Adware Generic5

Patrickallround · 4 maart 2013

Hoi,

ik zag bij anderen dat een evt volgende stap ComboFix is en heb daar de log van. Dus hierbij indien van toepassing:

ComboFix 13-03-04.01 - Patrick 04-03-2013 16:56:51.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3000.1625 [GMT 1:00]

Gestart vanuit: c:\users\Patrick\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 ))))))))))))))))))))))))))))))

.

2013-03-04 16:10 . 2013-03-04 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-03-04 14:57 . 2013-03-04 14:57 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2013-03-04 12:37 . 2013-03-04 12:37 -------- d-----w- c:\windows\system32\Extensions

2013-03-04 12:37 . 2013-03-04 12:37 -------- d-----w- c:\windows\system32\searchplugins

2013-03-04 11:40 . 2013-03-04 11:40 388096 ----a-r- c:\users\Patrick\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2013-03-04 11:39 . 2013-03-04 11:39 14664 ----a-w- c:\windows\stinger.sys

2013-03-04 11:32 . 2013-03-04 12:30 -------- d-----w- c:\program files\stinger

2013-03-03 14:36 . 2013-03-03 14:36 -------- d-----w- c:\program files\Trend Micro

2013-03-03 12:00 . 2013-03-03 12:00 -------- d-----w- c:\program files\Gophoto.it

2013-03-03 11:59 . 2013-03-03 11:59 -------- d-----w- c:\program files\Delta

2013-03-03 11:59 . 2013-03-03 11:59 -------- d-----w- c:\programdata\BrowserProtect

2013-03-03 11:58 . 2013-03-03 11:58 -------- d-----w- c:\users\Patrick\AppData\Roaming\BabSolution

2013-03-03 11:54 . 2013-03-03 11:54 -------- d-----w- c:\programdata\Tarma Installer

2013-03-03 11:53 . 2013-03-03 11:54 -------- d-----w- c:\program files\TornTV.com

2013-02-21 22:08 . 2013-02-21 22:08 -------- d-----w- c:\program files\iPod

2013-02-21 22:08 . 2013-02-21 22:09 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2013-02-21 22:08 . 2013-02-21 22:09 -------- d-----w- c:\program files\iTunes

2013-02-21 21:53 . 2013-02-21 21:53 -------- d-----w- c:\program files\Common Files\DVDVideoSoft

2013-02-21 21:48 . 2012-12-13 12:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll

2013-02-15 02:28 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\vgx\VGX.dll

2013-02-14 08:36 . 2013-01-04 01:38 2048512 ----a-w- c:\windows\system32\win32k.sys

2013-02-14 08:36 . 2012-11-08 03:48 1314816 ----a-w- c:\windows\system32\quartz.dll

2013-02-14 08:36 . 2013-01-04 11:28 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-14 08:36 . 2013-01-05 05:26 3602808 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-02-14 08:36 . 2013-01-05 05:26 3550072 ----a-w- c:\windows\system32\ntoskrnl.exe

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-27 15:50 . 2012-09-22 08:02 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-02-27 15:50 . 2011-09-16 10:20 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-02-18 19:36 . 2012-10-07 21:19 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys

2012-12-16 13:12 . 2012-12-21 02:02 34304 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 10:50 . 2012-12-21 02:02 293376 ----a-w- c:\windows\system32\atmfd.dll

2012-12-14 15:49 . 2012-05-21 21:21 21104 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-13 12:50 . 2012-12-13 12:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys

2013-03-03 13:32 . 2013-03-03 13:32 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-03 68856]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"SmpcSys"="c:\program files\PACKARD BELL\SetUpMyPC\SmpSys.exe" [2008-07-07 1038136]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]

"RtHDVCpl"="RtHDVCpl.exe" [2008-08-04 6265376]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 894512]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-09 30192]

"SmpcSys"="c:\program files\Packard Bell\SetupMyPC\SmpSys.exe" [2008-07-07 1038136]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-12 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-12 170520]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-12 145944]

"Skytel"="Skytel.exe" [2008-08-04 1833504]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-18 1151152]

"Reader Library Launcher"="c:\program files\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-12 906648]

"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]

"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]

"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]

.

c:\users\Patrick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

@="Service"

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"MobileDocuments"=c:\program files\Common Files\Apple\Internet Services\ubd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe"

"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12

"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" /run

"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" /DoAction

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

"SunJavaUpdateSched"="c:\program files\Java\jre7\bin\jusched.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MBAMSWISSARMY

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

ezSharedSvc

.

Inhoud van de 'Gedeelde Taken' map

.

2013-03-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-22 15:50]

.

2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-16 21:55]

.

2013-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-10-16 21:55]

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0413&s=2&o=vp32&d=0809&m=easynote_mh45

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to DVD Converter - c:\users\Patrick\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetodvdconverter.htm

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: LastPass Fill Forms - file://c:\program files\LastPass\context.html?cmd=fillforms

TCP: DhcpNameServer = 212.54.40.25 212.54.35.25

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll

FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\

FF - prefs.js: browser.search.selectedEngine - Delta Search

FF - prefs.js: browser.startup.homepage - hxxp://www.delta-search.com/?affID=119776&babsrc=HP_ss&mntrId=e25071370000000000000017c473aeca

FF - ExtSQL: 2013-03-03 12:54; torntv@torntv.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv.com.xpi

FF - ExtSQL: 2013-03-03 12:59; ffxtlbr@delta.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\ffxtlbr@delta.com

FF - ExtSQL: 2013-03-03 13:00; {0F827075-B026-42F3-885D-98981EE7B1AE}; c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - e25071370000000000000017c473aeca

FF - user.js: extensions.BabylonToolbar_i.hardId - e25071370000000000000017c473aeca

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15361

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:50

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - e25071370000000000000017c473aeca

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15767

FF - user.js: extensions.delta.vrsn - 1.8.10.0

FF - user.js: extensions.delta.vrsni - 1.8.10.0

FF - user.js: extensions.delta.vrsnTs - 1.8.10.012:59

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)

WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)

WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)

SafeBoot-WudfPf

SafeBoot-WudfRd

AddRemove-Free Video to MP3 Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe

AddRemove-Free YouTube to DVD Converter_is1 - c:\program files\Common Files\DVDVideoSoft\Uninstall.exe

AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe

AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2013-03-04 17:10

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.3.6\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-709391076-3668097275-2558483745-1000\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**ÑeoEn]

"LP_LastUpdateTime"="1326730806"

"LP_LastCheckTime"=dword:4f144e39

"LP_ReloadIntervalInHours"=dword:000002a0

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2013-03-04 17:15:30

ComboFix-quarantined-files.txt 2013-03-04 16:15

.

Pre-Run: 219.768.680.448 bytes beschikbaar

Post-Run: 219.890.409.472 bytes beschikbaar

.

- - End Of File - - 3815EF3C047359A18E3A37094A29534E

kape · 4 maart 2013

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\windows\system32\Extensions

c:\windows\system32\searchplugins

c:\program files\Delta

c:\programdata\BrowserProtect

c:\programdata\Tarma Installer

c:\program files\TornTV.com

Firefox::

FF - ProfilePath - c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage -

FF - ExtSQL: 2013-03-03 12:54; torntv@torntv.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\torntv@torntv. com.xpi

FF - ExtSQL: 2013-03-03 12:59; ffxtlbr@delta.com; c:\users\Patrick\AppData\Roaming\Mozilla\Firefox\Profiles\obrtnenv.default\extensions\ffxtlbr@delta. com

FF - ExtSQL: 2013-03-03 13:00; {0F827075-B026-42F3-885D-98981EE7B1AE}; c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100482

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - e25071370000000000000017c473aeca

FF - user.js: extensions.BabylonToolbar_i.hardId - e25071370000000000000017c473aeca

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15361

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:50

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

FF - user.js: extensions.delta.tlbrSrchUrl -

FF - user.js: extensions.delta.id - e25071370000000000000017c473aeca

FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}

FF - user.js: extensions.delta.instlDay - 15767

FF - user.js: extensions.delta.vrsn - 1.8.10.0

FF - user.js: extensions.delta.vrsni - 1.8.10.0

FF - user.js: extensions.delta.vrsnTs - 1.8.10.012:59

FF - user.js: extensions.delta.prtnrId - delta

FF - user.js: extensions.delta.prdct - delta

FF - user.js: extensions.delta.aflt - babsst

FF - user.js: extensions.delta.smplGrp - none

FF - user.js: extensions.delta.tlbrId - base

FF - user.js: extensions.delta.instlRef - sst

FF - user.js: extensions.delta.dfltLng - en

FF - user.js: extensions.delta.excTlbr - false

FF - user.js: extensions.delta.admin - false

FF - user.js: extensions.delta.autoRvrt - false

FF - user.js: extensions.delta.rvrt - false

FF - user.js: extensions.delta.newTab – false

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in de rode snelkoppeling van ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Patrickallround · 4 maart 2013

ComboFix 13-03-04.01 - Patrick 04-03-2013 19:19:14.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3000.1808 [GMT 1:00]

Gestart vanuit: c:\users\Patrick\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Patrick\Desktop\CFScript.txt

AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Delta

c:\program files\Delta\delta\1.8.10.0\deltaApp.dll

c:\program files\Delta\delta\1.8.10.0\deltaEng.dll

c:\program files\Delta\delta\1.8.10.0\deltasrv.exe

c:\program files\Delta\delta\1.8.10.0\deltaTlbr.dll

c:\program files\Delta\delta\1.8.10.0\escortShld.dll

c:\program files\Delta\delta\1.8.10.0\uninstall.exe

c:\program files\TornTV.com

c:\program files\TornTV.com\torn11.crx

c:\program files\TornTV.com\torntemp.xpi

c:\program files\TornTV.com\TornTV.exe

c:\program files\TornTV.com\uninst.exe

c:\programdata\BrowserProtect

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\bl

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.settings

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\chrome.manifest

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\bprotector-3.6.xpt

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\components\BrowserProtect-18.0.dll

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\bprotector.js

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\content\overlay.xul

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension\install.rdf

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\00

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\01

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\02

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\03

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\10

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\11

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\12

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\13

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\20

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\21

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\22

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings\23

c:\programdata\BrowserProtect\2.6.1095.52\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe

c:\programdata\Tarma Installer

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe

c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico

c:\windows\system32\Extensions

c:\windows\system32\searchplugins

.

(((((((((((((((((((( Bestanden Gemaakt van 2013-02-04 to 2013-03-04 ))))))))))))))))))))))))))))))

.

2013-03-04 18:33 . 2013-03-04 18:33 -------- d-----w- c:\users\Default\AppData\Local\temp