boekenwurmpje
-
Items
5 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door boekenwurmpje
-
-
Ik hoop dat het deze keer juist is. Bedankt voor je geduld.
ComboFix 12-06-23.05 - the incredibles 23/06/2012 19:56:49.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1993 [GMT 2:00]
Gestart vanuit: c:\users\the incredibles\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\the incredibles\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\user.js"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\program files\Web Assistant
c:\program files\Web Assistant\ExtensionUpdaterService.exe
c:\program files\Web Assistant\Firefox\chrome.manifest
c:\program files\Web Assistant\Firefox\chrome\content\libraries\DataExchangeScript.js
c:\program files\Web Assistant\Firefox\chrome\content\main.js
c:\program files\Web Assistant\Firefox\chrome\content\main.xul
c:\program files\Web Assistant\Firefox\chrome\content\resources\localscript.js
c:\program files\Web Assistant\Firefox\chrome\locale\en-US\overlay.dtd
c:\program files\Web Assistant\Firefox\chrome\skin\overlay.css
c:\program files\Web Assistant\Firefox\defaults\preferences\defaults.js
c:\program files\Web Assistant\Firefox\install.rdf
c:\program files\Web Assistant\InstallerHelper.dll
c:\program files\Web Assistant\libraries\DataExchangeScript.js
c:\program files\Web Assistant\resources\localscript.js
c:\program files\Web Assistant\source.crx
c:\program files\Web Assistant\unins000.dat
c:\program files\Web Assistant\unins000.exe
c:\users\the incredibles\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Web Assistant Updater
-------\Service_Web Assistant Updater
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))
.
.
2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\the incredibles\AppData\Local\temp
2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Saar\AppData\Local\temp
2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Het bibliofieltje\AppData\Local\temp
2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-23 18:05 . 2012-06-23 18:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 15:46 . 2012-06-22 15:46 388096 ----a-r- c:\users\the incredibles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 15:46 . 2012-06-22 15:46 -------- d-----w- c:\program files\Trend Micro
2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files\Perion
2012-06-21 17:51 . 2012-06-21 17:51 455 ----a-w- C:\user.js
2012-06-21 08:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:20 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:20 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:33 . 2012-06-20 18:33 -------- d-----w- c:\users\the incredibles\AppData\Local\7D542E3C-0060-428B-A68A-FE80FDFA24DA.aplzod
2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\users\the incredibles\.config
2012-06-16 08:20 . 2012-06-16 08:20 -------- d-----w- c:\program files\iPod
2012-06-16 08:20 . 2012-06-16 08:21 -------- d-----w- c:\program files\iTunes
2012-06-13 12:36 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 12:36 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 12:36 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 12:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 12:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 08:59 . 2012-06-09 08:59 -------- d-----w- c:\users\Saar\AppData\Local\AVG Secure Search
2012-06-08 17:24 . 2012-06-08 17:24 -------- d-----w- c:\program files\Dropbox
2012-06-08 13:02 . 2012-06-08 13:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-08 13:02 . 2012-06-01 15:37 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-08 13:02 . 2012-06-01 15:37 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-08 13:02 . 2012-06-01 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 13:02 . 2012-06-01 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\users\the incredibles\AppData\Local\AVG Secure Search
2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\program files\AVG Secure Search
2012-06-03 09:00 . 2012-06-03 09:00 -------- d-----w- c:\programdata\Downloaded Installations
2012-06-03 08:50 . 2012-06-03 08:50 -------- d-----w- c:\users\the incredibles\AppData\Local\Microsoft_Corporation
2012-06-03 08:48 . 2012-06-23 17:05 -------- d-----w- c:\users\the incredibles\AppData\Local\assembly
2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\users\the incredibles\AppData\Roaming\SingularLabs
2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\programdata\SingularLabs
2012-05-31 15:23 . 2012-06-22 15:32 -------- d-----w- c:\program files\System Ninja
2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\programdata\NCH Software
2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\program files\NCH Software
2012-05-28 17:07 . 2012-05-28 17:09 -------- d-----w- c:\users\the incredibles\AppData\Roaming\NCH Software
2012-05-25 15:37 . 2012-05-25 15:37 -------- d-----w- c:\users\the incredibles\AppData\Roaming\U3
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:55 . 2012-04-07 17:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 13:55 . 2011-05-17 15:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 05:43 . 2012-04-19 05:43 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 13:56 . 2011-02-16 14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-11 05:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 05:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-11 05:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-07-03 10:45 . 2012-02-29 14:38 826451 ----a-w- c:\program files\Rainbow Folders.exe
2003-03-21 12:45 . 2012-03-07 19:54 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2012-06-01 15:38 . 2012-03-26 17:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-07 15:53 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fun Desktop Wallpaper Changer"="c:\program files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe" [2005-12-22 57344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-04 39408]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-12 30192]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-07 1104440]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-20 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2011-02-12 15:26 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Users^the incredibles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]
path=c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk
backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-03-07 02:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 22:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-04-23 14:58 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2011-02-12 15:26 3607040 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-06-04 35712]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 195.130.131.4 195.130.130.132
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\the incredibles\AppData\Roaming\Mozilla\Firefox\Profiles\w5uk47l5.default\
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B67cd24f5-7e37-4971-8fdf-350d1be35b9b%7D&mid=9e17da8a68da47d6bb09d16acdd3b184-3942aef76122b7e3ddf78a20352126407d07e2d5&ds=AVG&v=11.1.0.7〈=nl&pr=fr&d=2012-06-07%2017%3A53%3A08&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - e0989316-236f-4c0a-8010-7f289bf577a1
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-23 20:05
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3160)
c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Voltooingstijd: 2012-06-23 20:07:21
ComboFix-quarantined-files.txt 2012-06-23 18:07
ComboFix2.txt 2012-06-23 16:18
ComboFix3.txt 2012-06-23 14:17
.
Pre-Run: 140.042.600.448 bytes beschikbaar
Post-Run: 140.008.361.984 bytes beschikbaar
.
- - End Of File - - DC003C1D365FC40363FF0B569DFDB291
-
Oké ik heb dat gedaan. Alweer bedankt voor de snelle reactie.
ComboFix 12-06-23.05 - the incredibles 23/06/2012 18:06:51.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1655 [GMT 2:00]
Gestart vanuit: c:\users\the incredibles\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\users\the incredibles\Desktop\CFScript - Snelkoppeling.lnk
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\the incredibles\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))
.
.
2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Saar\AppData\Local\temp
2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Het bibliofieltje\AppData\Local\temp
2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-23 16:15 . 2012-06-23 16:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-23 14:17 . 2012-06-23 16:15 -------- d-----w- c:\users\the incredibles\AppData\Local\temp
2012-06-22 15:46 . 2012-06-22 15:46 388096 ----a-r- c:\users\the incredibles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 15:46 . 2012-06-22 15:46 -------- d-----w- c:\program files\Trend Micro
2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files\Perion
2012-06-21 17:51 . 2012-06-21 17:51 455 ----a-w- C:\user.js
2012-06-21 17:51 . 2012-06-23 08:46 -------- d-----w- c:\program files\Web Assistant
2012-06-21 08:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:20 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:20 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:33 . 2012-06-20 18:33 -------- d-----w- c:\users\the incredibles\AppData\Local\7D542E3C-0060-428B-A68A-FE80FDFA24DA.aplzod
2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\users\the incredibles\.config
2012-06-16 08:20 . 2012-06-16 08:20 -------- d-----w- c:\program files\iPod
2012-06-16 08:20 . 2012-06-16 08:21 -------- d-----w- c:\program files\iTunes
2012-06-13 12:36 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 12:36 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 12:36 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 12:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 12:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 08:59 . 2012-06-09 08:59 -------- d-----w- c:\users\Saar\AppData\Local\AVG Secure Search
2012-06-08 17:24 . 2012-06-08 17:24 -------- d-----w- c:\program files\Dropbox
2012-06-08 13:02 . 2012-06-08 13:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-08 13:02 . 2012-06-01 15:37 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-08 13:02 . 2012-06-01 15:37 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-08 13:02 . 2012-06-01 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 13:02 . 2012-06-01 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\users\the incredibles\AppData\Local\AVG Secure Search
2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\program files\AVG Secure Search
2012-06-03 09:00 . 2012-06-03 09:00 -------- d-----w- c:\programdata\Downloaded Installations
2012-06-03 08:50 . 2012-06-03 08:50 -------- d-----w- c:\users\the incredibles\AppData\Local\Microsoft_Corporation
2012-06-03 08:48 . 2012-06-23 16:15 -------- d-----w- c:\users\the incredibles\AppData\Local\assembly
2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\users\the incredibles\AppData\Roaming\SingularLabs
2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\programdata\SingularLabs
2012-05-31 15:23 . 2012-06-22 15:32 -------- d-----w- c:\program files\System Ninja
2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\programdata\NCH Software
2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\program files\NCH Software
2012-05-28 17:07 . 2012-05-28 17:09 -------- d-----w- c:\users\the incredibles\AppData\Roaming\NCH Software
2012-05-25 15:37 . 2012-05-25 15:37 -------- d-----w- c:\users\the incredibles\AppData\Roaming\U3
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:55 . 2012-04-07 17:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 13:55 . 2011-05-17 15:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 05:43 . 2012-04-19 05:43 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 13:56 . 2011-02-16 14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-11 05:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 05:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-11 05:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-07-03 10:45 . 2012-02-29 14:38 826451 ----a-w- c:\program files\Rainbow Folders.exe
2003-03-21 12:45 . 2012-03-07 19:54 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2012-06-01 15:38 . 2012-03-26 17:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-07 15:53 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fun Desktop Wallpaper Changer"="c:\program files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe" [2005-12-22 57344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-04 39408]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-12 30192]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-07 1104440]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-20 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2011-02-12 15:26 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Users^the incredibles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]
path=c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk
backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-03-07 02:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 22:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-04-23 14:58 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2011-02-12 15:26 3607040 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-06-04 35712]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 195.130.131.4 195.130.130.132
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\the incredibles\AppData\Roaming\Mozilla\Firefox\Profiles\w5uk47l5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6R8wH1Dlw7&i=26
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B67cd24f5-7e37-4971-8fdf-350d1be35b9b%7D&mid=9e17da8a68da47d6bb09d16acdd3b184-3942aef76122b7e3ddf78a20352126407d07e2d5&ds=AVG&v=11.1.0.7〈=nl&pr=fr&d=2012-06-07%2017%3A53%3A08&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - e0989316-236f-4c0a-8010-7f289bf577a1
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8wH1Dlw7&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d402dff900000000000000238b375877
FF - user.js: extensions.incredibar_i.instlDay - 15512
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8wH1Dlw7
FF - user.js: extensions.incredibar_i.upn2n - 92824574815834771
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did -
FF - user.js: extensions.incredibar_i.ppd - %ppdToReport%
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-23 18:15
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(5536)
c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Voltooingstijd: 2012-06-23 18:18:17
ComboFix-quarantined-files.txt 2012-06-23 16:18
ComboFix2.txt 2012-06-23 14:17
.
Pre-Run: 140.099.145.728 bytes beschikbaar
Post-Run: 140.064.829.440 bytes beschikbaar
.
- - End Of File - - 57DC50056ECFD83335EA3B38A60CB18F
-
Ik heb gedaan wat je voorstelt. Hier zijn mijn nieuwe logs.
Combofix
ComboFix 12-06-23.05 - the incredibles 23/06/2012 16:05:51.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3066.1930 [GMT 2:00]
Gestart vanuit: c:\users\the incredibles\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Voorgaande Run -------
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\program files\Web Assistant\ExTEnsion32.dll
c:\programdata\Roaming
c:\users\the incredibles\AppData\Local\assembly\tmp
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-05-23 to 2012-06-23 ))))))))))))))))))))))))))))))
.
.
2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\the incredibles\AppData\Local\temp
2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Saar\AppData\Local\temp
2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Het bibliofieltje\AppData\Local\temp
2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-06-23 14:14 . 2012-06-23 14:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 15:46 . 2012-06-22 15:46 388096 ----a-r- c:\users\the incredibles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 15:46 . 2012-06-22 15:46 -------- d-----w- c:\program files\Trend Micro
2012-06-21 17:52 . 2012-06-21 17:52 -------- d-----w- c:\program files\Perion
2012-06-21 17:51 . 2012-06-21 17:51 455 ----a-w- C:\user.js
2012-06-21 17:51 . 2012-06-23 08:46 -------- d-----w- c:\program files\Web Assistant
2012-06-21 08:21 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:21 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:21 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:21 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:20 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:20 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:20 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:20 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:20 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 18:33 . 2012-06-20 18:33 -------- d-----w- c:\users\the incredibles\AppData\Local\7D542E3C-0060-428B-A68A-FE80FDFA24DA.aplzod
2012-06-19 17:37 . 2012-06-19 17:37 -------- d-----w- c:\users\the incredibles\.config
2012-06-16 08:20 . 2012-06-16 08:20 -------- d-----w- c:\program files\iPod
2012-06-16 08:20 . 2012-06-16 08:21 -------- d-----w- c:\program files\iTunes
2012-06-13 12:36 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 12:36 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 12:36 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 12:36 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 12:36 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 08:59 . 2012-06-09 08:59 -------- d-----w- c:\users\Saar\AppData\Local\AVG Secure Search
2012-06-08 17:24 . 2012-06-08 17:24 -------- d-----w- c:\program files\Dropbox
2012-06-08 13:02 . 2012-06-08 13:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-08 13:02 . 2012-06-01 15:37 157600 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-08 13:02 . 2012-06-01 15:37 113120 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-06-08 13:02 . 2012-06-01 15:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 13:02 . 2012-06-01 15:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\users\the incredibles\AppData\Local\AVG Secure Search
2012-06-07 15:53 . 2012-06-07 15:53 -------- d-----w- c:\program files\AVG Secure Search
2012-06-03 09:00 . 2012-06-03 09:00 -------- d-----w- c:\programdata\Downloaded Installations
2012-06-03 08:50 . 2012-06-03 08:50 -------- d-----w- c:\users\the incredibles\AppData\Local\Microsoft_Corporation
2012-06-03 08:48 . 2012-06-23 08:46 -------- d-----w- c:\users\the incredibles\AppData\Local\assembly
2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\users\the incredibles\AppData\Roaming\SingularLabs
2012-05-31 15:32 . 2012-05-31 15:32 -------- d-----w- c:\programdata\SingularLabs
2012-05-31 15:23 . 2012-06-22 15:32 -------- d-----w- c:\program files\System Ninja
2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\programdata\NCH Software
2012-05-28 17:07 . 2012-05-28 17:07 -------- d-----w- c:\program files\NCH Software
2012-05-28 17:07 . 2012-05-28 17:09 -------- d-----w- c:\users\the incredibles\AppData\Roaming\NCH Software
2012-05-25 15:37 . 2012-05-25 15:37 -------- d-----w- c:\users\the incredibles\AppData\Roaming\U3
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 13:55 . 2012-04-07 17:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 13:55 . 2011-05-17 15:47 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-19 05:43 . 2012-04-19 05:43 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-04-19 02:50 . 2012-04-19 02:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-04 13:56 . 2011-02-16 14:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-03 08:16 . 2012-05-11 05:10 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 05:10 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 12:39 . 2012-05-11 05:10 905600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-07-03 10:45 . 2012-02-29 14:38 826451 ----a-w- c:\program files\Rainbow Folders.exe
2003-03-21 12:45 . 2012-03-07 19:54 250544 ----a-w- c:\program files\Common Files\keyhelp.ocx
2012-06-01 15:38 . 2012-03-26 17:44 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-06-07 15:53 2068536 ----a-w- c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll" [2012-06-07 2068536]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58 94208 ----a-w- c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Fun Desktop Wallpaper Changer"="c:\program files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe" [2005-12-22 57344]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-01-04 39408]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-05-23 2068480]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-28 6111232]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2011-02-12 30192]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-28 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-28 92704]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-07-02 821768]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-06-07 1104440]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2011-12-20 296056]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2011-02-12 15:26 2972160 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKLM\~\startupfolder\C:^Users^the incredibles^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Mediacontrole Picture Motion Browser.lnk]
path=c:\users\the incredibles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mediacontrole Picture Motion Browser.lnk
backup=c:\windows\pss\Mediacontrole Picture Motion Browser.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BkupTray]
2008-04-06 21:42 34040 ----a-w- c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eAudio]
2008-03-07 02:36 544768 ----a-w- c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-03-04 22:38 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ePower_DMC]
2008-04-23 14:58 397312 ----a-w- c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-06-07 17:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 18:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reader Library Launcher]
2010-07-12 23:34 906648 ----a-w- c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2012-01-23 04:43 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZPdtWzdVitaKey MC3000]
2011-02-12 15:26 3607040 ----a-w- c:\program files\Acer\Acer Bio Protection\PdtWzd.exe
.
R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [2011-06-04 35712]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S0 Achernar;Achernar - SCSI Command Filter Drivers;c:\windows\System32\Drivers\Achernar.sys [2007-02-05 18432]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
.
Inhoud van de 'Gedeelde Taken' map
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 13:55]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-13 11:19]
.
.
------- Bijkomende Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 195.130.131.4 195.130.130.132
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - hxxps://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
FF - ProfilePath - c:\users\the incredibles\AppData\Roaming\Mozilla\Firefox\Profiles\w5uk47l5.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredibar.com/mb128?a=6R8wH1Dlw7&i=26
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B67cd24f5-7e37-4971-8fdf-350d1be35b9b%7D&mid=9e17da8a68da47d6bb09d16acdd3b184-3942aef76122b7e3ddf78a20352126407d07e2d5&ds=AVG&v=11.1.0.7〈=nl&pr=fr&d=2012-06-07%2017%3A53%3A08&sap=ku&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - e0989316-236f-4c0a-8010-7f289bf577a1
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8wH1Dlw7&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - d402dff900000000000000238b375877
FF - user.js: extensions.incredibar_i.instlDay - 15512
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1419:51
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8wH1Dlw7
FF - user.js: extensions.incredibar_i.upn2n - 92824574815834771
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did -
FF - user.js: extensions.incredibar_i.ppd - %ppdToReport%
.
- - - - ORPHANS VERWIJDERD - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
MSConfigStartUp-ISPMonitor - c:\program files\ISP Monitor\isp.exe
AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{2617FA1F-0C04-3ABB-AF64-7D5B6620C341}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\ClientLP\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2446708 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2478663 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2518870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2539636 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2572078 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2604121 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2633870 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656351 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656368v2 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2656405 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
AddRemove-{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2686827 - c:\windows\Microsoft.NET\Framework\v4.0.30319\SetupCache\Client\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-06-23 16:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(1016)
c:\users\the incredibles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Voltooingstijd: 2012-06-23 16:17:33
ComboFix-quarantined-files.txt 2012-06-23 14:17
.
Pre-Run: 140.241.915.904 bytes beschikbaar
Post-Run: 140.158.328.832 bytes beschikbaar
.
- - End Of File - - BC512511CE9D31AED4DFCE42B6834959
Log van HijackThis
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:28:35, on 23/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Windows\PLFSetI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\THEINC~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Fun Desktop Wallpaper Changer] C:\Program Files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - Startup: Dropbox.lnk = C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} - http://foto.hema.be/ips-opdata/layout/hema/objects/canvasx.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 14322 bytes
Alvast bedankt
-
Ik heb ook mystart incredibar op mijn laptop. Heel vervelend en heb al malwarbytes-antimalware, SSD, CCleaner gedraaid. Niets helpt. Kunnen jullie mij helpen? Ik stuur de log van HijachThis mee. Alvast bedankt.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:16:32, on 22/06/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\PLFSetI.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\THEINC~1\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://%20http//google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/pivotstickfigure/{48B68C7E-955E-4420-A793-48207D959DC4}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O2 - BHO: Web Assistant Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O2 - BHO: (no name) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\program files\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Fun Desktop Wallpaper Changer] C:\Program Files\Fun Desktop Wallpaper Changer\FunDesktopWallpaperChanger.exe
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [beid] C:\Program Files\Belgium Identity Card\beid35gui.exe
O4 - HKCU\..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
O4 - HKCU\..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
O4 - Startup: Dropbox.lnk = C:\Users\the incredibles\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\the incredibles\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - (no file)
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} - http://foto.hema.be/ips-opdata/layout/hema/objects/canvasx.cab
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - http://foto.hema.be/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {888078C6-70B2-4F88-8EE7-1F50DDEA6120} - https://as.photoprintit.de/ips-opdata/activex/ImageUploader6.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - (no file)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2012\avgwdsvc.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: vToolbarUpdater11.1.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
O23 - Service: Web Assistant Updater - Unknown owner - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
--
End of file - 15290 bytes
Mystart incredibar
in Archief Bestrijding malware & virussen
Geplaatst:
Als ik google chrome opstart nog steeds die rotzooi van mystart en incredibar. In explorer en mozilla firefox blijkbaar niet meer. Wat nu??