ComboFix 12-04-12.01 - packard bell 13/04/2012 11:01:54.2.4 - x86 Gestart vanuit: C:\Users\packard bell\Desktop\ComboFix.exe gebruikte Opdracht switches :: C:\Users\packard bell\Desktop\CFScript.txt (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) C:\ipconfig.txt C:\Program Files\Mozilla Firefox\extensions\searchsettings@spigot.com C:\Windows\SwSys1.bmp C:\Windows\SwSys2.bmp ---- Voorgaande Run ------- C:\Program Files\Search Settings C:\Program Files\Search Settings\FF\chrome.manifest C:\Program Files\Search Settings\FF\chrome\content\plugin.js C:\Program Files\Search Settings\FF\chrome\content\plugin.xul C:\Program Files\Search Settings\FF\chrome\content\protection.js C:\Program Files\Search Settings\FF\chrome\content\utils.js C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd C:\Program Files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties C:\Program Files\Search Settings\FF\components\IFBHOSearch.xpt C:\Program Files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt C:\Program Files\Search Settings\FF\components\IFHelperPreferences.xpt C:\Program Files\Search Settings\FF\components\SearchSettingsFF.dll C:\Program Files\Search Settings\FF\install.rdf C:\Program Files\Search Settings\SearchSettings.exe C:\Program Files\Search Settings\SearchSettingsRes409.dll C:\ProgramData\9E8 C:\ProgramData\9E8\{EA8B1BC2-BCB6-489F-BBBD-6032EFF533CA}.swf C:\Users\packard bell\AppData\Local\Microsoft\Windows\Temporary Internet Files\ijjistarter_verinfo.dat C:\Users\packard bell\AppData\Roaming\.# C:\Windows\system32\tmpA8CF.tmp C:\Windows\system32\tmpA91E.tmp (((((((((((((((((((( Bestanden Gemaakt van 2012-03-13 to 2012-04-13 )))))))))))))))))))))))))))))) 2012-04-13 09:10:48 . 2012-04-13 09:10:53 -------- d-----w- C:\Users\packard bell\AppData\Local\temp 2012-04-13 09:10:48 . 2012-04-13 09:10:48 -------- d-----w- C:\Users\Default\AppData\Local\temp 2012-04-11 14:10:06 . 2011-12-10 13:24:06 20464 ----a-w- C:\Windows\system32\drivers\mbam.sys 2012-04-11 14:10:05 . 2012-04-11 14:10:11 -------- d-----w- C:\Program Files\Malwarebytes' Anti-Malware 2012-04-11 13:54:21 . 2011-10-07 03:48:07 6668624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AF1CE27F-5F68-4B2F-BE07-020785C54860}\mpengine.dll 2012-04-10 14:25:33 . 2012-04-10 14:25:33 388096 ----a-r- C:\Users\packard bell\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-04-10 14:25:30 . 2012-04-11 13:06:09 -------- d-----w- C:\Program Files\Trend Micro 2012-03-16 17:21:36 . 2011-10-27 08:01:53 3602816 ----a-w- C:\Windows\system32\ntkrnlpa.exe 2012-03-16 17:20:55 . 2011-11-17 06:48:37 440192 ----a-w- C:\Windows\system32\drivers\ksecdd.sys 2012-03-16 17:20:55 . 2011-11-16 16:23:44 377344 ----a-w- C:\Windows\system32\winhttp.dll 2012-03-16 17:20:55 . 2011-11-16 16:21:57 1259008 ----a-w- C:\Windows\system32\lsasrv.dll 2012-03-16 17:20:54 . 2011-11-16 16:23:08 72704 ----a-w- C:\Windows\system32\secur32.dll 2012-03-16 17:20:54 . 2011-11-16 14:12:25 9728 ----a-w- C:\Windows\system32\lsass.exe 2012-03-16 17:20:44 . 2011-11-08 14:42:19 2048 ----a-w- C:\Windows\system32\tzres.dll 2012-03-16 17:20:32 . 2012-02-14 15:45:30 219648 ----a-w- C:\Windows\system32\d3d10_1core.dll 2012-03-16 17:20:32 . 2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\system32\d3d10warp.dll 2012-03-16 17:20:32 . 2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\system32\DWrite.dll 2012-03-16 17:20:31 . 2012-02-14 15:45:30 160768 ----a-w- C:\Windows\system32\d3d10_1.dll 2012-03-16 17:20:31 . 2012-02-13 13:47:57 683008 ----a-w- C:\Windows\system32\d2d1.dll 2012-03-16 17:14:38 . 2012-01-31 10:59:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat 2012-03-16 17:12:33 . 2012-01-09 15:54:08 613376 ----a-w- C:\Windows\system32\rdpencom.dll 2012-03-16 17:12:33 . 2012-01-09 13:58:29 180736 ----a-w- C:\Windows\system32\drivers\rdpwd.sys . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) 2012-02-23 08:18:36 . 2009-10-04 15:00:56 237072 ----a-w- C:\Windows\system32\MpSigStub.exe 2009-03-11 17:20:24 . 2009-03-11 17:20:24 208384 ----a-w- C:\Program Files\mozilla firefox\plugins\uc_rohan_launching.dll 2011-11-06 18:36:27 . 2011-03-24 17:58:05 134104 ----a-w- C:\Program Files\mozilla firefox\components\browsercomps.dll 2010-07-25 08:41:55 . 2008-09-22 20:53:05 119808 ----a-w- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2009-04-10 21:28:04 1233920] "SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 13:32:34 1120568] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 21:33:10 125952] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-12 22:02:30 39408] "Nero MediaHome 4"="C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [BU] "uTorrent"="C:\Program Files\uTorrent\uTorrent.exe" [2011-05-25 12:22:35 399736] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16:20 357696] "Steam"="C:\Program Files\Steam\steam.exe" [2011-08-11 09:31:01 1242448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-11 09:53:22 4702208] "RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 10:40:22 232184] "Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-25 08:41:55 30192] "MSPService"="C:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe" [2007-06-12 22:36:04 102400] "Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 01:18:32 366400] "toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 16:20:56 28672] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:38 39792] "AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 00:29:02 47392] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-07-16 13:02:19 148888] "Malwarebytes Anti-Malware (reboot)"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-31 11:13:42 981680] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2010-04-12 08:40:16 180224] "Blubster"="C:\Program Files\Blubster\Blubster.exe" [BU] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2010-11-29 16:38:18 421888] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-03-07 14:33:40 421160] "CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 02:50:00 2516296] "CanonSolutionMenuEx"="C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 08:18:54 1185112] "Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-31 11:13:44 460872] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2623797113-1856624273-4240771959-1002] "EnableNotificationsRef"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache Inhoud van de 'Gedeelde Taken' map 2012-04-13 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 15:59:14 . 2010-02-08 15:59:03] 2012-04-13 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-08 15:59:14 . 2010-02-08 15:59:03] 2012-04-12 C:\Windows\Tasks\OGADaily.job - C:\Windows\system32\OGAVerify.exe [2008-12-31 15:04:42 . 2008-12-31 15:04:42] 2012-04-13 C:\Windows\Tasks\OGALogon.job - C:\Windows\system32\OGAVerify.exe [2008-12-31 15:04:42 . 2008-12-31 15:04:42] 2012-04-13 C:\Windows\Tasks\Recovery DVD Creator.job - C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2008-01-25 13:52:32 . 2006-11-21 16:34:38] 2012-04-13 C:\Windows\Tasks\Uitgebreide garantie.job - C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2008-01-25 13:52:32 . 2006-11-21 16:38:02] ------- Bijkomende Scan ------- uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xporteren naar Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - C:\Users\packard bell\AppData\Roaming\Mozilla\Firefox\Profiles\b4r7ml82.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Ask FF - prefs.js: browser.startup.homepage - hxxp://search.imesh.com/be/ FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q= - - - - ORPHANS VERWIJDERD - - - - WebBrowser-{47E161A0-F4BA-41DD-A17B-D2EB26AD6A02} - (no file)