17:16:42

ComboFix-quarantined-files.txt 2013-07-15 15:16

ComboFix2.txt 2013-07-15 15:00

ComboFix3.txt 2013-07-15 14:31

.

Pre-Run: 1.920.212.992 bytes free

Post-Run: 1.906.814.976 bytes free

.

- - End Of File - - 33DDABF8945BD3F02747E4BADF169FF2

5C616939100B85E558DA92B899A0FC36

[kape]

Het enige wat me nog stoort in dit logje is de aanwezigheid van sporen van McAfee-antivirus, terwijl AVG je actieve scanner blijkt te zijn. Willen we de resten van McAfee ook nog aanpakken ? Want ik neem aan dat je geen twee antivirusprogramma's gebruikt ?

[Knip]

Graag krijg ik niet verwijderd zelf

[kape]

Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkaardig probleem.

Schakel alle antivirus- en antispywareprogramma's uit, want deze kunnen namelijk conflicteren met ComboFix.

(hier of hier) kan je lezen hoe je de gebruikte beveiligingssoftware kunt uitschakelen.

Open een nieuw leeg Kladblok scherm, kopieer en plak hierin de volgende code.

 
 [b]File::[/b]
 [b]c:\windows\system32\mcgdmgr.dll[/b]
 [b]c:\windows\system32\mcinsctl.dll[/b]
 [b] [/b]
 [b]Folder::[/b]
 [b]c:\programdata\McAfee.com[/b]
 [b]c:\program files\McAfee.com[/b]
 [b] [/b]
 [b]Registry::[/b]
 [b][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run][/b]
 [b]"McRegWiz=-[/b]
 [b]"VSOCheckTask"=-[/b]
 [b]"MCAgentExe"=-[/b]
 [b]"MCUpdateExe"=-[/b]
 [b][-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus][/b]

Sla dit op op je Bureaublad als CFScript.txt

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld:

Nu zal ComboFix vanzelf worden gestart.

Start opnieuw op als daarom gevraagd wordt, en post de inhoud van de Combofix.txt in je volgende antwoord.