Pc wordt elke dag trager en er draait iets op de achtergrond

Oeps

volgens mij hadden de logjes hier moeten staan.

dan nog maar een keer.

Wat ik ook nog heb ontdekt dat ik in taak beheer kan zien tijdens het opstarten dat er een procesnaam LULnchr.exe zich bleef vermenigvuldigen. Na wat googlen zag ik dat dat iets van logitec (mijn webcam) zou moeten zijn dus die heb ik maar ge de-ïnstalleerd maar blijkt toch niet de oplossing te zijn.

hopenlijk komen we weer een stapje verder

Groetjes Erik Smits

ComboFix 09-05-06.08 - Eigenaar 07-05-2009 17:36.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.606

Gestart vanuit: c:\documents and settings\Eigenaar\Bureaublad\ComboFix.exe

AV: PC Veilig 8.00 *On-access scanning disabled* (Updated)

FW: PC Veilig 8.00 *disabled*

* Nieuw herstelpunt werd aangemaakt

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

c:\windows\TEMP\logishrd\LVPrcInj01.dll

(((((((((((((((((((( Bestanden Gemaakt van 2009-04-07 to 2009-05-07 ))))))))))))))))))))))))))))))

2009-05-06 16:49 . 2009-05-06 16:49 ——– d–h–r c:\documents and settings\Eigenaar\Onlangs geopend

2009-05-06 16:39 . 2009-05-06 16:39 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Yahoo!

2009-05-06 16:39 . 2009-05-06 16:46 ——– d—–w c:\program files\Yahoo!

2009-05-06 16:39 . 2009-05-06 16:40 ——– d—–w c:\program files\CCleaner

2009-05-05 18:13 . 2009-04-06 13:32 15504 —-a-w c:\windows\system32\drivers\mbam.sys

2009-05-05 18:13 . 2009-04-06 13:32 38496 —-a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-05-05 18:13 . 2009-05-05 18:13 ——– d—–w c:\program files\Malwarebytes' Anti-Malware

2009-05-05 04:24 . 2009-05-04 19:41 15688 —-a-w c:\windows\system32\lsdelete.exe

2009-05-04 19:41 . 2009-05-04 19:38 64160 —-a-w c:\windows\system32\drivers\Lbd.sys

2009-05-04 19:34 . 2009-05-04 19:34 ——– dc-h–w c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}

2009-05-04 19:34 . 2009-05-04 19:34 ——– d—–w c:\program files\Lavasoft

2009-05-04 19:34 . 2009-05-04 19:41 ——– d—–w c:\documents and settings\All Users\Application Data\Lavasoft

2009-05-04 17:23 . 2009-05-04 17:27 ——– d—–w c:\program files\Spybot - Search & Destroy

2009-05-04 17:23 . 2009-05-06 16:43 ——– d—–w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-04-15 04:41 . 2009-02-06 10:10 227840 -c—-w c:\windows\system32\dllcache\wmiprvse.exe

2009-04-15 04:41 . 2009-03-06 14:23 285696 -c—-w c:\windows\system32\dllcache\pdh.dll

2009-04-15 04:41 . 2009-02-09 11:27 111104 -c—-w c:\windows\system32\dllcache\services.exe

2009-04-15 04:41 . 2009-02-09 10:56 401408 -c—-w c:\windows\system32\dllcache\rpcss.dll

2009-04-15 04:41 . 2009-02-09 10:56 473600 -c—-w c:\windows\system32\dllcache\fastprox.dll

2009-04-15 04:41 . 2009-02-09 10:56 684544 -c—-w c:\windows\system32\dllcache\advapi32.dll

2009-04-15 04:41 . 2009-02-09 10:56 734208 -c—-w c:\windows\system32\dllcache\lsasrv.dll

2009-04-15 04:41 . 2009-02-09 10:56 453120 -c—-w c:\windows\system32\dllcache\wmiprvsd.dll

2009-04-15 04:41 . 2009-02-09 10:56 735744 -c—-w c:\windows\system32\dllcache\ntdll.dll

2009-04-15 04:39 . 2008-04-21 21:16 218624 -c—-w c:\windows\system32\dllcache\wordpad.exe

2009-04-12 20:34 . 2002-11-21 08:57 204800 —-a-w c:\windows\system32\IVIresizeW7.dll

2009-04-12 20:34 . 2002-11-21 08:57 188416 —-a-w c:\windows\system32\IVIresizePX.dll

2009-04-12 20:34 . 2002-11-21 08:57 192512 —-a-w c:\windows\system32\IVIresizeP6.dll

2009-04-12 20:34 . 2002-11-21 08:57 192512 —-a-w c:\windows\system32\IVIresizeM6.dll

2009-04-12 20:34 . 2002-11-21 08:57 200704 —-a-w c:\windows\system32\IVIresizeA6.dll

2009-04-12 20:34 . 2002-11-21 08:57 20480 —-a-w c:\windows\system32\IVIresize.dll

2009-04-12 20:34 . 2009-04-12 20:34 ——– d—–w c:\program files\InterVideo

2009-04-12 20:33 . 2009-04-12 20:33 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Ulead Systems

2009-04-12 20:26 . 2009-04-12 20:26 ——– d—–w c:\program files\Ulead Systems

2009-04-12 20:26 . 2009-04-12 20:33 ——– d—–w c:\program files\Common Files\Ulead Systems

2009-04-12 20:26 . 2009-04-12 20:32 ——– d—–w c:\documents and settings\All Users\Application Data\Ulead Systems

2009-04-12 20:06 . 2009-04-12 20:06 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Publish Providers

2009-04-12 20:05 . 2009-04-12 20:05 ——– d—–w c:\documents and settings\Eigenaar\Local Settings\Application Data\Sony

2009-04-12 19:46 . 2009-04-12 20:05 ——– d—–w c:\documents and settings\Eigenaar\Application Data\Sony

2009-04-12 19:44 . 2009-04-12 19:44 ——– d—–w c:\program files\Vstplugins

2009-04-12 19:43 . 2009-04-12 19:46 ——– d—–w c:\documents and settings\All Users\Application Data\Sony

2009-04-12 19:43 . 2009-04-12 19:43 ——– d—–w c:\program files\Sony

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-05-07 15:19 . 2009-03-17 19:44 ——– d—–w c:\program files\PC Veilig

2009-04-22 19:31 . 2008-09-28 11:10 0 —-a-w c:\windows\system32\drivers\lvuvc.hs

2009-04-15 04:56 . 2005-12-12 08:05 551698 —-a-w c:\windows\system32\perfh013.dat

2009-04-15 04:56 . 2005-12-12 08:05 108858 —-a-w c:\windows\system32\perfc013.dat

2009-04-14 19:16 . 2007-10-10 17:31 ——– d—–w c:\program files\EPSON Print CD

2009-04-12 20:50 . 2005-12-27 10:42 60848 —-a-w c:\documents and settings\Eigenaar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-04-12 20:34 . 2005-12-12 07:43 ——– d–h–w c:\program files\InstallShield Installation Information

2009-04-12 19:11 . 2006-03-14 17:03 ——– d—–w c:\program files\Winamp

2009-04-12 19:09 . 2006-10-25 10:13 ——– d—–w c:\program files\Windows Live Toolbar

2009-04-12 18:08 . 2005-12-29 14:56 ——– d—–w c:\program files\proDAD

2009-04-12 18:06 . 2006-10-23 11:18 ——– d—–w c:\program files\Real

2009-04-12 18:06 . 2006-10-23 11:18 ——– d—–w c:\program files\Common Files\Real

2009-04-12 17:19 . 2008-11-12 19:26 ——– d—–w c:\program files\Boris FX, Inc

2009-04-12 17:19 . 2005-12-30 12:59 ——– d—–w c:\program files\Pinnacle

2009-04-11 11:35 . 2006-12-08 22:02 ——– d—–w c:\program files\DivX

2009-04-11 11:21 . 2005-12-27 14:47 ——– d—–w c:\program files\Common Files\Symantec Shared

2009-04-05 19:09 . 2007-12-18 19:05 ——– d—–w c:\program files\LimeWire Plus

2009-04-03 15:37 . 2007-09-06 15:01 ——– d—–w c:\program files\Java

2009-04-02 18:11 . 2009-04-02 18:11 ——– d—–w c:\program files\Fotoservice

2009-04-01 18:54 . 2008-09-28 11:06 ——– d—–w c:\program files\Common Files\LogiShrd

2009-04-01 18:54 . 2009-04-01 18:54 ——– d—–w c:\program files\Logitech

2009-04-01 18:09 . 2008-09-28 11:10 0 ——w c:\windows\system32\drivers\logiflt.iad

2009-04-01 06:49 . 2009-04-01 06:49 ——– d—–w c:\program files\Common Files\Windows Live

2009-03-28 14:47 . 2005-12-29 15:04 ——– d—–w c:\program files\QuickTime

2009-03-28 14:41 . 2006-10-05 16:58 ——– d—–w c:\program files\Google

2009-03-28 09:28 . 2009-03-28 09:28 56 ——w c:\windows\system32\ezsidmv.dat

2009-03-28 09:27 . 2009-03-28 09:27 ——– d—–w c:\program files\Common Files\Skype

2009-03-28 09:27 . 2009-03-28 09:27 ——– d—–r c:\program files\Skype

2009-03-19 18:44 . 2009-03-19 18:44 ——– d—–w c:\program files\MSBuild

2009-03-19 18:43 . 2009-03-19 18:43 ——– d—–w c:\program files\Reference Assemblies

2009-03-18 20:28 . 2005-12-12 08:13 ——– d—–w c:\program files\Common Files\Adobe

2009-03-18 17:06 . 2009-03-18 17:06 ——– d—–w c:\program files\Trend Micro

2009-03-17 19:55 . 2009-03-17 19:55 33408 ——w c:\windows\system32\drivers\fsbts.sys

2009-03-17 19:25 . 2007-08-04 12:16 ——– d—–w c:\program files\Eset

2009-03-09 03:19 . 2008-12-16 18:03 410984 ——w c:\windows\system32\deploytk.dll

2009-03-06 14:23 . 2005-12-12 08:05 285696 —-a-w c:\windows\system32\pdh.dll

2009-03-03 00:16 . 2005-12-12 08:05 826368 —-a-w c:\windows\system32\wininet.dll

2009-02-20 17:18 . 2005-12-12 08:05 78336 ——w c:\windows\system32\ieencode.dll

2009-02-10 17:10 . 2004-08-04 00:58 2070400 ——w c:\windows\system32\ntkrnlpa.exe

2009-02-09 14:08 . 2005-12-12 08:05 1846912 ——w c:\windows\system32\win32k.sys

2009-02-09 11:27 . 2005-12-12 08:05 2193408 ——w c:\windows\system32\ntoskrnl.exe

2009-02-09 11:27 . 2005-12-12 08:05 111104 ——w c:\windows\system32\services.exe

2009-02-09 10:56 . 2005-12-12 08:05 401408 —-a-w c:\windows\system32\rpcss.dll

2009-02-09 10:56 . 2005-12-12 08:05 734208 ——w c:\windows\system32\lsasrv.dll

2009-02-09 10:56 . 2005-12-12 08:05 684544 ——w c:\windows\system32\advapi32.dll

2009-02-09 10:56 . 2005-12-12 08:05 735744 ——w c:\windows\system32\ntdll.dll

2007-05-14 17:58 . 2007-08-05 11:43 342 —-a-w c:\program files\LEES MIJ!.txt

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

“MsnMsgr”=“c:\program files\Windows Live\Messenger\MsnMsgr.Exe”

“EPSON Stylus Photo R265 Series”=“c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE”

“ctfmon.exe”=“c:\windows\system32\ctfmon.exe”

“WMPNSCFG”=“c:\program files\Windows Media Player\WMPNSCFG.exe”

“Skype”=“c:\program files\Skype\Phone\Skype.exe”

“FlashIcon”=“c:\program files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe”

“NvCplDaemon”=“c:\windows\system32\NvCpl.dll”

“NvMediaCenter”=“c:\windows\system32\NvMcTray.dll”

“F-Secure Manager”=“c:\program files\PC Veilig\Common\FSM32.EXE”

“F-Secure TNB”=“c:\program files\PC Veilig\FSGUI\TNBUtil.exe”

“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”

“LogitechCommunicationsManager”=“c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe”

“LogitechQuickCamRibbon”=“c:\program files\Logitech\QuickCam\Quickcam.exe”

“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”

“Ad-Watch”=“c:\program files\Lavasoft\Ad-Aware\AAWTray.exe”

“nwiz”=“nwiz.exe” - c:\windows\system32\nwiz.exe

“BluetoothAuthenticationAgent”=“bthprops.cpl” - c:\windows\system32\bthprops.cpl

“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe

PCSuiteForNokia6600 Detect.lnk - c:\program files\Nokia\PC Suite for Nokia 6600\connmngmntbox.exe

PCSuiteForNokia6600 TS.lnk - c:\program files\Nokia\PC Suite for Nokia 6600\ectaskscheduler.exe

Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

@=“Service”

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Snelstart HP Image Zone.lnk

backup=c:\windows\pss\Snelstart HP Image Zone.lnkCommon Startup

“EnableFirewall”= 0 (0x0)

“%windir%\\system32\\sessmgr.exe”=

“c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe”=

“c:\\Program Files\\Messenger\\msmsgs.exe”=

“c:\\Program Files\\LimeWire Plus\\LimeWire.exe”=

“%windir%\\Network Diagnostic\\xpnetdiag.exe”=

“c:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe”=

“c:\\Program Files\\Winamp Remote\\bin\\Orb.exe”=

“c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe”=

“c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe”=

“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=

“c:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=

“c:\\Program Files\\Skype\\Phone\\Skype.exe”=

“7:TCP”= 7:TCP:nokia 6600

R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys

R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys

R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\PC Veilig\HIPS\drivers\fshs.sys

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\PC Veilig\Anti-Virus\minifilter\fsgk.sys

S3 AX88172;ASIX AX88172 USB2 to Fast Ethernet Adapter;c:\windows\system32\drivers\ax88172.sys

S3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys –> c:\windows\system32\drivers\cmuda2.sys

S3 filter;filter;c:\windows\system32\drivers\filter.sys

S3 PciCon;PciCon;\??\d:\pcicon.sys –> d:\PciCon.sys

S3 UXDCMN;UXDCMN;\??\d:\uxdcmn.sys –> d:\UXDCMN.SYS

S4 F-Secure Filter;F-Secure File System Filter;c:\program files\PC Veilig\Anti-Virus\win2k\fsfilter.sys

S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\PC Veilig\Anti-Virus\win2k\fsrec.sys

— Andere Services/Drivers In Geheugen —

*Deregistered* - 6to4

*Deregistered* - ALG

*Deregistered* - AudioSrv

*Deregistered* - Browser

*Deregistered* - BthServ

*Deregistered* - btwdins

*Deregistered* - CryptSvc

*Deregistered* - DcomLaunch

*Deregistered* - Dhcp

*Deregistered* - Dnscache

*Deregistered* - ERSvc

*Deregistered* - EventSystem

*Deregistered* - F-Secure Gatekeeper Handler Starter

*Deregistered* - FastUserSwitchingCompatibility

*Deregistered* - FSAUA

*Deregistered* - FSDFWD

*Deregistered* - FSMA

*Deregistered* - FSORSPClient

*Deregistered* - helpsvc

*Deregistered* - HTTPFilter

*Deregistered* - ImapiService

*Deregistered* - Irmon

*Deregistered* - JavaQuickStarterService

*Deregistered* - lanmanserver

*Deregistered* - lanmanworkstation

*Deregistered* - Lavasoft Ad-Aware Service

*Deregistered* - LightScribeService

*Deregistered* - LmHosts

*Deregistered* - LVCOMSer

*Deregistered* - LVPrcSrv

*Deregistered* - MSSQLSERVER

*Deregistered* - Netman

*Deregistered* - Nla

*Deregistered* - NVSvc

*Deregistered* - Pml Driver HPZ12

*Deregistered* - PolicyAgent

*Deregistered* - ProtectedStorage

*Deregistered* - RasMan

*Deregistered* - RpcSs

*Deregistered* - SamSs

*Deregistered* - Schedule

*Deregistered* - seclogon

*Deregistered* - SENS

*Deregistered* - SharedAccess

*Deregistered* - ShellHWDetection

*Deregistered* - Spooler

*Deregistered* - srservice

*Deregistered* - SSDPSRV

*Deregistered* - stisvc

*Deregistered* - Symantec Core LC

*Deregistered* - TapiSrv

*Deregistered* - TermService

*Deregistered* - Themes

*Deregistered* - TrkWks

*Deregistered* - UleadBurningHelper

*Deregistered* - upnphost

*Deregistered* - W32Time

*Deregistered* - WebClient

*Deregistered* - winmgmt

*Deregistered* - WMPNetworkSvc

*Deregistered* - wscsvc

*Deregistered* - wuauserv

*Deregistered* - WZCSVC

\Shell\AutoRun\command - L:\InstallTomTomHOME.exe

Inhoud van de ‘Gedeelde Taken’ map

2009-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe

2009-05-05 c:\windows\Tasks\HPpromotions journeysoftware.job

- c:\program files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe

2009-05-07 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~1\PCVEIL~1\ANTI-V~1\fsav.exe

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-Cmaudio - cmicnfg.cpl

——- Bijkomende Scan ——-

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uStart Page = hxxp://www.startpagina.nl/

uInternet Connection Wizard,ShellNext = hxxp://www.qmotion.nl/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: c:\program files\PC Veilig\FSPS\program\FSLSP.DLL

DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://download.ewido.net/ewidoOnlineScan.cab

DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} - hxxp://as.photoprintit.de/ips-opdata/layout/default01/activex/IPSUploader4.cab

DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} - hxxp://as.photoprintit.de/ips-opdata/74914090/activex/IPSUploader.cab

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-05-07 17:41

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen …

scannen van verborgen autostart items …

scannen van verborgen bestanden …

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

——————— VERGRENDELDE REGISTER SLEUTELS ———————

“ThreadingModel”=“Apartment”