ComboFix 12-09-20.01 - Eigenaar 20-09-2012 16:38:04.1.4 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3006.1665 [GMT 2:00] Gestart vanuit: c:\users\Eigenaar\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\BrowserCompanion c:\program files\BrowserCompanion\blabbers-ch.crx c:\program files\BrowserCompanion\blabbers-ff-full.xpi c:\program files\BrowserCompanion\jsloader.dll c:\program files\BrowserCompanion\logo.ico c:\program files\BrowserCompanion\tdataprotocol.dll c:\program files\BrowserCompanion\terms.lnk.url c:\program files\BrowserCompanion\toolbar.dll c:\program files\BrowserCompanion\uninstall.exe c:\program files\BrowserCompanion\updatebhoWin32.dll c:\program files\BrowserCompanion\updater.ini c:\program files\BrowserCompanion\widgetserv.exe c:\program files\DealPly c:\program files\DealPly\DealPly.crx c:\program files\DealPly\DealPlyIE.dll c:\program files\DealPly\DealPlyTune.dll c:\program files\DealPly\DealPlyUpdate.exe c:\program files\DealPly\DealPlyUpdate.log c:\program files\DealPly\DealPlyUpdateRun.exe c:\program files\DealPly\icon.ico c:\program files\DealPly\sqlite3.dll c:\program files\DealPly\uninst.exe c:\programdata\0tbpw.pad c:\users\Eigenaar\AppData\Local\Temp\ppcrlui_5272_2 c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Recent\www.belastingdienst.nl.url . . (((((((((((((((((((( Bestanden Gemaakt van 2012-08-20 to 2012-09-20 )))))))))))))))))))))))))))))) . . 2012-09-20 14:44 . 2012-09-20 14:45 -------- d-----w- c:\users\Eigenaar\AppData\Local\temp 2012-09-20 14:44 . 2012-09-20 14:44 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-09-20 14:44 . 2012-09-20 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-19 20:38 . 2012-09-19 20:38 -------- d-----w- c:\program files\CCleaner 2012-09-19 20:38 . 2012-09-19 20:38 -------- d-----w- c:\program files\GUMB55.tmp 2012-09-19 20:38 . 2012-09-19 20:38 -------- d-----w- c:\program files\Google 2012-09-19 20:37 . 2012-09-20 14:26 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\BrowserCompanion 2012-09-19 19:07 . 2012-09-19 19:07 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Malwarebytes 2012-09-19 19:07 . 2012-09-19 19:07 -------- d-----w- c:\programdata\Malwarebytes 2012-09-19 19:07 . 2012-09-19 19:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-09-19 19:07 . 2012-09-07 15:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-19 19:05 . 2012-09-19 19:05 -------- d-----w- c:\users\Eigenaar\AppData\Local\AskToolbar 2012-09-19 19:05 . 2012-09-19 19:05 -------- d-----w- c:\users\Eigenaar\AppData\Roaming\Avira 2012-09-19 18:58 . 2012-09-07 18:26 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-09-19 18:58 . 2012-09-07 18:26 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys 2012-09-19 18:58 . 2012-09-07 18:26 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-09-19 18:58 . 2012-09-19 18:59 -------- d-----w- c:\programdata\Avira 2012-09-19 18:58 . 2012-09-19 18:58 -------- d-----w- c:\program files\Avira 2012-09-18 17:31 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F1DE14A1-1ED1-49DF-B6DC-EBF9FC44C5DB}\mpengine.dll 2012-09-16 12:28 . 2012-08-21 11:01 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-16 12:26 . 2012-09-16 12:26 -------- d-----w- c:\program files\iPod 2012-09-16 12:26 . 2012-09-16 12:28 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2012-09-16 12:26 . 2012-09-16 12:28 -------- d-----w- c:\program files\iTunes 2012-09-15 06:28 . 2012-09-15 06:28 -------- d-----w- c:\program files\Common Files\Skype 2012-09-15 06:28 . 2012-09-15 06:28 -------- d-----r- c:\program files\Skype . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-21 11:01 . 2011-04-07 19:55 106928 ----a-w- c:\windows\system32\GEARAspi.dll 2012-07-04 14:02 . 2012-08-16 14:30 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-29 00:16 . 2012-08-16 14:30 1800704 ----a-w- c:\windows\system32\jscript9.dll 2012-06-29 00:09 . 2012-08-16 14:30 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-29 00:08 . 2012-08-16 14:30 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-29 00:04 . 2012-08-16 14:30 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-29 00:00 . 2012-08-16 14:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-20 11:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-04-22 247728] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240] "Amazon Cloud Drive"="c:\users\Eigenaar\AppData\Local\Amazon\Cloud Drive\AmazonCloudDrive.exe" [2012-09-15 875512] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-09-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-13 6335008] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-01-12 488984] "LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-01-12 244512] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-13 1833504] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-09 421776] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-09-07 348664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2008-05-20 40072] . c:\users\Eigenaar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-7-29 503808] OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680] tcbhn.lnk - c:\users\Eigenaar\AppData\Roaming\BrowserCompanion\tcbhn.exe [2012-6-28 695448] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-1-31 813584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0 . R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\DRIVERS\3xHybrid.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-09-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 20:38] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-09-19 20:38] . 2012-08-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1176920450-3925209464-3760352564-1000Core.job - c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 12:32] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1176920450-3925209464-3760352564-1000UA.job - c:\users\Eigenaar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-19 12:32] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://search.babylon.com/?affID=115300&babsrc=HP_ss&mntrId=2a94c212000000000000001ee5e3b0f7 mStart Page = hxxp://home.sweetim.com/?crg=4.0002002 uInternet Settings,ProxyOverride = *.local IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 212.54.40.25 212.54.35.25 . - - - - ORPHANS VERWIJDERD - - - - . WebBrowser-{3EEC3C07-13C6-4B41-87C6-40B425A0B0A2} - (no file) WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file) AddRemove-BrowserCompanion - c:\program files\BrowserCompanion\uninstall.exe AddRemove-DealPly - c:\program files\DealPly\uninst.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-20 16:45 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4488) c:\program files\Logitech\SetPoint\lgscroll.dll . Voltooingstijd: 2012-09-20 16:46:56 ComboFix-quarantined-files.txt 2012-09-20 14:46 . Pre-Run: 425.391.685.632 bytes beschikbaar Post-Run: 425.350.787.072 bytes beschikbaar . - - End Of File - - B54FC1A996D67B0CC21E4A8C91F044EE