wezzzley

zal ik zeker doen! Al kan dit wel enige tijd duren, even wachten tot na de examens etc

op andere accounts geen verbetering... meermaals getest Denk dat ik hem maar eens binnen steek hier of daar in een speciaalzaak kunnen ze hem zowel hardware matig als softwarematig eens onder de loep nemen In elk geval nogmaals mijn dank aan iedereen die hier hulp heeft geboden!

sorry voor het late antwoord had gisteren mijn eerste examen dus vandaar... cc cleaner vind niks of zeer weinig dus doet ook niks aan de snelheid...

Helaas nog geen verbetering Vooral het opstarten van de computer en het openen van een account is een ramp nog steeds +/- 10 min

[ATTACH]23512[/ATTACH] adw logje in bijlage AdwCleaner[S1].txt

Ik ga zo meteen de AdwCleaner laten draaien, maar deze morgen bij het opstarten van deze computer kreeg ik volgende scherm (voorspelt niet veel goeds denk ik) Ik wil jullie trouwens nogmaals bedanken voor de geboden hulp

Sorry voor het laattijdige antwoord maar zit momenteel in blok dus... Hierboven een overzicht van de taskmanager. Er waren teveel processen om ze allemaal op 1 printscreen te krijgen maar ik veronderstel dat de onderste niet nodig waren aangezien er toch is gesorteerd op cpu verbruik Niks te vinden in de hardware kape? Alvast bedankt! Wesley

Deze zou het moeten zijn =) http://speccy.piriform.com/results/FoYxugA3ZxDDHzLDwDK2XYx

hoi kape... zou het kunnen dat je op het verkeerde topic hebt gereageerd? combofix logjes staan hierboven

nog geen verbetering... zou het probleem misschien aan de hardware liggen? harde schijf of iets dergelijks?

Hey Kape! Alvast bedankt voor het snelle antwoord. Als het goed is vind je hieronder de juiste logjes: Combofix ​ComboFix 13-01-06.01 - Freddy 07/01/2013 21:48:50.3.2 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2046.1230 [GMT 1:00] Gestart vanuit: J:\ComboFix.exe gebruikte Opdracht switches :: f:\documents and settings\Freddy\Bureaublad\CFScript.txt AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: AVG Internet Security 2012 *Disabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:\docume~1\Freddy\LOCALS~1\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll f:\docume~1\Freddy\LOCALS~1\Temp\IadHide5.dll f:\documents and settings\Freddy\Bureaublad\Scanner.lnk f:\documents and settings\Freddy\Local Settings\temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll f:\documents and settings\Freddy\Local Settings\temp\IadHide5.dll . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-07 to 2013-01-07 )))))))))))))))))))))))))))))) . . 2013-01-07 20:30 . 2013-01-07 20:30 -------- d-----w- f:\program files\Common Files\Java 2013-01-07 19:52 . 2013-01-07 19:49 143872 ----a-w- f:\windows\system32\javacpl.cpl 2013-01-07 19:52 . 2013-01-07 19:49 859072 ----a-w- f:\windows\system32\npDeployJava1.dll 2013-01-07 19:51 . 2013-01-07 19:49 93640 ----a-w- f:\windows\system32\WindowsAccessBridge.dll 2013-01-06 15:50 . 2012-12-14 15:49 21104 ----a-w- f:\windows\system32\drivers\mbam.sys 2013-01-06 15:50 . 2013-01-06 15:56 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware 2012-12-25 21:21 . 2012-12-25 21:21 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard 2012-12-25 21:21 . 2013-01-07 20:39 -------- d--h--r- f:\documents and settings\Freddy\Onlangs geopend 2012-12-25 20:21 . 2010-06-14 08:32 36608 ----a-w- f:\windows\system32\FsUsbExDisk.Sys 2012-12-25 18:23 . 2012-12-25 18:23 -------- d-----w- f:\program files\Seagate 2012-12-14 20:30 . 2012-12-14 20:33 -------- d-----w- f:\documents and settings\Freddy\Application Data\Paltalk 2012-12-14 20:29 . 2012-12-14 20:44 -------- d-----w- f:\program files\Paltalk Messenger . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-07 19:49 . 2010-04-22 19:27 779704 ----a-w- f:\windows\system32\deployJava1.dll 2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- f:\windows\system32\atmfd.dll 2012-12-11 20:49 . 2012-04-28 14:18 697272 ----a-w- f:\windows\system32\FlashPlayerApp.exe 2012-12-11 20:49 . 2011-06-07 07:34 73656 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-13 11:55 . 2006-03-02 12:00 1866496 ----a-w- f:\windows\system32\win32k.sys 2012-11-08 15:26 . 2012-09-29 15:43 26984 ----a-w- f:\windows\system32\drivers\avgtpx86.sys 2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- f:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- f:\windows\system32\wininet.dll 2012-11-01 12:12 . 2006-03-02 12:00 43520 ----a-w- f:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- f:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2006-03-02 12:00 385024 ----a-w- f:\windows\system32\html.iec 2012-10-19 19:38 . 2012-10-19 19:38 29184 ----a-w- f:\windows\system32\drivers\usbccid.sys 2012-12-06 14:57 . 2012-12-06 14:57 262112 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="f:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-09 32768] "KiesPDLR"="f:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392] "KiesHelper"="f:\program files\samsung\kies\kieshelper.exe" [2011-11-29 935312] "SansaDispatch"="f:\documents and settings\freddy\application data\sandisk\sansa updater\sansadispatch.exe" [2011-10-10 79872] "Spotify Web Helper"="f:\documents and settings\freddy\application data\spotify\data\spotifywebhelper.exe" [2012-10-04 1193176] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2012-08-30 15512424] "NvMediaCenter"="NvMCTray.dll" [2012-08-30 108392] "RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936] "QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "Live Update 5"="f:\program files\msi\live update 5\bootstartliveupdate.exe" [2012-01-30 315392] "Adobe ARM"="f:\program files\common files\adobe\arm\1.0\adobearm.exe" [2012-07-27 919008] "HP Software Update"="f:\program files\hp\photoshare\hp software update\hpwuschd2.exe" [2007-05-08 54840] "hpqSRMon"="f:\program files\hp\photoshare\digital imaging\bin\hpqsrmon.exe" [2008-08-20 150016] "VX3000"="f:\windows\vvx3000.exe" [2007-04-10 709992] "LifeCam"="f:\program files\microsoft lifecam\lifeexp.exe" [2007-05-17 279912] "HPHmon06"="f:\windows\system32\hphmon06.exe" [2004-06-07 659456] "HP Component Manager"="f:\program files\hp\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HPHUPD06"="f:\program files\hp\photoshare\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe" [2004-06-07 49152] "vProt"="f:\program files\avg secure search\vprot.exe" [2012-11-08 997320] "AVG_TRAY"="f:\program files\avg\avg2012\avgtray.exe" [2012-07-31 2596984] "beidsccertprop"="f:\program files\belgium identity card\beid certprop\beidsccertprop.exe" [2012-02-21 31768] "SunJavaUpdateSched"="f:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MSMSGS"="f:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DWQueuedReporting"="f:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . f:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-16 528384] Windows Desktop Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] XP Keep Per User Display Settings.lnk - f:\program files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe [2004-2-2 33792] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0f:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Start GeekBuddy.lnk] path=f:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Start GeekBuddy.lnk backup=f:\windows\pss\Start GeekBuddy.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- f:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-04-20 17:19 136176 ----atw- f:\documents and settings\Freddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] 2008-07-09 19:38 32768 ----a-w- f:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-11-24 11:44 1519616 ----a-w- f:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- f:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="f:\program files\QuickTime\qttask.exe" -atboottime . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\LimeWire\\LimeWire.exe"= "f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "f:\\Program Files\\Messenger\\msmsgs.exe"= "f:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "f:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "f:\\Program Files\\FrostWire\\FrostWire.exe"= "f:\\Program Files\\NetMeeting\\conf.exe"= "f:\\WINDOWS\\system32\\rtcshare.exe"= "f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "f:\\Program Files\\Java\\jre6\\bin\\java.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqtra08.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqste08.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hposid01.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqkygrp.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpfcCopy.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\Unload\\HpqPhUnl.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpoews01.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpiscnapp.exe"= "f:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqpsapp.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqpse.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqsudi.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqgplgtupl.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqgpc01.exe"= "f:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}\\setup\\hpznui01.exe"= "f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "f:\\Documents and Settings\\Freddy\\Application Data\\Spotify\\spotify.exe"= "f:\\Program Files\\FrostWire 5\\FrostWire.exe"= "f:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "f:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "f:\\Documents and Settings\\3 EMMELY.LAUWERS-473B417\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "427:UDP"= 427:UDP:SLP_Port(427) "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;f:\windows\system32\drivers\avgidshx.sys [19/04/2012 3:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;f:\windows\system32\drivers\avgrkx86.sys [31/01/2012 3:46 31952] R1 Avgldx86;AVG AVI Loader Driver;f:\windows\system32\drivers\avgldx86.sys [26/07/2012 2:21 237408] R1 Avgtdix;AVG TDI Driver;f:\windows\system32\drivers\avgtdix.sys [24/08/2012 14:43 301920] R1 avgtp;avgtp;f:\windows\system32\drivers\avgtpx86.sys [29/09/2012 16:43 26984] R1 GhPciScan;GhostPciScanner;f:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [17/12/2003 14:41 5632] R2 avgfws;AVG Firewall;f:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 2:48 2321560] R2 AVGIDSAgent;AVGIDSAgent;f:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 2:24 5167736] R2 avgwd;AVG WatchDog;f:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 3:53 193288] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;f:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [8/11/2012 16:26 711112] R3 Avgfwdx;Avgfwdx;f:\windows\system32\drivers\avgfwdx.sys [12/01/2012 18:52 30944] R3 AVGIDSDriver;AVGIDSDriver;f:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 139856] R3 AVGIDSFilter;AVGIDSFilter;f:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 12:32 24144] R3 AVGIDSShim;AVGIDSShim;f:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 17232] S1 ctredrv.sys;ctredrv.sys; [x] S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [29/09/2012 11:31 1691480] S3 Avgfwfd;AVG network filter service;f:\windows\system32\drivers\avgfwdx.sys [12/01/2012 18:52 30944] S3 BTCOMM;BTCOMM;f:\windows\system32\drivers\Btcomm.sys --> f:\windows\system32\drivers\Btcomm.sys [?] S3 BTKRNBDG;Bluetooth COM Bridge;f:\windows\system32\DRIVERS\btkrnbdg.sys --> f:\windows\system32\DRIVERS\btkrnbdg.sys [?] S3 cmudau32;C-Media USB UDA Sound Interface;f:\windows\system32\drivers\cmudaxu.sys [11/01/2008 21:08 1414528] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);f:\windows\system32\drivers\ssudbus.sys [8/12/2011 18:42 78136] S3 FsUsbExDisk;FsUsbExDisk;f:\windows\system32\FsUsbExDisk.Sys [25/12/2012 21:21 36608] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;f:\windows\system32\DRIVERS\ManyCam.sys --> f:\windows\system32\DRIVERS\ManyCam.sys [?] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;f:\program files\MSI\Live Update 5\NTIOLib.sys [29/09/2012 10:02 7680] S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);f:\windows\system32\drivers\OXSDIDRV_x32.sys [28/09/2009 9:55 52656] S3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [16/12/2011 14:50 16472] S3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [16/12/2011 14:50 11104] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);f:\windows\system32\drivers\ssudmdm.sys [8/12/2011 18:42 181432] S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);f:\windows\system32\drivers\ssudobex.sys [8/12/2011 18:42 181432] S3 vad_multi;Windigo Virtual Audio Device (WDM);f:\windows\system32\drivers\vadmulti.sys --> f:\windows\system32\drivers\vadmulti.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2013-01-07 f:\windows\Tasks\Adobe Flash Player Updater.job - f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 20:49] . 2012-12-24 f:\windows\Tasks\AppleSoftwareUpdate.job - f:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2013-01-07 f:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009Core.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-23 16:37] . 2013-01-07 f:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009UA.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-23 16:37] . 2013-01-07 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1004Core.job - f:\documents and settings\Freddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 17:19] . 2013-01-07 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1004UA.job - f:\documents and settings\Freddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 17:19] . 2013-01-07 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009Core.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-05 18:23] . 2013-01-07 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009UA.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-05 18:23] . 2013-01-05 f:\windows\Tasks\OGADaily.job - f:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2013-01-07 f:\windows\Tasks\OGALogon.job - f:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2013-01-07 f:\windows\Tasks\User_Feed_Synchronization-{404C338C-DE10-414A-BC64-960B8A64AB7D}.job - f:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 Trusted Zone: kbc.be\www TCP: DhcpNameServer = 195.130.130.130 195.130.131.130 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - f:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - f:\documents and settings\Freddy\Application Data\Mozilla\Firefox\Profiles\r7wxwwfr.default\ FF - ExtSQL: !HIDDEN! 2009-09-13 20:55; smartwebprinting@hp.com; f:\program files\HP\photoshare\Digital Imaging\Smart Web Printing\MozillaAddOn2 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2013-01-07 22:28 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(2868) f:\docume~1\Freddy\LOCALS~1\Temp\IadHide5.dll f:\program files\Logitech\SetPoint\lgscroll.dll f:\program files\Logitech\SetPoint\HookDll.dll f:\windows\system32\webcheck.dll f:\windows\system32\WPDShServiceObj.dll f:\windows\system32\PortableDeviceTypes.dll f:\windows\system32\PortableDeviceApi.dll f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll f:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll f:\windows\system32\mmfinfo.dll f:\windows\system32\mkunicode.dll f:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll f:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD f:\windows\system32\qedit.dll f:\windows\system32\VSFilter.dll f:\windows\system32\FLVSplitter.ax f:\windows\system32\OggSplitter.ax f:\windows\system32\DivXMedia.ax f:\windows\system32\RealMediaSplitter.ax f:\windows\system32\MatroskaSplitter.ax f:\windows\system32\ffdshow.ax f:\program files\Common Files\HP\Memories Disc\2.0\LeadTools\LCODCCMP.DLL f:\program files\Common Files\Ahead\DSFilter\NeVideo.ax f:\program files\Common Files\Ahead\Lib\AdvrCntr.dll . ------------------------ Andere Aktieve Processen ------------------------ . f:\progra~1\AVG\AVG2012\avgrsx.exe f:\program files\AVG\AVG2012\avgcsrvx.exe f:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe f:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe f:\program files\Java\jre7\bin\jqs.exe f:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe f:\program files\Microsoft LifeCam\MSCamS32.exe f:\windows\system32\nvsvc32.exe f:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe f:\program files\AVG\AVG2012\avgnsx.exe f:\program files\AVG\AVG2012\avgemcx.exe f:\windows\system32\SearchIndexer.exe f:\program files\AVG\AVG2012\avgcsrvx.exe f:\windows\system32\wscntfy.exe f:\windows\system32\RunDLL32.exe f:\windows\RTHDCPL.EXE f:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE f:\windows\system32\SearchProtocolHost.exe f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe f:\program files\PC Connectivity Solution\ServiceLayer.exe f:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe f:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe f:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Voltooingstijd: 2013-01-07 22:47:09 - machine werd herstart ComboFix-quarantined-files.txt 2013-01-07 21:47 ComboFix2.txt 2013-01-06 19:14 ComboFix3.txt 2008-07-08 16:11 . Pre-Run: 209.309.569.024 bytes beschikbaar Post-Run: 209.268.400.128 bytes beschikbaar . - - End Of File - - 40A086DF0D294DCEA2EC0DDE5B332E6D - - - Updated - - - Hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:48:59, on 7/01/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\PROGRA~1\AVG\AVG2012\avgrsx.exe F:\Program Files\AVG\AVG2012\avgcsrvx.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe F:\Program Files\AVG\AVG2012\avgfws.exe F:\Program Files\AVG\AVG2012\avgwdsvc.exe F:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Java\jre7\bin\jqs.exe F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe F:\Program Files\Microsoft LifeCam\MSCamS32.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\AVG\AVG2012\avgnsx.exe F:\Program Files\AVG\AVG2012\avgemcx.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe F:\WINDOWS\system32\SearchIndexer.exe F:\Program Files\AVG\AVG2012\avgidsagent.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\AVG\AVG2012\avgcsrvx.exe F:\WINDOWS\system32\wscntfy.exe F:\WINDOWS\system32\RunDLL32.exe F:\WINDOWS\RTHDCPL.EXE F:\program files\hp\photoshare\hp software update\hpwuschd2.exe F:\program files\hp\photoshare\digital imaging\bin\hpqsrmon.exe F:\windows\vvx3000.exe F:\windows\system32\hphmon06.exe F:\program files\hp\hpcoretech\hpcmpmgr.exe F:\program files\avg\avg2012\avgtray.exe F:\Program Files\Common Files\Java\Java Update\jusched.exe F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe F:\documents and settings\freddy\application data\sandisk\sansa updater\sansadispatch.exe F:\documents and settings\freddy\application data\spotify\data\spotifywebhelper.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Windows Desktop Search\WindowsSearch.exe F:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE F:\WINDOWS\system32\SearchProtocolHost.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\PC Connectivity Solution\ServiceLayer.exe F:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\explorer.exe F:\WINDOWS\system32\notepad.exe J:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - F:\Program Files\HP\photoshare\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre7\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - F:\Program Files\HP\photoshare\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Live Update 5] f:\program files\msi\live update 5\bootstartliveupdate.exe /reminder O4 - HKLM\..\Run: [Adobe ARM] f:\program files\common files\adobe\arm\1.0\adobearm.exe O4 - HKLM\..\Run: [HP Software Update] f:\program files\hp\photoshare\hp software update\hpwuschd2.exe O4 - HKLM\..\Run: [hpqSRMon] f:\program files\hp\photoshare\digital imaging\bin\hpqsrmon.exe O4 - HKLM\..\Run: [VX3000] f:\windows\vvx3000.exe O4 - HKLM\..\Run: [LifeCam] f:\program files\microsoft lifecam\lifeexp.exe O4 - HKLM\..\Run: [HPHmon06] f:\windows\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Component Manager] f:\program files\hp\hpcoretech\hpcmpmgr.exe O4 - HKLM\..\Run: [HPHUPD06] f:\program files\hp\photoshare\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe O4 - HKLM\..\Run: [vProt] f:\program files\avg secure search\vprot.exe O4 - HKLM\..\Run: [AVG_TRAY] f:\program files\avg\avg2012\avgtray.exe O4 - HKLM\..\Run: [beidsccertprop] f:\program files\belgium identity card\beid certprop\beidsccertprop.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [KiesPDLR] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [KiesHelper] f:\program files\samsung\kies\kieshelper.exe /s O4 - HKCU\..\Run: [sansaDispatch] f:\documents and settings\freddy\application data\sandisk\sansa updater\sansadispatch.exe O4 - HKCU\..\Run: [spotify Web Helper] f:\documents and settings\freddy\application data\spotify\data\spotifywebhelper.exe O4 - HKUS\S-1-5-21-448539723-1563985344-839522115-1010\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: XP Keep Per User Display Settings.lnk = F:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\WINDOWS\system32\shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - F:\Program Files\HP\photoshare\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://paterken.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: GhostStartService - Symantec Corporation - F:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - F:\Program Files\Java\jre7\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: ServiceLayer - Nokia - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 13110 bytes

ik zie net dat ik per ongeluk mijn combofix log 2 x heb gepost, ik ben hier nieuw en kan niet terug vinden waar ik mijn bericht kan bewerken... indien iemand mij kan vertellen hoe? Dan regel ik het even

Beste forumleden, Sinds enkele weken ondervindt mijn vader stevige computer problemen. Van de ene moment op de andere werd de computer traag. En met traag bedoel ik zéér traag. Het duurt ongeveer 10 min tot een kwartier om de computer op te starten. Tel daar nog eens 10 min bij om een account te openen. Mappen openen verschrikkelijk traag en firefox of chrome gaan ook voor geen meter vooruit. Ik vermoed dat het probleem zich vooral situeert op het account van mijn vader. Bij het opstarten opent er keer op keer een map genaamd avg, met de 2 submappen AVG 9 en AVG2012. Nu heb ik zelf al enkele stappen ondernomen maar zonder veel resultaat. Alle treaths gevonden door CC-cleaner zijn verwijderd, ook het register is opgekuist met CC-cleaner. Systeemherstel faalt elke keer opnieuw bij het heropstarten van de computer. Hieronder vinden jullie een logje van Hijack en combofix en eveneens eentje van mbam. Ik bedank jullie alvast voor de toekomstig geboden hulp - - - Updated - - - Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:39:21, on 6/01/2013 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: F:\WINDOWS\System32\smss.exe F:\PROGRA~1\AVG\AVG2012\avgrsx.exe F:\Program Files\AVG\AVG2012\avgcsrvx.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\Program Files\Common Files\Comodo\launcher_service.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe F:\Program Files\AVG\AVG2012\avgfws.exe F:\Program Files\AVG\AVG2012\avgwdsvc.exe F:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe F:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe F:\Program Files\Microsoft LifeCam\MSCamS32.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\nvsvc32.exe F:\Program Files\AVG\AVG2012\avgnsx.exe F:\Program Files\AVG\AVG2012\avgemcx.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe F:\WINDOWS\system32\SearchIndexer.exe F:\Program Files\AVG\AVG2012\avgidsagent.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\AVG\AVG2012\avgcsrvx.exe F:\WINDOWS\system32\RunDLL32.exe F:\WINDOWS\RTHDCPL.EXE F:\program files\hp\photoshare\hp software update\hpwuschd2.exe F:\program files\hp\photoshare\digital imaging\bin\hpqsrmon.exe F:\windows\vvx3000.exe F:\windows\system32\hphmon06.exe F:\program files\hp\hpcoretech\hpcmpmgr.exe F:\program files\avg\avg2012\avgtray.exe F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe F:\documents and settings\freddy\application data\sandisk\sansa updater\sansadispatch.exe F:\documents and settings\freddy\application data\spotify\data\spotifywebhelper.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Windows Desktop Search\WindowsSearch.exe F:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe F:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE F:\WINDOWS\system32\ctfmon.exe F:\Program Files\PC Connectivity Solution\ServiceLayer.exe F:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe F:\WINDOWS\explorer.exe F:\WINDOWS\system32\notepad.exe F:\Program Files\AVG\AVG2012\avgui.exe J:\HijackThis.exe F:\WINDOWS\system32\rundll32.exe F:\WINDOWS\system32\wuauclt.exe F:\WINDOWS\system32\msiexec.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={AAC90B53-C24B-42C7-BB9C-07650623F257}&mid=4674e4cee2494db50390cd61a7b626b8-06ce4fc639803a2e3563922518183d8e94088cb9〈=nl&ds=gh011&pr=sa&d=2012-04-21 11:40:20&v=12.2.5.32&sap=hp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - F:\Program Files\HP\photoshare\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Adobe PDF Reader Help bij koppelingen - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - F:\Program Files\HP\photoshare\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Live Update 5] f:\program files\msi\live update 5\bootstartliveupdate.exe /reminder O4 - HKLM\..\Run: [Adobe ARM] f:\program files\common files\adobe\arm\1.0\adobearm.exe O4 - HKLM\..\Run: [HP Software Update] f:\program files\hp\photoshare\hp software update\hpwuschd2.exe O4 - HKLM\..\Run: [hpqSRMon] f:\program files\hp\photoshare\digital imaging\bin\hpqsrmon.exe O4 - HKLM\..\Run: [VX3000] f:\windows\vvx3000.exe O4 - HKLM\..\Run: [LifeCam] f:\program files\microsoft lifecam\lifeexp.exe O4 - HKLM\..\Run: [HPHmon06] f:\windows\system32\hphmon06.exe O4 - HKLM\..\Run: [HP Component Manager] f:\program files\hp\hpcoretech\hpcmpmgr.exe O4 - HKLM\..\Run: [HPHUPD06] f:\program files\hp\photoshare\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe O4 - HKLM\..\Run: [vProt] f:\program files\avg secure search\vprot.exe O4 - HKLM\..\Run: [AVG_TRAY] f:\program files\avg\avg2012\avgtray.exe O4 - HKLM\..\Run: [beidsccertprop] f:\program files\belgium identity card\beid certprop\beidsccertprop.exe O4 - HKCU\..\Run: [LDM] F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [KiesPDLR] F:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe O4 - HKCU\..\Run: [KiesHelper] f:\program files\samsung\kies\kieshelper.exe /s O4 - HKCU\..\Run: [sansaDispatch] f:\documents and settings\freddy\application data\sandisk\sansa updater\sansadispatch.exe O4 - HKCU\..\Run: [spotify Web Helper] f:\documents and settings\freddy\application data\spotify\data\spotifywebhelper.exe O4 - HKUS\S-1-5-21-448539723-1563985344-839522115-1010\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "F:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech Desktop Messenger.lnk = F:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Desktop Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe O4 - Global Startup: XP Keep Per User Display Settings.lnk = F:\Program Files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://F:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Free YouTube to MP3 Converter - F:\Documents and Settings\Freddy\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - F:\WINDOWS\system32\shdocvw.dll O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - F:\Program Files\HP\photoshare\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/NL-BE/a-UNO1/GAME_UNO1.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://paterken.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - http://game04.zylom.com/activex/zylomgamesplayer.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab O18 - Protocol: bw+0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - F:\Program Files\AVG\AVG2012\avgpp.dll O18 - Protocol: offline-8876480 - {8E512641-AD7B-4F9D-A4A5-BC2215B48A62} - F:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - F:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - F:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - F:\WINDOWS\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - F:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG2012\avgfws.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG2012\avgidsagent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - F:\Program Files\AVG\AVG2012\avgwdsvc.exe O23 - Service: COMODO LPS Launcher (CLPSLauncher) - Comodo Security Solutions Inc. - F:\Program Files\Common Files\Comodo\launcher_service.exe O23 - Service: GeekBuddyRSP Service (GeekBuddyRSP) - Comodo Security Solutions, Inc. - F:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe O23 - Service: GhostStartService - Symantec Corporation - F:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-service (iPod Service) - Apple Inc. - F:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - F:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - F:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: ServiceLayer - Nokia - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: vToolbarUpdater13.2.0 - Unknown owner - F:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe -- End of file - 26069 bytes - - - Updated - - - Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Databaseversie: v2013.01.06.04 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Freddy :: LAUWERS-473B417 [administrator] 6/01/2013 16:59:39 mbam-log-2013-01-06 (16-59-39).txt Scan type: Snelle scan Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scan opties: P2P Objecten gescand: 335670 Verstreken tijd: 1 uur/uren, 7 minuut/minuten, 11 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Mappen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Bestanden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) (einde) - - - Updated - - - ComboFix 13-01-05.01 - Freddy 06/01/2013 19:12:15.2.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.2046.1167 [GMT 1:00] Gestart vanuit: J:\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . f:\docume~1\Freddy\LOCALS~1\Temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll f:\docume~1\Freddy\LOCALS~1\Temp\IadHide5.dll f:\documents and settings\All Users\Application Data\TEMP f:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe f:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll f:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe f:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe f:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini f:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll f:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm f:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt f:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt f:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt f:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns f:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe f:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini f:\documents and settings\Freddy\Local Settings\temp\8aefdf3f-82dc-462e-be91-2ca1c43911cf\CliSecureRT.dll f:\documents and settings\Freddy\Local Settings\temp\IadHide5.dll f:\documents and settings\Freddy\WINDOWS f:\windows\IsUn0413.exe f:\windows\system32\Cache f:\windows\system32\Cache\129d2b80ec223fee.fb f:\windows\system32\Cache\272512937d9e61a4.fb f:\windows\system32\Cache\287204568329e189.fb f:\windows\system32\Cache\28bc8f716fd76a47.fb f:\windows\system32\Cache\2c53092c95605355.fb f:\windows\system32\Cache\31a0997e9a5b5eb3.fb f:\windows\system32\Cache\32c84fe32bb74d60.fb f:\windows\system32\Cache\378af30916d6d289.fb f:\windows\system32\Cache\3917078cb68ec657.fb f:\windows\system32\Cache\590ba23ce359fd0c.fb f:\windows\system32\Cache\610289e025a3ee9a.fb f:\windows\system32\Cache\651c5d3cdbfb8bd1.fb f:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb f:\windows\system32\Cache\6d03dad1035885d3.fb f:\windows\system32\Cache\a8556537add6dfc5.fb f:\windows\system32\Cache\ad10a52aff5e038d.fb f:\windows\system32\Cache\bff1f406e44dee6a.fb f:\windows\system32\Cache\c1fa887b03019701.fb f:\windows\system32\Cache\c4d28dca2e7648be.fb f:\windows\system32\Cache\d201ef9910cd39de.fb f:\windows\system32\Cache\d2e94710a5708128.fb f:\windows\system32\Cache\d79b9dfe81484ec4.fb f:\windows\system32\Cache\f998975c9cc711ee.fb f:\windows\system32\drivers\etc\hosts.ics f:\windows\system32\muzapp.exe f:\windows\system32\Thumbs.db f:\windows\system32\URTTemp f:\windows\system32\URTTemp\fusion.dll f:\windows\system32\URTTemp\mscoree.dll f:\windows\system32\URTTemp\mscoree.dll.local f:\windows\system32\URTTemp\mscorsn.dll f:\windows\system32\URTTemp\mscorwks.dll f:\windows\system32\URTTemp\msvcr71.dll f:\windows\system32\URTTemp\regtlib.exe f:\windows\wininit.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))) . . 2013-01-06 15:50 . 2012-12-14 15:49 21104 ----a-w- f:\windows\system32\drivers\mbam.sys 2013-01-06 15:50 . 2013-01-06 15:56 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware 2012-12-25 21:21 . 2012-12-25 21:21 -------- d-----w- f:\program files\Common Files\Wise Installation Wizard 2012-12-25 21:21 . 2013-01-06 17:18 -------- d--h--r- f:\documents and settings\Freddy\Onlangs geopend 2012-12-25 21:19 . 2012-12-25 21:19 -------- d-----w- f:\program files\Common Files\Comodo 2012-12-25 20:21 . 2010-06-14 08:32 36608 ----a-w- f:\windows\system32\FsUsbExDisk.Sys 2012-12-25 18:23 . 2012-12-25 18:23 -------- d-----w- f:\program files\Seagate 2012-12-14 20:30 . 2012-12-14 20:33 -------- d-----w- f:\documents and settings\Freddy\Application Data\Paltalk 2012-12-14 20:29 . 2012-12-14 20:44 -------- d-----w- f:\program files\Paltalk Messenger . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-16 12:23 . 2006-03-02 12:00 290560 ----a-w- f:\windows\system32\atmfd.dll 2012-12-11 20:49 . 2012-04-28 14:18 697272 ----a-w- f:\windows\system32\FlashPlayerApp.exe 2012-12-11 20:49 . 2011-06-07 07:34 73656 ----a-w- f:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-04 08:41 . 2012-12-04 08:41 36112 ----a-w- f:\windows\system32\drivers\CFRMD.sys 2012-11-13 11:55 . 2006-03-02 12:00 1866496 ----a-w- f:\windows\system32\win32k.sys 2012-11-08 15:26 . 2012-09-29 15:43 26984 ----a-w- f:\windows\system32\drivers\avgtpx86.sys 2012-11-02 02:03 . 2006-03-02 12:00 375296 ----a-w- f:\windows\system32\dpnet.dll 2012-11-01 12:12 . 2006-03-02 12:00 916992 ----a-w- f:\windows\system32\wininet.dll 2012-11-01 12:12 . 2006-03-02 12:00 43520 ----a-w- f:\windows\system32\licmgr10.dll 2012-11-01 12:12 . 2006-03-02 12:00 1469440 ------w- f:\windows\system32\inetcpl.cpl 2012-11-01 00:35 . 2006-03-02 12:00 385024 ----a-w- f:\windows\system32\html.iec 2012-10-19 19:38 . 2012-10-19 19:38 29184 ----a-w- f:\windows\system32\drivers\usbccid.sys 2012-12-06 14:57 . 2012-12-06 14:57 262112 ----a-w- f:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-09-29 15:43 2045536 ----a-w- f:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "f:\program files\AVG Secure Search\12.2.5.4\AVG Secure Search_toolbar.dll" [2012-09-29 2045536] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "LDM"="f:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-07-09 32768] "KiesPDLR"="f:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-11-29 21392] "KiesHelper"="f:\program files\samsung\kies\kieshelper.exe" [2011-11-29 935312] "SansaDispatch"="f:\documents and settings\freddy\application data\sandisk\sansa updater\sansadispatch.exe" [2011-10-10 79872] "Spotify Web Helper"="f:\documents and settings\freddy\application data\spotify\data\spotifywebhelper.exe" [2012-10-04 1193176] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="f:\windows\system32\NvCpl.dll" [2012-08-30 15512424] "NvMediaCenter"="NvMCTray.dll" [2012-08-30 108392] "RTHDCPL"="RTHDCPL.EXE" [2012-06-06 20065936] "QuickTime Task"="f:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "Live Update 5"="f:\program files\msi\live update 5\bootstartliveupdate.exe" [2012-01-30 315392] "Adobe ARM"="f:\program files\common files\adobe\arm\1.0\adobearm.exe" [2012-07-27 919008] "HP Software Update"="f:\program files\hp\photoshare\hp software update\hpwuschd2.exe" [2007-05-08 54840] "hpqSRMon"="f:\program files\hp\photoshare\digital imaging\bin\hpqsrmon.exe" [2008-08-20 150016] "VX3000"="f:\windows\vvx3000.exe" [2007-04-10 709992] "LifeCam"="f:\program files\microsoft lifecam\lifeexp.exe" [2007-05-17 279912] "HPHmon06"="f:\windows\system32\hphmon06.exe" [2004-06-07 659456] "HP Component Manager"="f:\program files\hp\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664] "HPHUPD06"="f:\program files\hp\photoshare\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe" [2004-06-07 49152] "vProt"="f:\program files\avg secure search\vprot.exe" [2012-11-08 997320] "AVG_TRAY"="f:\program files\avg\avg2012\avgtray.exe" [2012-07-31 2596984] "beidsccertprop"="f:\program files\belgium identity card\beid certprop\beidsccertprop.exe" [2012-02-21 31768] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="f:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "MSMSGS"="f:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] "DWQueuedReporting"="f:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . f:\documents and settings\All Users\Menu Start\Programma's\Opstarten\ Logitech Desktop Messenger.lnk - f:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-7-9 450560] Logitech SetPoint.lnk - f:\program files\Logitech\SetPoint\SetPoint.exe [2007-6-16 528384] Windows Desktop Search.lnk - f:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784] XP Keep Per User Display Settings.lnk - f:\program files\XPKeepPerUserDisplaySettings\XPKeepPerUserDisplaySettings.exe [2004-2-2 33792] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "f:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0f:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Start GeekBuddy.lnk] path=f:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Start GeekBuddy.lnk backup=f:\windows\pss\Start GeekBuddy.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] f:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 17:02 15360 ----a-w- f:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-04-20 17:19 136176 ----atw- f:\documents and settings\Freddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM] 2008-07-09 19:38 32768 ----a-w- f:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2006-11-24 11:44 1519616 ----a-w- f:\windows\system32\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 12:28 421888 ----a-w- f:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="f:\program files\QuickTime\qttask.exe" -atboottime . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\LimeWire\\LimeWire.exe"= "f:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "f:\\Program Files\\Messenger\\msmsgs.exe"= "f:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"= "f:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"= "f:\\Program Files\\FrostWire\\FrostWire.exe"= "f:\\Program Files\\NetMeeting\\conf.exe"= "f:\\WINDOWS\\system32\\rtcshare.exe"= "f:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "f:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "f:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "f:\\Program Files\\Java\\jre6\\bin\\java.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqtra08.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqste08.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hposid01.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqkygrp.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpfcCopy.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\Unload\\HpqPhUnl.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpoews01.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpiscnapp.exe"= "f:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqpsapp.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqpse.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqsudi.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqgplgtupl.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\bin\\hpqgpc01.exe"= "f:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "f:\\Program Files\\HP\\photoshare\\digital imaging\\{BA8DF709-6BAB-4092-91E0-4D67EFC12A98}\\setup\\hpznui01.exe"= "f:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "f:\\Documents and Settings\\Freddy\\Application Data\\Spotify\\spotify.exe"= "f:\\Program Files\\FrostWire 5\\FrostWire.exe"= "f:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "f:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "f:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "f:\\Documents and Settings\\3 EMMELY.LAUWERS-473B417\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "f:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= f:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "427:UDP"= 427:UDP:SLP_Port(427) "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 AVGIDSHX;AVGIDSHX;f:\windows\system32\drivers\avgidshx.sys [19/04/2012 3:50 24896] R0 Avgrkx86;AVG Anti-Rootkit Driver;f:\windows\system32\drivers\avgrkx86.sys [31/01/2012 3:46 31952] R1 Avgldx86;AVG AVI Loader Driver;f:\windows\system32\drivers\avgldx86.sys [26/07/2012 2:21 237408] R1 Avgtdix;AVG TDI Driver;f:\windows\system32\drivers\avgtdix.sys [24/08/2012 14:43 301920] R1 avgtp;avgtp;f:\windows\system32\drivers\avgtpx86.sys [29/09/2012 16:43 26984] R1 CFRMD;CFRMD;f:\windows\system32\drivers\CFRMD.sys [4/12/2012 9:41 36112] R1 GhPciScan;GhostPciScanner;f:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [17/12/2003 14:41 5632] R2 avgfws;AVG Firewall;f:\program files\AVG\AVG2012\avgfws.exe [13/06/2012 2:48 2321560] R2 AVGIDSAgent;AVGIDSAgent;f:\program files\AVG\AVG2012\avgidsagent.exe [13/08/2012 2:24 5167736] R2 avgwd;AVG WatchDog;f:\program files\AVG\AVG2012\avgwdsvc.exe [14/02/2012 3:53 193288] R2 CLPSLauncher;COMODO LPS Launcher;f:\program files\Common Files\Comodo\launcher_service.exe [19/12/2012 8:01 70352] R2 GeekBuddyRSP;GeekBuddyRSP Service;f:\program files\Common Files\Comodo\GeekBuddyRSP.exe [26/11/2012 13:21 1851088] R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;f:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [8/11/2012 16:26 711112] R3 Avgfwdx;Avgfwdx;f:\windows\system32\drivers\avgfwdx.sys [12/01/2012 18:52 30944] R3 AVGIDSDriver;AVGIDSDriver;f:\windows\system32\drivers\avgidsdriverx.sys [23/12/2011 12:32 139856] R3 AVGIDSFilter;AVGIDSFilter;f:\windows\system32\drivers\avgidsfilterx.sys [23/12/2011 12:32 24144] R3 AVGIDSShim;AVGIDSShim;f:\windows\system32\drivers\avgidsshimx.sys [23/12/2011 12:32 17232] S1 ctredrv.sys;ctredrv.sys; [x] S3 Ambfilt;Ambfilt;f:\windows\system32\drivers\Ambfilt.sys [29/09/2012 11:31 1691480] S3 Avgfwfd;AVG network filter service;f:\windows\system32\drivers\avgfwdx.sys [12/01/2012 18:52 30944] S3 BTCOMM;BTCOMM;f:\windows\system32\drivers\Btcomm.sys --> f:\windows\system32\drivers\Btcomm.sys [?] S3 BTKRNBDG;Bluetooth COM Bridge;f:\windows\system32\DRIVERS\btkrnbdg.sys --> f:\windows\system32\DRIVERS\btkrnbdg.sys [?] S3 cmudau32;C-Media USB UDA Sound Interface;f:\windows\system32\drivers\cmudaxu.sys [11/01/2008 21:08 1414528] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);f:\windows\system32\drivers\ssudbus.sys [8/12/2011 18:42 78136] S3 FsUsbExDisk;FsUsbExDisk;f:\windows\system32\FsUsbExDisk.Sys [25/12/2012 21:21 36608] S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;f:\windows\system32\DRIVERS\ManyCam.sys --> f:\windows\system32\DRIVERS\ManyCam.sys [?] S3 NTIOLib_1_0_4;NTIOLib_1_0_4;f:\program files\MSI\Live Update 5\NTIOLib.sys [29/09/2012 10:02 7680] S3 OXSDIDRV_x32;Oxford Semi eSATA Filter (x32);f:\windows\system32\drivers\OXSDIDRV_x32.sys [28/09/2009 9:55 52656] S3 pwdrvio;pwdrvio;f:\windows\system32\pwdrvio.sys [16/12/2011 14:50 16472] S3 pwdspio;pwdspio;f:\windows\system32\pwdspio.sys [16/12/2011 14:50 11104] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);f:\windows\system32\drivers\ssudmdm.sys [8/12/2011 18:42 181432] S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);f:\windows\system32\drivers\ssudobex.sys [8/12/2011 18:42 181432] S3 vad_multi;Windigo Virtual Audio Device (WDM);f:\windows\system32\drivers\vadmulti.sys --> f:\windows\system32\drivers\vadmulti.sys [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Inhoud van de 'Gedeelde Taken' map . 2013-01-06 f:\windows\Tasks\Adobe Flash Player Updater.job - f:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 20:49] . 2012-12-24 f:\windows\Tasks\AppleSoftwareUpdate.job - f:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57] . 2013-01-05 f:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009Core.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-23 16:37] . 2013-01-06 f:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009UA.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2011-10-23 16:37] . 2013-01-06 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1004Core.job - f:\documents and settings\Freddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 17:19] . 2013-01-06 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1004UA.job - f:\documents and settings\Freddy\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-04-20 17:19] . 2013-01-05 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009Core.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-05 18:23] . 2013-01-06 f:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-1563985344-839522115-1009UA.job - f:\documents and settings\3 EMMELY.LAUWERS-473B417\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-05 18:23] . 2013-01-05 f:\windows\Tasks\OGADaily.job - f:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2013-01-06 f:\windows\Tasks\OGALogon.job - f:\windows\system32\OGAVerify.exe [2008-12-31 15:04] . 2013-01-05 f:\windows\Tasks\User_Feed_Synchronization-{404C338C-DE10-414A-BC64-960B8A64AB7D}.job - f:\windows\system32\msfeedssync.exe [2006-10-17 02:31] . . ------- Bijkomende Scan ------- . uStart Page = https://isearch.avg.com/?cid={AAC90B53-C24B-42C7-BB9C-07650623F257}&mid=4674e4cee2494db50390cd61a7b626b8-06ce4fc639803a2e3563922518183d8e94088cb9〈=nl&ds=gh011&pr=sa&d=2012-04-21 11:40&v=12.2.5.32&sap=hp uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - f:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - f:\documents and settings\Freddy\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm Trusted Zone: kbc.be\www TCP: DhcpNameServer = 195.130.130.130 195.130.131.130 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - f:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - f:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab DPF: Microsoft XML Parser for Java - file://f:\windows\Java\classes\xmldso.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game04.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - f:\documents and settings\Freddy\Application Data\Mozilla\Firefox\Profiles\r7wxwwfr.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxps://isearch.avg.com/?cid={AAC90B53-C24B-42C7-BB9C-07650623F257}&mid=4674e4cee2494db50390cd61a7b626b8-06ce4fc639803a2e3563922518183d8e94088cb9〈=nl&ds=gh011&pr=sa&d=2012-04-21 11:40&v=12.2.5.32&sap=hp FF - prefs.js: keyword.URL - hxxps://isearch.avg.com/search?cid={AAC90B53-C24B-42C7-BB9C-07650623F257}&mid=4674e4cee2494db50390cd61a7b626b8-06ce4fc639803a2e3563922518183d8e94088cb9〈=nl&ds=gh011&pr=sa&d=2012-04-21 11:40&v=12.2.5.32&sap=ku&q= FF - ExtSQL: !HIDDEN! 2009-09-13 20:55; smartwebprinting@hp.com; f:\program files\HP\photoshare\Digital Imaging\Smart Web Printing\MozillaAddOn2 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file) MSConfigStartUp-TomTomHOME - f:\program files\tomtom home 2\tomtomhomerunner.exe AddRemove-S3 - f:\windows\IsUn0413.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2013-01-06 19:54 Windows 5.1.2600 Service Pack 3 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="f:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'explorer.exe'(5100) f:\docume~1\Freddy\LOCALS~1\Temp\IadHide5.dll f:\program files\Logitech\SetPoint\lgscroll.dll f:\program files\Logitech\SetPoint\HookDll.dll f:\windows\system32\webcheck.dll f:\windows\system32\WPDShServiceObj.dll f:\windows\system32\PortableDeviceTypes.dll f:\windows\system32\PortableDeviceApi.dll . ------------------------ Andere Aktieve Processen ------------------------ . f:\progra~1\AVG\AVG2012\avgrsx.exe f:\program files\AVG\AVG2012\avgcsrvx.exe f:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe f:\program files\Symantec\Norton Ghost 2003\GhostStartService.exe f:\program files\Java\jre6\bin\jqs.exe f:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe f:\program files\Microsoft LifeCam\MSCamS32.exe f:\windows\system32\nvsvc32.exe f:\program files\AVG\AVG2012\avgnsx.exe f:\program files\AVG\AVG2012\avgemcx.exe f:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe f:\windows\system32\SearchIndexer.exe f:\program files\AVG\AVG2012\avgcsrvx.exe f:\windows\system32\wscntfy.exe f:\windows\system32\RunDLL32.exe f:\windows\RTHDCPL.EXE f:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE f:\windows\system32\SearchProtocolHost.exe f:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe f:\program files\PC Connectivity Solution\ServiceLayer.exe f:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe f:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe f:\windows\system32\SearchFilterHost.exe . ************************************************************************** . Voltooingstijd: 2013-01-06 20:14:49 - machine werd herstart ComboFix-quarantined-files.txt 2013-01-06 19:14 ComboFix2.txt 2008-07-08 16:11 . Pre-Run: 208.854.294.528 bytes beschikbaar Post-Run: 209.253.007.360 bytes beschikbaar . WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - B89D3B9249BD932146B387DC9DBEE02D