Mededeling

Collapse
No announcement yet.

Babylon en blauwe schermen.

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Babylon en blauwe schermen.

    Ik heb een probleem. Babylon blijft maar terug komen op mijn pc. Vriendin gebruikt Google Chrome en ik zelf IE. Spybot en Combofix halen niks uit. Hieronder mijn logfile, help! :

    ComboFix 13-07-08.04 - sjors 08-07-2013 21:01:10.7.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2815.1808 [GMT 2:00]
    Gestart vanuit: c:\users\sjors\Desktop\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
    SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\TEMP\logishrd\LVPrcInj01.dll
    c:\windows\wininit.ini
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-06-08 to 2013-07-08 ))))))))))))))))))))))))))))))
    .
    .
    2013-07-08 19:08 . 2013-07-08 19:10 -------- d-----w- c:\users\sjors\AppData\Local\temp
    2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Public\AppData\Local\temp
    2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2013-07-08 19:08 . 2013-07-08 19:08 -------- d-----w- c:\users\Admin\AppData\Local\temp
    2013-07-08 09:11 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C8872A9F-11DC-4A5B-8786-17A8FE86BC53}\mpengine.dll
    2013-07-08 04:23 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-07-06 14:06 . 2013-07-07 11:38 -------- d-----w- c:\users\sjors\AppData\Roaming\Open Download Manager
    2013-07-06 14:05 . 2013-07-07 11:40 -------- d-----w- c:\programdata\GorillaPrice
    2013-06-21 06:21 . 2013-06-21 06:20 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{039449EC-98BF-497B-A970-CDDFE904D338}\gapaengine.dll
    2013-06-15 15:32 . 2013-06-15 15:32 -------- d-----w- c:\users\sjors\AppData\Local\Macromedia
    2013-06-12 19:03 . 2013-06-12 19:03 825336 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{85D70219-700E-4728-A80D-C394DEF6247E}\TweetDeck.exe
    2013-06-12 19:03 . 2013-06-12 19:03 -------- d-----w- c:\program files\Twitter
    2013-06-12 06:16 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2013-06-12 06:16 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2013-06-12 06:16 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
    2013-06-12 06:16 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
    2013-06-12 06:16 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
    2013-06-12 06:16 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
    2013-06-12 06:16 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
    2013-06-12 06:16 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
    2013-06-12 06:16 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
    2013-06-12 06:15 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-06-12 06:15 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-06-12 06:15 . 2013-04-17 12:30 24576 ----a-w- c:\windows\system32\cryptdlg.dll
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-06-12 18:29 . 2012-04-21 18:06 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-06-12 18:29 . 2011-05-20 19:59 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-06-01 05:48 . 2013-06-01 05:48 887888 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2013-05-23 14:51 . 2013-05-23 14:51 69632 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\ARPPRODUCTICON.exe
    2013-05-23 14:51 . 2013-05-23 14:51 49152 ----a-r- c:\users\sjors\AppData\Roaming\Microsoft\Installer\{89505A66-35F0-4401-B3AD-D077051F8698}\UNINST_Uninstall_Q_336D8C9DB2424DE5BC518E574B25652F.exe
    2013-05-21 14:58 . 2012-06-14 17:29 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-05-10 16:07 . 2010-06-24 10:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-05-02 15:28 . 2010-12-09 05:45 238872 ------w- c:\windows\system32\MpSigStub.exe
    2013-04-15 14:20 . 2013-05-15 04:07 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2013-04-13 10:56 . 2013-05-15 04:07 37376 ----a-w- c:\windows\system32\cdd.dll
    2012-10-11 01:06 . 2012-10-28 08:02 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2010-07-02 14:08 . 2010-07-02 14:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\eg isPSDP]
    @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
    [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
    2008-07-29 16:52 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]
    "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-20 843208]
    "KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-10-11 966072]
    "KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
    "Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-07-16 5458704]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2013-04-14 39408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-02-02 1453704]
    "sfagent"="c:\program files\Fighters\SPAMfighter\sfagent.exe" [2012-02-22 1197704]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
    "KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
    "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
    "TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2013-01-13 295072]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]
    2008-06-02 08:26 319488 ----a-w- c:\program files\Acer\Empowering Technology\SysMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
    2010-09-27 04:05 391096 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
    2007-04-03 16:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
    2007-05-14 16:01 644696 ----a-w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eDataSecurity Loader]
    2008-07-29 16:52 526896 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
    2008-01-21 02:25 125952 ----a-w- c:\windows\ehome\ehtray.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmpoweringTechnology]
    2008-06-02 08:26 319488 ----a-w- c:\program files\Acer\Empowering Technology\Framework.Launcher.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]
    2008-04-03 09:45 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
    2010-07-02 14:08 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
    2013-01-31 09:01 3970848 ----a-w- c:\windows\System32\nvcpl.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    2007-02-04 11:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMMediaSharing]
    2008-05-20 16:50 204908 ------w- c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-05-25 14:10 28672 ----a-w- c:\windows\System32\qttask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
    2008-08-19 10:26 6265376 ----a-w- c:\windows\RtHDVCpl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    2006-10-25 08:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WarReg_PopUp]
    2008-01-29 07:03 303104 ----a-w- c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
    2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
    2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001
    .
    S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-05-20 269448]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-06-24 16:49 1165776 ----a-w- c:\program files\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 18:29]
    .
    2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 14:46]
    .
    2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-12-19 14:46]
    .
    .
    ------- Bijkomende Scan -------
    .
    uStart Page = hxxp://www.google.com/
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0809&m=aspire_x1700
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Free YouTube Download - c:\users\sjors\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    TCP: DhcpNameServer = 192.168.1.1
    DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\
    FF - prefs.js: browser.startup.homepage -
    FF - user.js: extensions.Softonic.hpOld0 -
    FF - user.js: extensions.Softonic.tlbrSrchUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=1&cc=&q=
    FF - user.js: extensions.Softonic.id - 98a6925200000000000000251117fcb0
    FF - user.js: extensions.Softonic.appId - {7ABBFE1C-E485-44AA-8F36-353751B4124D}
    FF - user.js: extensions.Softonic.instlDay - 15752
    FF - user.js: extensions.Softonic.vrsn - 1.8.8.11
    FF - user.js: extensions.Softonic.vrsni - 1.8.8.11
    FF - user.js: extensions.Softonic_i.vrsnTs - 1.8.8.1114:57
    FF - user.js: extensions.Softonic.prtnrId - softonic
    FF - user.js: extensions.Softonic.prdct - Softonic
    FF - user.js: extensions.Softonic.aflt - SD
    FF - user.js: extensions.Softonic_i.smplGrp - none
    FF - user.js: extensions.Softonic.tlbrId - BASEirobinhoodActive
    FF - user.js: extensions.Softonic.instlRef - MOY00011
    FF - user.js: extensions.Softonic.dfltLng -
    FF - user.js: extensions.Softonic_i.excTlbr - false
    FF - user.js: extensions.Softonic.excTlbr - false
    FF - user.js: extensions.Softonic.admin - false
    FF - user.js: extensions.Softonic.autoRvrt - false
    FF - user.js: extensions.Softonic.rvrt - true
    FF - user.js: extensions.Softonic_i.hmpg - true
    FF - user.js: extensions.Softonic.hmpgUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=13&cc=
    FF - user.js: extensions.Softonic.dfltSrch - true
    FF - user.js: extensions.Softonic.srchPrvdr - Search the web (Softonic)
    FF - user.js: extensions.Softonic.kw_url - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc=&q=
    FF - user.js: extensions.Softonic_i.dnsErr - true
    FF - user.js: extensions.Softonic_i.newTab - true
    FF - user.js: extensions.Softonic.newTabUrl - hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=15&cc=
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=98a6925200000000000000251117fcb0&q=
    FF - user.js: extensions.BabylonToolbar.id - 98a6925200000000000000251117fcb0
    FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
    FF - user.js: extensions.BabylonToolbar.instlDay - 15752
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.11.10
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.11.10
    FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.11.1014:57
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - uninst
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true
    FF - user.js: extensions.BabylonToolbar.admin - false
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119849
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.autoRvrt - false
    FF - user.js: extensions.BabylonToolbar.rvrt - false
    FF - user.js: extensions.BabylonToolbar.newTab - false
    FF - user.js: extentions.y2layers.installId - 7d807ce2-19fd-41b6-aa9f-bdbad7061308
    FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,buzzdock,YontooNewOffers
    FF - user.js: extentions.webcake.installId - ac4fe2c3-70d3-4bf4-bc21-cc6089973ef6
    FF - user.js: extentions.webcake.defaultEnableAppsList - layers,brain/features,newOffers/wc
    FF - user.js: extensions.delta.tlbrSrchUrl -
    FF - user.js: extensions.delta.id - 98a6925200000000000000251117fcb0
    FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
    FF - user.js: extensions.delta.instlDay - 15892
    FF - user.js: extensions.delta.vrsn - 1.8.21.5
    FF - user.js: extensions.delta.vrsni - 1.8.21.5
    FF - user.js: extensions.delta.vrsnTs - 1.8.21.516:06
    FF - user.js: extensions.delta.prtnrId - delta
    FF - user.js: extensions.delta.prdct - delta
    FF - user.js: extensions.delta.aflt - babsst
    FF - user.js: extensions.delta.smplGrp - none
    FF - user.js: extensions.delta.tlbrId - base
    FF - user.js: extensions.delta.instlRef - sst
    FF - user.js: extensions.delta.dfltLng - nl
    FF - user.js: extensions.delta.excTlbr - false
    FF - user.js: extensions.delta.ffxUnstlRst - true
    FF - user.js: extensions.delta.admin - false
    FF - user.js: extensions.delta_i.babTrack - affID=119842&tt=040713_ctrl&tsp=4935
    FF - user.js: extensions.delta_i.babExt -
    FF - user.js: extensions.delta_i.srcExt - ss
    FF - user.js: extensions.delta.autoRvrt - false
    FF - user.js: extensions.delta.rvrt - false
    FF - user.js: extensions.delta.newTab - false
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-07-08 21:10
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scannen van verborgen processen ...
    .
    scannen van verborgen autostart items ...
    .
    scannen van verborgen bestanden ...
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    --------------------- DLLs Geladen Onder Lopende Processen ---------------------
    .
    - - - - - - - > 'Explorer.exe'(3272)
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
    .
    ------------------------ Andere Aktieve Processen ------------------------
    .
    c:\windows\system32\nvvsvc.exe
    c:\program files\Microsoft Security Client\MsMpEng.exe
    c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
    c:\windows\system32\nvvsvc.exe
    c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
    c:\program files\Acer\Empowering Technology\Service\ETService.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
    c:\program files\CyberLink\Shared Files\RichVideo.exe
    c:\program files\Fighters\SPAMfighter\sfus.exe
    c:\program files\FS\Spyro Portal\FlashPortal.exe
    c:\program files\Fighters\FighterSuiteService.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\windows\System32\WUDFHost.exe
    c:\program files\NVIDIA Corporation\Display\nvtray.exe
    c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    c:\windows\servicing\TrustedInstaller.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\program files\Windows Media Player\wmpnetwk.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-07-08 21:16:15 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-07-08 19:16
    ComboFix2.txt 2013-07-07 14:25
    ComboFix3.txt 2013-07-07 12:43
    ComboFix4.txt 2013-07-01 10:53
    ComboFix5.txt 2013-07-08 18:59
    .
    Pre-Run: 187.683.246.080 bytes beschikbaar
    Post-Run: 187.533.717.504 bytes beschikbaar
    .
    - - End Of File - - 1B134760262ADA8B8BD9CA47E59332AB
    5C616939100B85E558DA92B899A0FC36

  • #2
    Voer een scan uit met ADWcleaner: http://users.telenet.be/marcvn/spyware/adwcleaner.html
    Kies de optie verwijderen. Post het logje dat je krijgt.

    Daarna voer je deze instructies uit: http://www.nucia.eu/forum/threads/12...ericht-plaatst!

    Comment


    • #3
      # AdwCleaner v2.304 - Verslag gemaakt op 09/07/2013 om 20:36:28
      # Geactualiseerd op 03/07/2013 door Xplode
      # Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
      # Gebruiker : sjors - PC_VAN_SJORS
      # Opstarten Modus : Normale modus
      # Gelanceerd vanaf : C:\Users\sjors\Desktop\adwcleaner.exe
      # Optie [Zoeken]


      ***** [Diensten] *****


      ***** [Files / Mappen] *****

      File Aanwezig : C:\user.js
      File Aanwezig : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\searchplugins\Askcom.xml
      File Aanwezig : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\searchplugins\softonic.xml
      Map Aanwezig : C:\Program Files\Conduit
      Map Aanwezig : C:\ProgramData\Ask
      Map Aanwezig : C:\ProgramData\InstallMate
      Map Aanwezig : C:\ProgramData\Premium
      Map Aanwezig : C:\ProgramData\Tarma Installer
      Map Aanwezig : C:\ProgramData\Trymedia
      Map Aanwezig : C:\Users\Admin\AppData\Local\AskToolbar
      Map Aanwezig : C:\Users\sjors\AppData\LocalLow\Conduit
      Map Aanwezig : C:\Users\sjors\AppData\LocalLow\Delta
      Map Aanwezig : C:\Users\sjors\AppData\LocalLow\PriceGong
      Map Aanwezig : C:\Users\sjors\AppData\LocalLow\Softonic
      Map Aanwezig : C:\Users\sjors\AppData\LocalLow\Toolbar4
      Map Aanwezig : C:\Users\sjors\AppData\Roaming\DSite
      Map Aanwezig : C:\Users\sjors\AppData\Roaming\dvdvideosoftiehelpers
      Map Aanwezig : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\extensions\[email protected] c.com
      Map Aanwezig : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\extensions\[email protected] e.com
      Map Aanwezig : C:\Users\sjors\AppData\Roaming\Yontoo
      Map Aanwezig : C:\Users\UpdatusUser\AppData\Local\AskToolbar

      ***** [Register] *****

      Sleutel Aanwezig : HKCU\Software\52e8fdfbd3ee943
      Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Conduit
      Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
      Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\Crossrider
      Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
      Sleutel Aanwezig : HKCU\Software\AppDataLow\Software\PriceGong
      Sleutel Aanwezig : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
      Sleutel Aanwezig : HKCU\Software\InstallCore
      Sleutel Aanwezig : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
      Sleutel Aanwezig : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
      Sleutel Aanwezig : HKCU\Software\Softonic
      Sleutel Aanwezig : HKCU\Software\YahooPartnerToolbar
      Sleutel Aanwezig : HKLM\SOFTWARE\52e8fdfbd3ee943
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\secman.DLL
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Conduit.Engine
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CShared.TB4Client
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CShared.TB4Script
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\CShared.TB4Server
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Prod.cap
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbTask
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar.CT2088433
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar.CT2102399
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar.CT3241951
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
      Sleutel Aanwezig : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
      Sleutel Aanwezig : HKLM\Software\Conduit
      Sleutel Aanwezig : HKLM\Software\MapsGalaxy_39
      Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
      Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
      Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
      Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
      Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
      Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e88eef8d3bd97a0e2adfbd82b851ae56
      Sleutel Aanwezig : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f718263908f75fedcd88a357d66a7f15
      Sleutel Aanwezig : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
      Sleutel Aanwezig : HKLM\Software\TENCENT
      Sleutel Aanwezig : HKU\S-1-5-21-1144702918-1483003687-1277630341-1000\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}

      ***** [Browsers] *****

      -\\ Internet Explorer v9.0.8112.16490

      [OK] Het register bevat geen enkele ongeoorloofde invoer.

      -\\ Mozilla Firefox v16.0.1 (en-US)

      File : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\prefs.js

      Aanwezig : user_pref("extensions.BabylonToolbar.admin", false);
      Aanwezig : user_pref("extensions.BabylonToolbar.aflt", "babsst");
      Aanwezig : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
      Aanwezig : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
      Aanwezig : user_pref("extensions.BabylonToolbar.dfltLng", "en");
      Aanwezig : user_pref("extensions.BabylonToolbar.excTlbr", false);
      Aanwezig : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
      Aanwezig : user_pref("extensions.BabylonToolbar.id", "98a6925200000000000000251117fcb0");
      Aanwezig : user_pref("extensions.BabylonToolbar.instlDay", "15752");
      Aanwezig : user_pref("extensions.BabylonToolbar.instlRef", "sst");
      Aanwezig : user_pref("extensions.BabylonToolbar.newTab", false);
      Aanwezig : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
      Aanwezig : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
      Aanwezig : user_pref("extensions.BabylonToolbar.rvrt", "false");
      Aanwezig : user_pref("extensions.BabylonToolbar.smplGrp", "none");
      Aanwezig : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
      Aanwezig : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=
      Aanwezig : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
      Aanwezig : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1014:57:31");
      Aanwezig : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
      Aanwezig : user_pref("extensions.BabylonToolbar_i.babExt", "");
      Aanwezig : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849");
      Aanwezig : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
      Aanwezig : user_pref("extensions.Softonic.admin", false);
      Aanwezig : user_pref("extensions.Softonic.aflt", "SD");
      Aanwezig : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
      Aanwezig : user_pref("extensions.Softonic.autoRvrt", "false");
      Aanwezig : user_pref("extensions.Softonic.cntry", "NL");
      Aanwezig : user_pref("extensions.Softonic.dfltLng", "");
      Aanwezig : user_pref("extensions.Softonic.dfltSrch", true);
      Aanwezig : user_pref("extensions.Softonic.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,60371
      Aanwezig : user_pref("extensions.Softonic.dspFFXOld", "");
      Aanwezig : user_pref("extensions.Softonic.excTlbr", false);
      Aanwezig : user_pref("extensions.Softonic.hdrMd5", "51D521CEB4110E1BE1C076FF8CF7C385");
      Aanwezig : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=13&
      Aanwezig : user_pref("extensions.Softonic.hpOld0", "");
      Aanwezig : user_pref("extensions.Softonic.id", "98a6925200000000000000251117fcb0");
      Aanwezig : user_pref("extensions.Softonic.instlDay", "15752");
      Aanwezig : user_pref("extensions.Softonic.instlRef", "MOY00011");
      Aanwezig : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc
      Aanwezig : user_pref("extensions.Softonic.lastVrsnTs", "");
      Aanwezig : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=1
      Aanwezig : user_pref("extensions.Softonic.pnu_BASEirobinhoodActive", "{\"newVrsn\":\"44\",\"lastVrsn\":\"44\",\
      Aanwezig : user_pref("extensions.Softonic.prdct", "Softonic");
      Aanwezig : user_pref("extensions.Softonic.prtnrId", "softonic");
      Aanwezig : user_pref("extensions.Softonic.rvrt", "true");
      Aanwezig : user_pref("extensions.Softonic.sg", "{smplGrp}");
      Aanwezig : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
      Aanwezig : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
      Aanwezig : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource
      Aanwezig : user_pref("extensions.Softonic.vrsn", "1.8.8.11");
      Aanwezig : user_pref("extensions.Softonic.vrsni", "1.8.8.11");
      Aanwezig : user_pref("extensions.Softonic_i.dnsErr", true);
      Aanwezig : user_pref("extensions.Softonic_i.excTlbr", false);
      Aanwezig : user_pref("extensions.Softonic_i.hmpg", true);
      Aanwezig : user_pref("extensions.Softonic_i.newTab", true);
      Aanwezig : user_pref("extensions.Softonic_i.smplGrp", "none");
      Aanwezig : user_pref("extensions.Softonic_i.vrsnTs", "1.8.8.1114:57:16");
      Aanwezig : user_pref("extensions.delta.admin", false);
      Aanwezig : user_pref("extensions.delta.aflt", "babsst");
      Aanwezig : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
      Aanwezig : user_pref("extensions.delta.autoRvrt", "false");
      Aanwezig : user_pref("extensions.delta.dfltLng", "en");
      Aanwezig : user_pref("extensions.delta.excTlbr", false);
      Aanwezig : user_pref("extensions.delta.ffxUnstlRst", true);
      Aanwezig : user_pref("extensions.delta.id", "98a6925200000000000000251117fcb0");
      Aanwezig : user_pref("extensions.delta.instlDay", "15862");
      Aanwezig : user_pref("extensions.delta.instlRef", "sst");
      Aanwezig : user_pref("extensions.delta.newTab", false);
      Aanwezig : user_pref("extensions.delta.prdct", "delta");
      Aanwezig : user_pref("extensions.delta.prtnrId", "delta");
      Aanwezig : user_pref("extensions.delta.rvrt", "false");
      Aanwezig : user_pref("extensions.delta.smplGrp", "none");
      Aanwezig : user_pref("extensions.delta.tlbrId", "base");
      Aanwezig : user_pref("extensions.delta.tlbrSrchUrl", "");
      Aanwezig : user_pref("extensions.delta.vrsn", "1.8.21.5");
      Aanwezig : user_pref("extensions.delta.vrsnTs", "1.8.21.519:43:19");
      Aanwezig : user_pref("extensions.delta.vrsni", "1.8.21.5");
      Aanwezig : user_pref("extensions.delta_i.babExt", "");
      Aanwezig : user_pref("extensions.delta_i.babTrack", "affID=119357");
      Aanwezig : user_pref("extensions.delta_i.srcExt", "ss");
      Aanwezig : user_pref("extensions.enabledAddons", "[email protected]:1.6.0,{972ce4c6-7e08-4474-a285-3208198c
      Aanwezig : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
      Aanwezig : user_pref("extentions.y2layers.installId", "7d807ce2-19fd-41b6-aa9f-bdbad7061308");

      -\\ Google Chrome v27.0.1453.116

      File : C:\Users\sjors\AppData\Local\Google\Chrome\User Data\Default\Preferences

      Aanwezig [l.36] : icon_url = "hxxp://www.babylon.com/favicon.ico",
      Aanwezig [l.39] : keyword = "babylon.com",
      Aanwezig [l.43] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=119357&babsrc=SP_ss_din2g&mntrId=98A600251117FCB0",
      Aanwezig [l.2276] : homepage = "hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_din2g&mntrId=98A600251117FCB0",
      Aanwezig [l.2973] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_din2g&mntrId=98A600251117FCB0", "hxxp://www.delta-search.com/?affID=119357&babsrc=HP_ss&mntrId=98A600251117FCB0" ]

      *************************

      AdwCleaner[R1].txt - [17501 octets] - [09/07/2013 20:36:28]

      ########## EOF - C:\AdwCleaner[R1].txt - [17562 octets] ##########

      Comment


      • #4
        Dit logje kreeg ik na het verwijderen:

        # AdwCleaner v2.304 - Verslag gemaakt op 09/07/2013 om 20:46:12
        # Geactualiseerd op 03/07/2013 door Xplode
        # Besturingssysteem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
        # Gebruiker : sjors - PC_VAN_SJORS
        # Opstarten Modus : Normale modus
        # Gelanceerd vanaf : C:\Users\sjors\Desktop\adwcleaner.exe
        # Optie [Verwijderen]


        ***** [Diensten] *****


        ***** [Files / Mappen] *****

        File Verwijderd : C:\user.js
        File Verwijderd : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\searchplugins\Askcom.xml
        File Verwijderd : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\searchplugins\softonic.xml
        Map Verwijderd : C:\Users\Admin\AppData\Local\AskToolbar
        Map Verwijderd : C:\Users\sjors\AppData\LocalLow\Toolbar4
        Map Verwijderd : C:\Users\sjors\AppData\Roaming\DSite
        Map Verwijderd : C:\Users\sjors\AppData\Roaming\dvdvideosoftiehelpers
        Map Verwijderd : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\extensions\[email protected] c.com
        Map Verwijderd : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\extensions\[email protected] e.com
        Map Verwijderd : C:\Users\sjors\AppData\Roaming\Yontoo
        Map Verwijderd : C:\Users\UpdatusUser\AppData\Local\AskToolbar

        ***** [Register] *****

        Sleutel Verwijderd : HKCU\Software\52e8fdfbd3ee943
        Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Conduit
        Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
        Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\Crossrider
        Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
        Sleutel Verwijderd : HKCU\Software\AppDataLow\Software\PriceGong
        Sleutel Verwijderd : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
        Sleutel Verwijderd : HKCU\Software\InstallCore
        Sleutel Verwijderd : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Giant Savings
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
        Sleutel Verwijderd : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
        Sleutel Verwijderd : HKCU\Software\Softonic
        Sleutel Verwijderd : HKCU\Software\YahooPartnerToolbar
        Sleutel Verwijderd : HKLM\SOFTWARE\52e8fdfbd3ee943
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\secman.DLL
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Conduit.Engine
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CShared.TB4Client
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CShared.TB4Script
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\CShared.TB4Server
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Prod.cap
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbTask
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2088433
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2102399
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT2611275
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar.CT3241951
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
        Sleutel Verwijderd : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
        Sleutel Verwijderd : HKLM\Software\Conduit
        Sleutel Verwijderd : HKLM\Software\MapsGalaxy_39
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{AF6B0594-6008-4327-93E5-608AD710A6FA}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e88eef8d3bd97a0e2adfbd82b851ae56
        Sleutel Verwijderd : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\f718263908f75fedcd88a357d66a7f15
        Sleutel Verwijderd : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
        Sleutel Verwijderd : HKLM\Software\TENCENT

        ***** [Browsers] *****

        -\\ Internet Explorer v9.0.8112.16490

        [OK] Het register bevat geen enkele ongeoorloofde invoer.

        -\\ Mozilla Firefox v16.0.1 (en-US)

        File : C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\prefs.js

        C:\Users\sjors\AppData\Roaming\Mozilla\Firefox\Profiles\4y6w0ren.default\user.js ... Verwijderd !

        Verwijderd : user_pref("extensions.BabylonToolbar.admin", false);
        Verwijderd : user_pref("extensions.BabylonToolbar.aflt", "babsst");
        Verwijderd : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
        Verwijderd : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
        Verwijderd : user_pref("extensions.BabylonToolbar.dfltLng", "en");
        Verwijderd : user_pref("extensions.BabylonToolbar.excTlbr", false);
        Verwijderd : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
        Verwijderd : user_pref("extensions.BabylonToolbar.id", "98a6925200000000000000251117fcb0");
        Verwijderd : user_pref("extensions.BabylonToolbar.instlDay", "15752");
        Verwijderd : user_pref("extensions.BabylonToolbar.instlRef", "sst");
        Verwijderd : user_pref("extensions.BabylonToolbar.newTab", false);
        Verwijderd : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
        Verwijderd : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
        Verwijderd : user_pref("extensions.BabylonToolbar.rvrt", "false");
        Verwijderd : user_pref("extensions.BabylonToolbar.smplGrp", "none");
        Verwijderd : user_pref("extensions.BabylonToolbar.tlbrId", "uninst");
        Verwijderd : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=
        Verwijderd : user_pref("extensions.BabylonToolbar.vrsn", "1.8.11.10");
        Verwijderd : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.11.1014:57:31");
        Verwijderd : user_pref("extensions.BabylonToolbar.vrsni", "1.8.11.10");
        Verwijderd : user_pref("extensions.BabylonToolbar_i.babExt", "");
        Verwijderd : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=119849");
        Verwijderd : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
        Verwijderd : user_pref("extensions.Softonic.admin", false);
        Verwijderd : user_pref("extensions.Softonic.aflt", "SD");
        Verwijderd : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
        Verwijderd : user_pref("extensions.Softonic.autoRvrt", "false");
        Verwijderd : user_pref("extensions.Softonic.cntry", "NL");
        Verwijderd : user_pref("extensions.Softonic.dfltLng", "");
        Verwijderd : user_pref("extensions.Softonic.dfltSrch", true);
        Verwijderd : user_pref("extensions.Softonic.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,60371
        Verwijderd : user_pref("extensions.Softonic.dspFFXOld", "");
        Verwijderd : user_pref("extensions.Softonic.excTlbr", false);
        Verwijderd : user_pref("extensions.Softonic.hdrMd5", "51D521CEB4110E1BE1C076FF8CF7C385");
        Verwijderd : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=13&
        Verwijderd : user_pref("extensions.Softonic.hpOld0", "");
        Verwijderd : user_pref("extensions.Softonic.id", "98a6925200000000000000251117fcb0");
        Verwijderd : user_pref("extensions.Softonic.instlDay", "15752");
        Verwijderd : user_pref("extensions.Softonic.instlRef", "MOY00011");
        Verwijderd : user_pref("extensions.Softonic.kw_url", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=2&cc
        Verwijderd : user_pref("extensions.Softonic.lastVrsnTs", "");
        Verwijderd : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource=1
        Verwijderd : user_pref("extensions.Softonic.pnu_BASEirobinhoodActive", "{\"newVrsn\":\"44\",\"lastVrsn\":\"44\",\
        Verwijderd : user_pref("extensions.Softonic.prdct", "Softonic");
        Verwijderd : user_pref("extensions.Softonic.prtnrId", "softonic");
        Verwijderd : user_pref("extensions.Softonic.rvrt", "true");
        Verwijderd : user_pref("extensions.Softonic.sg", "{smplGrp}");
        Verwijderd : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
        Verwijderd : user_pref("extensions.Softonic.tlbrId", "BASEirobinhoodActive");
        Verwijderd : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00011/tb_v1?SearchSource
        Verwijderd : user_pref("extensions.Softonic.vrsn", "1.8.8.11");
        Verwijderd : user_pref("extensions.Softonic.vrsni", "1.8.8.11");
        Verwijderd : user_pref("extensions.Softonic_i.dnsErr", true);
        Verwijderd : user_pref("extensions.Softonic_i.excTlbr", false);
        Verwijderd : user_pref("extensions.Softonic_i.hmpg", true);
        Verwijderd : user_pref("extensions.Softonic_i.newTab", true);
        Verwijderd : user_pref("extensions.Softonic_i.smplGrp", "none");
        Verwijderd : user_pref("extensions.Softonic_i.vrsnTs", "1.8.8.1114:57:16");
        Verwijderd : user_pref("extensions.delta.admin", false);
        Verwijderd : user_pref("extensions.delta.aflt", "babsst");
        Verwijderd : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
        Verwijderd : user_pref("extensions.delta.autoRvrt", "false");
        Verwijderd : user_pref("extensions.delta.dfltLng", "en");
        Verwijderd : user_pref("extensions.delta.excTlbr", false);
        Verwijderd : user_pref("extensions.delta.ffxUnstlRst", true);
        Verwijderd : user_pref("extensions.delta.id", "98a6925200000000000000251117fcb0");
        Verwijderd : user_pref("extensions.delta.instlDay", "15862");
        Verwijderd : user_pref("extensions.delta.instlRef", "sst");
        Verwijderd : user_pref("extensions.delta.newTab", false);
        Verwijderd : user_pref("extensions.delta.prdct", "delta");
        Verwijderd : user_pref("extensions.delta.prtnrId", "delta");
        Verwijderd : user_pref("extensions.delta.rvrt", "false");
        Verwijderd : user_pref("extensions.delta.smplGrp", "none");
        Verwijderd : user_pref("extensions.delta.tlbrId", "base");
        Verwijderd : user_pref("extensions.delta.tlbrSrchUrl", "");
        Verwijderd : user_pref("extensions.delta.vrsn", "1.8.21.5");
        Verwijderd : user_pref("extensions.delta.vrsnTs", "1.8.21.519:43:19");
        Verwijderd : user_pref("extensions.delta.vrsni", "1.8.21.5");
        Verwijderd : user_pref("extensions.delta_i.babExt", "");
        Verwijderd : user_pref("extensions.delta_i.babTrack", "affID=119357");
        Verwijderd : user_pref("extensions.delta_i.srcExt", "ss");
        Verwijderd : user_pref("extensions.enabledAddons", "[email protected]:1.6.0,{972ce4c6-7e08-4474-a285-3208198c
        Verwijderd : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
        Verwijderd : user_pref("extentions.y2layers.installId", "7d807ce2-19fd-41b6-aa9f-bdbad7061308");

        -\\ Google Chrome v27.0.1453.116

        File : C:\Users\sjors\AppData\Local\Google\Chrome\User Data\Default\Preferences

        Verwijderd [l.36] : icon_url = "hxxp://www.babylon.com/favicon.ico",
        Verwijderd [l.39] : keyword = "babylon.com",
        Verwijderd [l.43] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=119357&babsrc=SP_ss_din2g&mntr
        Verwijderd [l.2276] : homepage = "hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_din2g&mntrId=98A600251117FCB0",
        Verwijderd [l.2973] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=119357&babsrc=HP_ss_din2g&mn

        *************************

        AdwCleaner[R1].txt - [17632 octets] - [09/07/2013 20:36:28]
        AdwCleaner[S1].txt - [407 octets] - [09/07/2013 20:44:51]
        AdwCleaner[S2].txt - [17382 octets] - [09/07/2013 20:46:12]

        ########## EOF - C:\AdwCleaner[S2].txt - [17443 octets] ##########

        Comment


        • #5
          Voer je de rest van de instructies ook nog uit? Of zeg je ik hou er me op, het probleem is opgelost?

          Comment


          • #6
            Malwarebytes Anti-Malware 1.75.0.1300
            www.malwarebytes.org

            Databaseversie: v2013.07.11.05

            Windows Vista Service Pack 2 x86 NTFS
            Internet Explorer 9.0.8112.16421
            sjors :: PC_VAN_SJORS [administrator]

            11-7-2013 19:09:18
            mbam-log-2013-07-11 (19-09-18).txt

            Scan type: Snelle scan
            Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
            Uitgeschakelde scan opties: P2P
            Objecten gescand: 263342
            Verstreken tijd: 11 minuut/minuten, 35 seconde(n)

            Geheugenprocessen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Geheugenmodulen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registersleutels gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerwaarden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Registerdata gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Mappen gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            Bestanden gedetecteerd: 0
            (Geen kwaadaardige objecten gedetecteerd)

            (einde)

            Comment


            • #7
              Malwarebytes Anti-Malware 1.75.0.1300
              www.malwarebytes.org

              Databaseversie: v2013.07.11.05

              Windows Vista Service Pack 2 x86 NTFS
              Internet Explorer 9.0.8112.16421
              sjors :: PC_VAN_SJORS [administrator]

              11-7-2013 19:09:18
              mbam-log-2013-07-11 (19-09-18).txt

              Scan type: Snelle scan
              Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
              Uitgeschakelde scan opties: P2P
              Objecten gescand: 263342
              Verstreken tijd: 11 minuut/minuten, 35 seconde(n)

              Geheugenprocessen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Geheugenmodulen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registersleutels gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registerwaarden gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registerdata gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Mappen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Bestanden gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              (einde)

              Comment


              • #8
                GMER 2.1.19163 - http://www.gmer.net
                Rootkit scan 2013-07-11 19:55:32
                Windows 6.0.6002 Service Pack 2 \Device\Harddisk0\DR0 -> \Device\0000005b WDC_WD64 rev.01.0 596,17GB
                Running: 2y96sh9c.exe; Driver: C:\Users\sjors\AppData\Local\Temp\kgldypob.sys


                ---- System - GMER 2.1 ----

                INT 0x01 \??\C:\Users\sjors\AppData\Local\Temp\mbr.sys A4141C42

                ---- Kernel code sections - GMER 2.1 ----

                ? C:\Users\sjors\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

                ---- User code sections - GMER 2.1 ----

                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!EnableWindow 7737CD8B 5 Bytes JMP 6C9D9EBC C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!DialogBoxParamW 773A10B0 5 Bytes JMP 6C93189B C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!DialogBoxIndirectParamW 773A2EF5 5 Bytes JMP 6CB291B6 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!DialogBoxParamA 773B8152 5 Bytes JMP 6CB29151 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!DialogBoxIndirectParamA 773B847D 5 Bytes JMP 6CB2921B C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!MessageBoxIndirectA 773CD4D9 5 Bytes JMP 6CB290D8 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!MessageBoxIndirectW 773CD5D3 5 Bytes JMP 6CB2905F C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!MessageBoxExA 773CD639 5 Bytes JMP 6CB28FFB C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[1304] USER32.dll!MessageBoxExW 773CD65D 5 Bytes JMP 6CB28F97 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[3680] kernel32.dll!SetUnhandledExceptionFilter 75D2A8B5 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
                .text C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[4084] ntdll.dll!DbgBreakPoint 771F878E 1 Byte [C3]
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] kernel32.dll!CreateThread 75D4CB0E 5 Bytes JMP 6C9975E3 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogParamW 773772A2 5 Bytes JMP 6CB29520 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!GetAsyncKeyState 7737863C 5 Bytes JMP 6C97DECD C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SetWindowsHookExW 773787AD 5 Bytes JMP 6C9D25B4 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CallNextHookEx 77378E3B 5 Bytes JMP 6C9F7FF1 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!UnhookWindowsHookEx 773798DB 5 Bytes JMP 6CA1ED14 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!EnableWindow 7737CD8B 5 Bytes JMP 6C9D9EBC C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DefWindowProcA 7737DB88 7 Bytes JMP 6C99980D C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateWindowExA 7737DC2A 5 Bytes JMP 6C9A3643 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateWindowExW 77381305 5 Bytes JMP 6CA003DF C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!GetKeyState 77388CB1 5 Bytes JMP 6C97DDA7 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DefWindowProcW 773903B4 7 Bytes JMP 6C9F8054 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!IsDialogMessageW 77390745 5 Bytes JMP 6CB29C7A C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogParamA 773917AA 5 Bytes JMP 6CB294E8 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!IsDialogMessage 77391847 5 Bytes JMP 6CB29C52 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogIndirectParamA 773926F1 5 Bytes JMP 6CB29558 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!CreateDialogIndirectParamW 77399A62 5 Bytes JMP 6CB29590 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SetKeyboardState 773A0987 5 Bytes JMP 6CB2A571 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxParamW 773A10B0 5 Bytes JMP 6C93189B C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxIndirectParamW 773A2EF5 5 Bytes JMP 6CB291B6 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SendInput 773A2F75 5 Bytes JMP 6CB2A519 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!EndDialog 773A326E 5 Bytes JMP 6CB29F26 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!SetCursorPos 773B6FB2 5 Bytes JMP 6CB2A5F2 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxParamA 773B8152 5 Bytes JMP 6CB29151 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!DialogBoxIndirectParamA 773B847D 5 Bytes JMP 6CB2921B C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxIndirectA 773CD4D9 5 Bytes JMP 6CB290D8 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxIndirectW 773CD5D3 5 Bytes JMP 6CB2905F C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxExA 773CD639 5 Bytes JMP 6CB28FFB C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!MessageBoxExW 773CD65D 5 Bytes JMP 6CB28F97 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] USER32.dll!keybd_event 773CD972 5 Bytes JMP 6CB2A4D6 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] SHELL32.dll!SHRestricted + D95 760489A8 4 Bytes [CF, 01, 7A, 58] {IRET ; ADD [EDX+0x58], EDI}
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] SHELL32.dll!SHRestricted + D9D 760489B0 8 Bytes [E0, 61, 79, 58, 79, F7, 79, ...] {LOOPNZ 0x63; JNS 0x5c; JNS 0xfffffffd; JNS 0x60}
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] ole32.dll!OleLoadFromStream 77081E80 1 Byte [E9]
                .text C:\Program Files\Internet Explorer\iexplore.exe[4604] ole32.dll!OleLoadFromStream 77081E80 5 Bytes JMP 6CB29984 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] kernel32.dll!CreateThread 75D4CB0E 5 Bytes JMP 6C9975E3 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateDialogParamW 773772A2 5 Bytes JMP 6CB29520 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!GetAsyncKeyState 7737863C 5 Bytes JMP 6C97DECD C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetWindowsHookExW 773787AD 5 Bytes JMP 6C9D25B4 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CallNextHookEx 77378E3B 5 Bytes JMP 6C9F7FF1 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!UnhookWindowsHookEx 773798DB 5 Bytes JMP 6CA1ED14 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!EnableWindow 7737CD8B 5 Bytes JMP 6C9D9EBC C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DefWindowProcA 7737DB88 7 Bytes JMP 6C99980D C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateWindowExA 7737DC2A 5 Bytes JMP 6C9A3643 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateWindowExW 77381305 5 Bytes JMP 6CA003DF C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!GetKeyState 77388CB1 5 Bytes JMP 6C97DDA7 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DefWindowProcW 773903B4 7 Bytes JMP 6C9F8054 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!IsDialogMessageW 77390745 5 Bytes JMP 6CB29C7A C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateDialogParamA 773917AA 5 Bytes JMP 6CB294E8 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!IsDialogMessage 77391847 5 Bytes JMP 6CB29C52 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateDialogIndirectParamA 773926F1 5 Bytes JMP 6CB29558 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!CreateDialogIndirectParamW 77399A62 5 Bytes JMP 6CB29590 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetKeyboardState 773A0987 5 Bytes JMP 6CB2A571 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamW 773A10B0 5 Bytes JMP 6C93189B C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamW 773A2EF5 5 Bytes JMP 6CB291B6 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SendInput 773A2F75 5 Bytes JMP 6CB2A519 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!EndDialog 773A326E 5 Bytes JMP 6CB29F26 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!SetCursorPos 773B6FB2 5 Bytes JMP 6CB2A5F2 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxParamA 773B8152 5 Bytes JMP 6CB29151 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!DialogBoxIndirectParamA 773B847D 5 Bytes JMP 6CB2921B C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectA 773CD4D9 5 Bytes JMP 6CB290D8 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxIndirectW 773CD5D3 5 Bytes JMP 6CB2905F C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExA 773CD639 5 Bytes JMP 6CB28FFB C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!MessageBoxExW 773CD65D 5 Bytes JMP 6CB28F97 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] USER32.dll!keybd_event 773CD972 5 Bytes JMP 6CB2A4D6 C:\Windows\system32\IEFRAME.dll
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] SHELL32.dll!SHRestricted + D95 760489A8 4 Bytes [CF, 01, 7A, 58] {IRET ; ADD [EDX+0x58], EDI}
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] SHELL32.dll!SHRestricted + D9D 760489B0 8 Bytes [E0, 61, 79, 58, 79, F7, 79, ...] {LOOPNZ 0x63; JNS 0x5c; JNS 0xfffffffd; JNS 0x60}
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!OleLoadFromStream 77081E80 1 Byte [E9]
                .text C:\Program Files\Internet Explorer\iexplore.exe[5452] ole32.dll!OleLoadFromStream 77081E80 5 Bytes JMP 6CB29984 C:\Windows\system32\IEFRAME.dll

                ---- User IAT/EAT - GMER 2.1 ----

                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [740C7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7410B4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [740CBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [740BF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [740C75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [740BE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [740F73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [740CDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [740BFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [740BFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [740B71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7414CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [740EC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [740BD968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [740B6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [740B687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll
                IAT C:\Windows\Explorer.EXE[1512] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [740C2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d 0\gdiplus.dll

                ---- EOF - GMER 2.1 ----

                Comment


                • #9
                  Post je ook nog even de log van DDS?

                  Zijn er nog problemen?

                  Comment


                  • #10
                    Hier het logje van de DDS, er zijn geen problemen meer Top!!!

                    DDS (Ver_2012-11-20.01) - NTFS_x86
                    Internet Explorer: 9.0.8112.16490 BrowserJavaVersion: 10.21.2
                    Run by sjors at 19:25:08 on 2013-07-11
                    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2815.1518 [GMT 2:00]
                    .
                    AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
                    SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
                    .
                    ============== Running Processes ================
                    .
                    C:\Windows\system32\wininit.exe
                    C:\Windows\system32\lsm.exe
                    C:\Windows\system32\nvvsvc.exe
                    C:\Program Files\Microsoft Security Client\MsMpEng.exe
                    C:\Windows\system32\SLsvc.exe
                    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
                    C:\Windows\system32\nvvsvc.exe
                    C:\Windows\System32\spoolsv.exe
                    C:\Windows\system32\Dwm.exe
                    C:\Windows\system32\taskeng.exe
                    C:\Windows\system32\taskeng.exe
                    C:\Windows\Explorer.EXE
                    C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
                    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
                    C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
                    C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
                    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
                    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
                    C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
                    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
                    C:\Program Files\Fighters\SPAMfighter\sfus.exe
                    C:\Program Files\FS\Spyro Portal\FlashPortal.exe
                    C:\Program Files\Fighters\FighterSuiteService.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
                    C:\Windows\system32\SearchIndexer.exe
                    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
                    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
                    C:\Program Files\Microsoft Security Client\NisSrv.exe
                    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
                    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
                    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
                    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
                    C:\Program Files\Fighters\Tray\FightersTray.exe
                    C:\Program Files\Windows Media Player\wmpnscfg.exe
                    C:\Program Files\Windows Media Player\wmpnetwk.exe
                    C:\Program Files\Fighters\SPAMfighter\sfagent.exe
                    C:\Program Files\Microsoft Security Client\msseces.exe
                    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
                    C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
                    C:\Program Files\Real\RealPlayer\Update\realsched.exe
                    C:\Program Files\Common Files\Java\Java Update\jusched.exe
                    C:\Windows\ehome\ehtray.exe
                    C:\Program Files\Picasa2\PicasaMediaDetector.exe
                    C:\Program Files\Samsung\Kies\Kies.exe
                    C:\Program Files\Samsung\Kies\KiesAirMessage.exe
                    C:\Program Files\Logitech\Logitech Vid\Vid.exe
                    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
                    C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
                    C:\Windows\ehome\ehmsas.exe
                    C:\Program Files\Windows Live\Mail\wlmail.exe
                    C:\Program Files\Windows Live\Contacts\wlcomm.exe
                    C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe
                    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
                    C:\Program Files\Internet Explorer\iexplore.exe
                    C:\Windows\system32\taskeng.exe
                    C:\Windows\system32\SearchProtocolHost.exe
                    C:\Windows\system32\SearchFilterHost.exe
                    C:\Windows\system32\conime.exe
                    C:\Windows\system32\wbem\wmiprvse.exe
                    C:\Windows\system32\svchost.exe -k DcomLaunch
                    C:\Windows\system32\svchost.exe -k rpcss
                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
                    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
                    C:\Windows\system32\svchost.exe -k netsvcs
                    C:\Windows\system32\svchost.exe -k GPSvcGroup
                    C:\Windows\system32\svchost.exe -k LocalService
                    C:\Windows\system32\svchost.exe -k NetworkService
                    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
                    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
                    C:\Windows\system32\svchost.exe -k imgsvc
                    C:\Windows\System32\svchost.exe -k WerSvcGroup
                    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
                    .
                    ============== Pseudo HJT Report ===============
                    .
                    uStart Page = hxxp://www.google.com/
                    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=1&o=vp32&d=0809&m=aspire_x1700
                    uSearchAssistant = hxxp://www.google.com/ie
                    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
                    dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
                    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
                    BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
                    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
                    BHO: ShowBarObj Class: {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
                    BHO: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - <orphaned>
                    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
                    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
                    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
                    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
                    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
                    TB: Acer eDataSecurity Management: {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
                    TB: AFAS Personal Bijwerk Assistent: {0DFC36E8-EAE8-484F-A89C-F565849A210F} -
                    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
                    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
                    uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
                    uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
                    uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
                    uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
                    uRun: [Logitech Vid] "c:\program files\logitech\logitech vid\vid.exe" -bootmode
                    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
                    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
                    uRun: c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
                    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
                    mRun: [CommonToolkitTray] c:\program files\fighters\tray\FightersTray.exe
                    mRun: [sfagent] c:\program files\fighters\spamfighter\sfagent.exe
                    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
                    mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
                    mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
                    mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
                    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
                    uPolicies-Explorer: NoDrives = dword:0
                    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
                    mPolicies-Explorer: NoDrives = dword:0
                    mPolicies-System: EnableUIADesktopToggle = dword:0
                    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
                    IE: Free YouTube Download - c:\users\sjors\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
                    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
                    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
                    .
                    INFO: HKCU has more than 50 listed domains.
                    If you wish to scan all of them, select the 'Force scan all domains' option.
                    .
                    .
                    INFO: HKLM has more than 50 listed domains.
                    If you wish to scan all of them, select the 'Force scan all domains' option.
                    .
                    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
                    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
                    DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
                    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
                    TCP: NameServer = 192.168.1.1
                    TCP: Interfaces\{F80BAE45-7967-41D8-BF88-9400F34C75D8} : DHCPNameServer = 192.168.1.1
                    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
                    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
                    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
                    .
                    ================= FIREFOX ===================
                    .
                    FF - ProfilePath - c:\users\sjors\appdata\roaming\mozilla\firefox\profiles\4y6w0ren.default\
                    FF - prefs.js: browser.startup.homepage -
                    .
                    ============= SERVICES / DRIVERS ===============
                    .
                    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
                    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\acer arcade live\acer homemedia connect\kernel\dms\CLMSServer.exe [2008-10-27 269448]
                    R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-10-27 24576]
                    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
                    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-11 418376]
                    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-8 701512]
                    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 100328]
                    R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files\realnetworks\realdownloader\rndlresolversvc.exe [2012-11-29 38608]
                    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368]
                    R2 SPAMfighter Update Service;SPAMfighter Update Service;c:\program files\fighters\spamfighter\sfus.exe [2012-2-22 215688]
                    R2 SpyroService;Spyro Portal Service;c:\program files\fs\spyro portal\FlashPortal.exe [2011-9-9 48128]
                    R2 Suite Service;Suite Service;c:\program files\fighters\FighterSuiteService.exe [2012-1-23 1324680]
                    R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [2009-9-29 12160]
                    R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\drivers\lgbtbus.sys [2009-9-29 10496]
                    R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\drivers\lgvmodem.sys [2009-9-29 12928]
                    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-8 22856]
                    R3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2013-1-27 295232]
                    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
                    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-10-20 83168]
                    S3 e.dentifier2;SmartCard Reader ABN AMRO e.dentifier2;c:\windows\system32\drivers\aabed2.sys [2008-3-20 23040]
                    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-20 39272]
                    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
                    S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-8-25 30192]
                    S3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28.sys [2008-10-27 338432]
                    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-10-20 181344]
                    S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\drivers\ssudobex.sys [2012-10-20 181344]
                    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
                    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
                    .
                    =============== Created Last 30 ================
                    .
                    2013-07-11 17:03:49 712264 ----a-w- c:\windows\isRS-000.tmp
                    2013-07-11 16:31:17 -------- d-----w- c:\users\sjors\appdata\local\{4CD746B8-45EC-43E8-B6BA-9322785E9F23}
                    2013-07-10 17:41:37 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{5c94b1ee-132c-4602-8e01-863c0ae436b4}\mpengine.dll
                    2013-07-10 11:26:34 7068072 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
                    2013-07-10 08:39:33 -------- d-----w- c:\users\sjors\appdata\local\{FFDA3084-82CE-4157-A679-75DA71C02511}
                    2013-07-09 18:32:40 -------- d-----w- c:\users\sjors\appdata\local\{91E7AB0B-9334-4EDE-8C57-E37E2EDC4861}
                    2013-07-08 19:16:25 -------- d-----w- c:\users\sjors\appdata\local\temp
                    2013-07-08 19:10:03 -------- d-----w- C:\$RECYCLE.BIN
                    2013-07-07 17:07:39 -------- d-----w- c:\users\sjors\appdata\local\{C96C3FD3-26B5-4550-9395-9343DF53B3C0}
                    2013-07-06 14:06:03 -------- d-----w- c:\users\sjors\appdata\roaming\Open Download Manager
                    2013-07-06 14:05:32 -------- d-----w- c:\programdata\GorillaPrice
                    2013-07-06 07:52:44 -------- d-----w- c:\users\sjors\appdata\local\{E1F4F993-C7C4-41CF-9ACF-3A856676B89D}
                    2013-07-05 16:21:39 -------- d-----w- c:\users\sjors\appdata\local\{419C71E1-73CE-4D03-8B96-D6110767423B}
                    2013-07-04 19:16:43 -------- d-----w- c:\users\sjors\appdata\local\{F78BBA7F-20F1-4F18-99D1-03A10CAE53AE}
                    2013-07-03 18:22:46 -------- d-----w- c:\users\sjors\appdata\local\{3BC22FFC-8AC9-4C44-AC17-4A11AAC7E1AA}
                    2013-07-02 18:37:26 -------- d-----w- c:\users\sjors\appdata\local\{9EBA3065-37FE-43BA-8E75-5D8AE68CA6B9}
                    2013-07-01 09:08:49 -------- d-----w- c:\users\sjors\appdata\local\{E6258E99-AEF9-44DF-BBED-F6472C97C12A}
                    2013-06-29 10:05:24 -------- d-----w- c:\users\sjors\appdata\local\{1AF287BD-E14A-44EA-9BCD-E968F8ED9EA9}
                    2013-06-28 20:29:50 -------- d-----w- c:\users\sjors\appdata\local\{6FFF8FBA-BE01-4204-8148-26BB56251CB3}
                    2013-06-26 10:22:42 -------- d-----w- c:\users\sjors\appdata\local\{066C48E7-DC1D-43C3-B273-E5E8A252A45A}
                    2013-06-25 20:15:31 -------- d-----w- c:\users\sjors\appdata\local\{830F21EC-15EA-40B1-A1C1-EA768908538A}
                    2013-06-25 04:48:57 -------- d-----w- c:\users\sjors\appdata\local\{BA6B9977-0154-46FD-B5E7-2B0069A76BED}
                    2013-06-23 18:18:04 -------- d-----w- c:\users\sjors\appdata\local\{0249A61E-5E86-4278-89A4-A15444E32DE9}
                    2013-06-22 07:14:51 -------- d-----w- c:\users\sjors\appdata\local\{AA67326B-A1E2-4BEF-84E2-FD024F851F16}
                    2013-06-21 06:21:08 724464 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{039449ec-98bf-497b-a970-cddfe904d338}\gapaengine.dll
                    2013-06-20 18:51:38 -------- d-----w- c:\users\sjors\appdata\local\{2513DBC8-9AD3-4223-8559-0225CD88C131}
                    2013-06-19 21:32:42 -------- d-----w- c:\users\sjors\appdata\local\{ED8B2A58-139B-4F30-88BF-51092B90B9FA}
                    2013-06-17 17:28:08 -------- d-----w- c:\users\sjors\appdata\local\{76478AAF-BDEE-4779-8AD8-84E5BB178F1B}
                    2013-06-16 14:20:20 -------- d-----w- c:\users\sjors\appdata\local\{2B3F4010-5D2B-40E4-8141-5D39CFA1EB45}
                    2013-06-15 15:32:34 -------- d-----w- c:\users\sjors\appdata\local\Macromedia
                    2013-06-15 10:00:21 -------- d-----w- c:\users\sjors\appdata\local\{597AAAA8-1EC5-466F-A887-7CDE6116E87D}
                    2013-06-14 15:51:13 -------- d-----w- c:\users\sjors\appdata\local\{3E408609-5CA6-4EEE-9ABE-87C53DB8D5DA}
                    2013-06-12 19:03:50 825336 ----a-r- c:\users\sjors\appdata\roaming\microsoft\installer\{85d70219-700e-4728-a80d-c394def6247e}\TweetDeck.exe
                    2013-06-12 19:03:48 -------- d-----w- c:\program files\Twitter
                    2013-06-12 18:39:00 -------- d-----w- c:\users\sjors\appdata\local\{DE132151-30B4-49A2-BA7A-E4945300685B}
                    2013-06-12 06:16:06 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
                    2013-06-12 06:16:05 443904 ----a-w- c:\windows\system32\win32spl.dll
                    2013-06-12 06:16:05 37376 ----a-w- c:\windows\system32\printcom.dll
                    2013-06-12 06:16:05 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
                    2013-06-12 06:16:03 985600 ----a-w- c:\windows\system32\crypt32.dll
                    2013-06-12 06:16:03 98304 ----a-w- c:\windows\system32\cryptnet.dll
                    2013-06-12 06:16:03 812544 ----a-w- c:\windows\system32\certutil.exe
                    2013-06-12 06:16:03 133120 ----a-w- c:\windows\system32\cryptsvc.dll
                    2013-06-12 06:16:02 41984 ----a-w- c:\windows\system32\certenc.dll
                    2013-06-12 06:15:58 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
                    2013-06-12 06:15:57 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
                    2013-06-12 06:15:55 24576 ----a-w- c:\windows\system32\cryptdlg.dll
                    .
                    ==================== Find3M ====================
                    .
                    2013-06-12 18:29:12 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                    2013-06-12 18:29:12 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                    2013-05-16 22:39:39 1800704 ----a-w- c:\windows\system32\jscript9.dll
                    2013-05-16 22:28:26 1129472 ----a-w- c:\windows\system32\wininet.dll
                    2013-05-16 22:27:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
                    2013-05-16 22:21:37 142848 ----a-w- c:\windows\system32\ieUnatt.exe
                    2013-05-16 22:20:30 420864 ----a-w- c:\windows\system32\vbscript.dll
                    2013-05-16 22:16:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
                    2013-05-02 15:28:50 238872 ------w- c:\windows\system32\MpSigStub.exe
                    2013-04-15 14:20:04 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
                    2013-04-13 10:56:44 37376 ----a-w- c:\windows\system32\cdd.dll
                    .
                    ============= FINISH: 19:26:19,93 ===============

                    Comment


                    • #11
                      Mooi zo! Dan kunnen we afsluiten.

                      Deïnstalleer ComboFix. Ga naar "Start" - "Uitvoeren" en tik in: Combofix /Uninstall
                      (Let op de spatie tussen Combofix en /Uninstall)
                      Druk daarna op Enter.
                      Dit zal Combofix en ook alle gerelateerde mappen en bestanden verwijderen.

                      Voer de instructies uit die hier gegeven worden: De computer is malware-vrij, wat nu te doen?

                      Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
                      Lees ook dit artikel even door: Niets voor niets.

                      De status van deze thread zet ik op opgelost.
                      Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                      Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                      Happy surfing again.

                      Comment


                      • #12
                        Onwijs bedankt!

                        Comment


                        • #13
                          Graag gedaan.

                          Comment

                          Sorry, you are not authorized to view this page
                          Working...
                          X