linda123
-
Items
8 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door linda123
-
-
ComboFix 12-11-02.02 - Eigenaar 02-11-2012 17:19:29.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3071.2156 [GMT 1:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Eigenaar\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-02 to 2012-11-02 ))))))))))))))))))))))))))))))
.
.
2012-11-02 16:27 . 2012-11-02 16:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-02 16:27 . 2012-11-02 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-02 16:17 . 2012-11-02 16:17 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90602FF0-91DE-41D0-A73A-754BE595BC6B}\MpKsl92b4f87d.sys
2012-11-02 16:15 . 2012-11-02 16:15 -------- d-----w- c:\windows\nl
2012-11-02 16:14 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-02 16:14 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-02 16:14 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-02 16:14 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-02 16:13 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2012-11-02 16:13 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-11-01 09:17 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90602FF0-91DE-41D0-A73A-754BE595BC6B}\mpengine.dll
2012-10-31 13:17 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-31 13:07 . 2012-11-02 16:27 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2012-10-27 14:44 . 2012-10-27 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-27 14:44 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-20 02:17 . 2012-09-27 04:42 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{024B978F-208F-4981-839C-404C86E62FBE}\gapaengine.dll
2012-10-17 04:40 . 2012-10-27 14:56 -------- d-----w- c:\windows\Sun
2012-10-17 04:28 . 2012-10-17 04:28 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-17 04:26 . 2012-10-17 04:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-10-12 08:50 . 2012-10-12 08:50 -------- d-----w- c:\program files\Common Files\Simple Adblock
2012-10-09 21:01 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 21:01 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 21:01 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 08:49 . 2012-04-06 02:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-20 08:49 . 2011-05-18 04:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-27 04:42 . 2011-03-25 20:20 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-12 15:07 . 2012-09-12 15:07 58368 ----a-w- c:\windows\system32\sirenacm.dll
2012-09-12 14:57 . 2012-09-12 14:57 322048 ----a-w- c:\windows\WLXPGSS.SCR
2012-09-01 09:03 . 2012-09-01 09:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 09:03 . 2012-07-03 10:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 09:03 . 2011-07-06 15:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 20:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 06:59 . 2012-09-22 16:25 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 16:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 16:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 16:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 16:25 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 16:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 01:04 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 01:04 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 01:04 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 01:04 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-25 19:16 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-14 18:07 . 2012-08-14 18:07 63344640 ----a-w- c:\users\Eigenaar\AppData\Roaming\Bjhyhz.exe
2012-08-12 14:04 . 2012-08-12 14:04 1565859 ----a-w- c:\windows\Fishdom H2O - Hidden Odyssey Uninstaller.exe
2012-10-27 21:30 . 2012-10-27 21:29 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-17 3077528]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-01-02 326776]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S1 MpKsl92b4f87d;MpKsl92b4f87d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{90602FF0-91DE-41D0-A73A-754BE595BC6B}\MpKsl92b4f87d.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - MPKSL92B4F87D
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 08:49]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 10:29]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 10:29]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4253276374-3521184392-2154863504-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-10 14:53]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4253276374-3521184392-2154863504-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-10 14:53]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\dejzt0t6.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Voltooingstijd: 2012-11-02 17:29:25
ComboFix-quarantined-files.txt 2012-11-02 16:29
ComboFix2.txt 2012-10-31 13:13
.
Pre-Run: 440.153.432.064 bytes beschikbaar
Post-Run: 440.160.845.824 bytes beschikbaar
.
- - End Of File - - 79A398D5708A80E702F831F88F371FB9
-
ComboFix 12-10-31.03 - Eigenaar 31-10-2012 14:00:23.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.31.1043.18.3071.2101 [GMT 1:00]
Gestart vanuit: c:\users\Eigenaar\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\100
c:\users\Eigenaar\AppData\Roaming\mIRC\logs\status.log
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-09-28 to 2012-10-31 ))))))))))))))))))))))))))))))
.
.
2012-10-31 13:07 . 2012-10-31 13:09 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp
2012-10-31 13:07 . 2012-10-31 13:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-31 08:37 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2761B58A-D06B-481F-B159-16A070819403}\mpengine.dll
2012-10-30 06:24 . 2012-10-12 05:56 6918632 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-10-27 14:44 . 2012-10-27 14:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-27 14:44 . 2012-09-29 17:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-20 02:17 . 2012-09-27 04:42 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{024B978F-208F-4981-839C-404C86E62FBE}\gapaengine.dll
2012-10-17 04:40 . 2012-10-27 14:56 -------- d-----w- c:\windows\Sun
2012-10-17 04:28 . 2012-10-17 04:28 -------- d-----w- c:\program files\Common Files\Adobe
2012-10-17 04:26 . 2012-10-17 04:26 -------- d-----w- c:\program files\Common Files\Adobe AIR
2012-10-12 08:50 . 2012-10-12 08:50 -------- d-----w- c:\program files\Common Files\Simple Adblock
2012-10-09 21:01 . 2012-08-10 23:56 542208 ----a-w- c:\windows\system32\kerberos.dll
2012-10-09 21:01 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-09 21:01 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-20 08:49 . 2012-04-06 02:06 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-20 08:49 . 2011-05-18 04:32 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-27 04:42 . 2011-03-25 20:20 740784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-09-01 09:03 . 2012-09-01 09:03 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 09:03 . 2012-07-03 10:19 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-01 09:03 . 2011-07-06 15:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-30 20:03 . 2012-08-30 20:03 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 20:03 . 2010-10-24 20:25 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-24 06:59 . 2012-09-22 16:25 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51 . 2012-09-22 16:25 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51 . 2012-09-22 16:25 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47 . 2012-09-22 16:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47 . 2012-09-22 16:25 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43 . 2012-09-22 16:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16 . 2012-09-12 01:04 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16 . 2012-09-12 01:04 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16 . 2012-09-12 01:04 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16 . 2012-09-12 01:04 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12 . 2012-09-25 19:16 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-14 18:07 . 2012-08-14 18:07 63344640 ----a-w- c:\users\Eigenaar\AppData\Roaming\Bjhyhz.exe
2012-08-12 14:04 . 2012-08-12 14:04 1565859 ----a-w- c:\windows\Fishdom H2O - Hidden Odyssey Uninstaller.exe
2012-08-02 16:57 . 2012-09-12 01:04 490496 ----a-w- c:\windows\system32\d3d10level9.dll
2012-10-27 21:30 . 2012-10-27 21:29 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{26A7CA19-7D58-411D-B2DA-F1B0324CBFFC}]
2012-09-12 09:59 1624576 ----a-w- c:\program files\Gamers Unite! Snag Bar\Toolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
2010-06-13 17:10 2734688 ----a-w- c:\program files\Messenger_Plus_Live_Netherlands\tbMess.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d2ab2732-a124-4fb2-8da5-4a6a9e379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMess.dll" [2010-06-13 2734688]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2012-09-12 1624576]
.
[HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D2AB2732-A124-4FB2-8DA5-4A6A9E379331}"= "c:\program files\Messenger_Plus_Live_Netherlands\tbMess.dll" [2010-06-13 2734688]
"{25515A79-C1C7-4B97-97F8-31A711694487}"= "c:\program files\Gamers Unite! Snag Bar\Toolbar.dll" [2012-09-12 1624576]
.
[HKEY_CLASSES_ROOT\clsid\{d2ab2732-a124-4fb2-8da5-4a6a9e379331}]
.
[HKEY_CLASSES_ROOT\clsid\{25515a79-c1c7-4b97-97f8-31a711694487}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{017D1380-106D-43D5-97DC-81E8A527FD73}]
[HKEY_CLASSES_ROOT\FCTB000062781.IEToolbar]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-09-17 3077528]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-09-17 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792]
"ExpressFiles"="c:\program files\ExpressFiles\ExpressFiles.exe" [2012-01-02 326776]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-02-26 295728]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-03 767312]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" -hide -runkey
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
.
R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [x]
R4 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [x]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [x]
S1 MpKsl03c3cdf1;MpKsl03c3cdf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2761B58A-D06B-481F-B159-16A070819403}\MpKsl03c3cdf1.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [x]
.
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhoud van de 'Gedeelde Taken' map
.
2012-10-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 08:49]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 10:29]
.
2012-09-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-17 10:29]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4253276374-3521184392-2154863504-1000Core.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-10 14:53]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4253276374-3521184392-2154863504-1000UA.job
- c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-10 14:53]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
IE: &Verzenden naar OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.2.254
FF - ProfilePath - c:\users\Eigenaar\AppData\Roaming\Mozilla\Firefox\Profiles\dejzt0t6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843458&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.google.nl/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 9abd55490000000000000015af18c97d
FF - user.js: extensions.BabylonToolbar_i.hardId - 9abd55490000000000000015af18c97d
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15391
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=120812_bandext_3312_7
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 9abd55490000000000000015af18c97d
FF - user.js: extensions.BabylonToolbar.instlDay - 15565
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.621:09
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{38542454-DFB6-44F5-B052-D4E071A3D073} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{87775FDB-6972-41F9-AE51-8326E38CB206} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Voltooingstijd: 2012-10-31 14:13:20 - machine werd herstart
ComboFix-quarantined-files.txt 2012-10-31 13:13
.
Pre-Run: 440.202.752.000 bytes beschikbaar
Post-Run: 440.184.442.880 bytes beschikbaar
.
- - End Of File - - 88E685706FC2EA38AC617F22B9DC735C
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:15:45, on 31-10-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\Explorer.exe
C:\Users\Eigenaar\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMess.dll
O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 9902 bytes
-
Ik heb nu al een tijdje geen popups meer gehad kun je mss uitleggen waarvoor combofix is?
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:59:32, on 27-10-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Eigenaar\Downloads\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMess.dll
O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 10628 bytes
-
Malwarebytes Anti-Malware 1.65.1.1000
Malwarebytes : Free anti-malware download
Databaseversie: v2012.10.27.05
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Eigenaar :: EIGENAAR-PC [administrator]
27-10-2012 16:46:11
mbam-log-2012-10-27 (16-46-11).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 220853
Verstreken tijd: 5 minuut/minuten, 45 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 14
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1E0DE227-5CE4-4EA3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 7
C:\ProgramData\TheBflix (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\data (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\BROWSERCOMPANION (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA\bin (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0 (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA\data (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
Bestanden gedetecteerd: 14
C:\Users\Eigenaar\Documents\wincln.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\background.html (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\bdmkmnjlliodibplcplaffjdiempemfo.crx (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\bhoclass.dll (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\content.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\settings.ini (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\data\content.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\ProgramData\TheBflix\data\jsondb.js (PUP.BFlix) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\BROWSERCOMPANION\BLABBERS-FF-FULL.XPI (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Program Files\BROWSERCOMPANION\blabbers-ch.crx (PUP.Blabbers) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA\bin\1.0.11.0\copyright.txt (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA.dat (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSAau.dat (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Users\Eigenaar\Local Settings\Application Data\RavenBleuSA\data\RavenBleuSA_kyf.dat (Adware.Hotbar.RB) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
-
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:26:15, on 26-10-2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Users\Eigenaar\Documents\wincln.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Eigenaar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eigenaar\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ACVA94FE\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMess.dll
R3 - URLSearchHook: (no name) - {38542454-dfb6-44f5-b052-d4e071a3d073} - (no file)
R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: FCTBPos00Pos - {26A7CA19-7D58-411D-B2DA-F1B0324CBFFC} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AdblockIE - {90EFF544-3981-4d46-85C9-C0361D0931D6} - mscoree.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMess.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Messenger Plus Live Netherlands Toolbar - {d2ab2732-a124-4fb2-8da5-4a6a9e379331} - C:\Program Files\Messenger_Plus_Live_Netherlands\tbMess.dll
O3 - Toolbar: Gamers Unite! Snag Bar - {25515A79-C1C7-4B97-97F8-31A711694487} - C:\Program Files\Gamers Unite! Snag Bar\Toolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [PlusService] C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
O4 - HKLM\..\Run: [ExpressFiles] "C:\Program Files\ExpressFiles\ExpressFiles.exe" -tray
O4 - HKLM\..\Run: [sSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
O4 - HKCU\..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [bjhyhz] C:\Users\Eigenaar\AppData\Roaming\Bjhyhz.exe
O4 - HKCU\..\Run: [idle32] C:\Users\Eigenaar\Documents\wincln.exe
O8 - Extra context menu item: &Verzenden naar OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Gekoppelde notities van OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
--
End of file - 12344 bytes
-
Hoi
IK heb sins een tijdje steeds last van popups die uit het niks opkomen deze komen alleen via internet exploier zelfs als ik deze niet gebruik ik heb Microsoft security als anti virtus en verder CCleaner
ik heb een aantal van de links gekopiert die steeds opkomen maar het zijn heel veel verschilende hoop dat iemand weet hoe ik deze popups voorgoed kan verwijdere en het liefs zonder van alles te moeten downloaden
http://1stnewsliner.com/limits/alarm-lacks-list_point.php
Vervelende popups
in Archief Bestrijding malware & virussen
Geplaatst:
Ik heb dankzij jou gelukkig geen last meer van de pop ups, heel erg bedankt nog voor je hulp ermee.
Groetjes Linda