Tweet
Ik heb een probleem. Babylon blijft maar terug komen op mijn pc. Vriendin gebruikt Google Chrome en ik zelf IE. Spybot en Combofix halen niks uit. Hieronder mijn logfile, help! :
ComboFix 13-07-08.04 - sjors 08-07-2013 21:01:10.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2815.1808 [GMT 2:00]
Gestart vanuit: c:\users\sjors\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-08 to 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-08 19:08 . 2013-07-08 19:10 -------- d-----w- c:\users\sjors\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-07-08 09:11 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8872A9F-11DC-4A5B-8786-17A8FE86BC53}\mpengine.dll
2013-07-08 04:23 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-06 14:06 . 2013-07-07 11:38 -------- d-----w- c:\users\sjors\AppData\Roaming\Open Download Manager
2013-07-06 14:05 . 2013-07-07 11:40 -------- d-----w- c:\programdata\GorillaPrice
2013-06-21 06:21 . 2013-06-21 06:20 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{039449EC-98BF-497B-A970-CDDFE904D338}\gapaengine.dll
2013-06-15 15:32 . 2013-06-15 15:32 -------- d-----w- c:\users\sjors\AppData\Local\Macromedia
2013-06-12 19:03 . 2013-06-12 19:03 825336 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{85D70219-700E-4728-A80D-C394DEF6247E}\TweetDeck.exe
2013-06-12 19:03 . 2013-06-12 19:03 -------- d-----w- c:\program files\Twitter
2013-06-12 06:16 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 06:16 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-06-12 06:16 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 06:16 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 06:16 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 06:16 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 06:16 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 06:16 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 06:16 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 06:15 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 06:15 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 06:15 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:29 . 2012-04-21 18:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 18:29 . 2011-05-20 19:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-01 05:48 . 2013-06-01 05:48 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-23 14:51 . 2013-05-23 14:51 69632 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
2013-05-23 14:51 . 2013-05-23 14:51 49152 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-05-21 14:58 . 2012-06-14 17:29 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-10 16:07 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2010-12-09 05:45 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 04:07 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 04:07 37376 ----a-w- c:\windows\system32\cdd.dll
2012-10-11 01:06 . 2012-10-28 08:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-02 14:08 . 2010-07-02 14:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-20 843208]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-14 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-22 1197704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-01-13 295072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2008-06-02 08:26 319488 ----a-w- c:\program files\Acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-09-27 04:05 391096 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-07-29 16:52 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmpoweringTechnology]
2008-06-02 08:26 319488 ----a-w- c:\program files\Acer\Empowering Technology\Framework.Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-04-03 09:45 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-02 14:08 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-31 09:01 3970848 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-05-20 16:50 204908 ------w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-05-25 14:10 28672 ----a-w- c:\windows\System32\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-19 10:26 6265376 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-24 16:49 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 18:29]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 14:46]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 14:46]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0809&m=aspire_x1700
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\sjors\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\
FF - prefs.js: browser.startup.homepage -
FF - user.js: extensions.Softonic.hpOld0 -
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 98a6925200000000000000251117fcb0
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15752
FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1114:57
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00011
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic_i.excTlbr - false
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - true
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=98a6925200000000000000251117fcb0&q=
FF - user.js: extensions.BabylonToolbar.id - 98a6925200000000000000251117fcb0
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15752
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1014:57
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119849
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
FF - user.js: extentions.y2layers.installId - 7d807ce2-19fd-41b6-aa9f-bdbad7061308
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extentions.webcake.installId - ac4fe2c3-70d3-4bf4-bc21-cc6089973ef6
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 98a6925200000000000000251117fcb0
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15892
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - nl
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119842&tt=040713_ctrl&tsp=4935
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-08 21:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3272)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Fighters\SPAMfighter\sfus.exe
c:\program files\FS\Spyro Portal\FlashPortal.exe
c:\program files\Fighters\FighterSuiteService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2013-07-08 21:16:15 - machine werd herstart
ComboFix-quarantined-files.txt 2013-07-08 19:16
ComboFix2.txt 2013-07-07 14:25
ComboFix3.txt 2013-07-07 12:43
ComboFix4.txt 2013-07-01 10:53
ComboFix5.txt 2013-07-08 18:59
.
Pre-Run: 187.683.246.080 bytes beschikbaar
Post-Run: 187.533.717.504 bytes beschikbaar
.
- - End Of File - - 1B134760262ADA8B8BD9CA47E59332AB
5C616939100B85E558DA92B899A0FC36
ComboFix 13-07-08.04 - sjors 08-07-2013 21:01:10.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2815.1808 [GMT 2:00]
Gestart vanuit: c:\users\sjors\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-08 to 2013-07-08 ))))))))))))))))))))))))))))))
.
.
2013-07-08 19:08 . 2013-07-08 19:10 -------- d-----w- c:\users\sjors\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-07-08 09:11 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8872A9F-11DC-4A5B-8786-17A8FE86BC53}\mpengine.dll
2013-07-08 04:23 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-07-06 14:06 . 2013-07-07 11:38 -------- d-----w- c:\users\sjors\AppData\Roaming\Open Download Manager
2013-07-06 14:05 . 2013-07-07 11:40 -------- d-----w- c:\programdata\GorillaPrice
2013-06-21 06:21 . 2013-06-21 06:20 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{039449EC-98BF-497B-A970-CDDFE904D338}\gapaengine.dll
2013-06-15 15:32 . 2013-06-15 15:32 -------- d-----w- c:\users\sjors\AppData\Local\Macromedia
2013-06-12 19:03 . 2013-06-12 19:03 825336 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{85D70219-700E-4728-A80D-C394DEF6247E}\TweetDeck.exe
2013-06-12 19:03 . 2013-06-12 19:03 -------- d-----w- c:\program files\Twitter
2013-06-12 06:16 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-12 06:16 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-06-12 06:16 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-12 06:16 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-12 06:16 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-12 06:16 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-12 06:16 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-12 06:16 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-12 06:16 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-12 06:15 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-12 06:15 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-12 06:15 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 18:29 . 2012-04-21 18:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 18:29 . 2011-05-20 19:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-01 05:48 . 2013-06-01 05:48 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-05-23 14:51 . 2013-05-23 14:51 69632 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
2013-05-23 14:51 . 2013-05-23 14:51 49152 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
2013-05-21 14:58 . 2012-06-14 17:29 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-10 16:07 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 15:28 . 2010-12-09 05:45 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-15 04:07 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-15 04:07 37376 ----a-w- c:\windows\system32\cdd.dll
2012-10-11 01:06 . 2012-10-28 08:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2010-07-02 14:08 . 2010-07-02 14:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-20 843208]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-14 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]
"sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-22 1197704]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-01-13 295072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
2008-06-02 08:26 319488 ----a-w- c:\program files\Acer\Empowering Technology\SysMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2010-09-27 04:05 391096 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
2008-07-29 16:52 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmpoweringTechnology]
2008-06-02 08:26 319488 ----a-w- c:\program files\Acer\Empowering Technology\Framework.Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
2008-04-03 09:45 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-07-02 14:08 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2013-01-31 09:01 3970848 ----a-w- c:\windows\System32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
2008-05-20 16:50 204908 ------w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-05-25 14:10 28672 ----a-w- c:\windows\System32\qttask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2008-08-19 10:26 6265376 ----a-w- c:\windows\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
getPlusHelper REG_MULTI_SZ getPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-24 16:49 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 18:29]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 14:46]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 14:46]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0809&m=aspire_x1700
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\sjors\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 192.168.1.1
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\
FF - prefs.js: browser.startup.homepage -
FF - user.js: extensions.Softonic.hpOld0 -
FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.Softonic.id - 98a6925200000000000000251117fcb0
FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
FF - user.js: extensions.Softonic.instlDay - 15752
FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1114:57
FF - user.js: extensions.Softonic.prtnrId - softonic
FF - user.js: extensions.Softonic.prdct - Softonic
FF - user.js: extensions.Softonic.aflt - SD
FF - user.js: extensions.Softonic_i.smplGrp - none
FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
FF - user.js: extensions.Softonic.instlRef - MOY00011
FF - user.js: extensions.Softonic.dfltLng -
FF - user.js: extensions.Softonic_i.excTlbr - false
FF - user.js: extensions.Softonic.excTlbr - false
FF - user.js: extensions.Softonic.admin - false
FF - user.js: extensions.Softonic.autoRvrt - false
FF - user.js: extensions.Softonic.rvrt - true
FF - user.js: extensions.Softonic_i.hmpg - true
FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=
FF - user.js: extensions.Softonic.dfltSrch - true
FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&q=
FF - user.js: extensions.Softonic_i.dnsErr - true
FF - user.js: extensions.Softonic_i.newTab - true
FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=15&cc=
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=98a6925200000000000000251117fcb0&q=
FF - user.js: extensions.BabylonToolbar.id - 98a6925200000000000000251117fcb0
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15752
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1014:57
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119849
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar.rvrt - false
FF - user.js: extensions.BabylonToolbar.newTab - false
FF - user.js: extentions.y2layers.installId - 7d807ce2-19fd-41b6-aa9f-bdbad7061308
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
FF - user.js: extentions.webcake.installId - ac4fe2c3-70d3-4bf4-bc21-cc6089973ef6
FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 98a6925200000000000000251117fcb0
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15892
FF - user.js: extensions.delta.vrsn - 1.8.21.5
FF - user.js: extensions.delta.vrsni - 1.8.21.5
FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:06
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - nl
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.ffxUnstlRst - true
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta_i.babTrack - affID=119842&tt=040713_ctrl&tsp=4935
FF - user.js: extensions.delta_i.babExt -
FF - user.js: extensions.delta_i.srcExt - ss
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-07-08 21:10
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(3272)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Fighters\SPAMfighter\sfus.exe
c:\program files\FS\Spyro Portal\FlashPortal.exe
c:\program files\Fighters\FighterSuiteService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\servicing\TrustedInstaller.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Voltooingstijd: 2013-07-08 21:16:15 - machine werd herstart
ComboFix-quarantined-files.txt 2013-07-08 19:16
ComboFix2.txt 2013-07-07 14:25
ComboFix3.txt 2013-07-07 12:43
ComboFix4.txt 2013-07-01 10:53
ComboFix5.txt 2013-07-08 18:59
.
Pre-Run: 187.683.246.080 bytes beschikbaar
Post-Run: 187.533.717.504 bytes beschikbaar
.
- - End Of File - - 1B134760262ADA8B8BD9CA47E59332AB
5C616939100B85E558DA92B899A0FC36
c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
Comment