ComboFix 14-01-01.01 - pieter en anja 03-01-2014 13:45:14.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3325.1942 [GMT 1:00] Gestart vanuit: c:\users\pieter en anja\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\pieter en anja\AppData\Local\Minibar c:\users\pieter en anja\AppData\Local\Minibar\chrome.json c:\users\pieter en anja\AppData\Local\Minibar\chrome.pem c:\users\pieter en anja\AppData\Local\Minibar\chrome\background.html c:\users\pieter en anja\AppData\Local\Minibar\chrome\cached_http_request.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\extension_info.json c:\users\pieter en anja\AppData\Local\Minibar\chrome\icons\icon128.png c:\users\pieter en anja\AppData\Local\Minibar\chrome\icons\icon19.png c:\users\pieter en anja\AppData\Local\Minibar\chrome\icons\icon32.png c:\users\pieter en anja\AppData\Local\Minibar\chrome\icons\icon48.png c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_kango.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_menu.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_messaging.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_pageutils.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_popup.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_toolbar.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_toolbar_customfixes.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\includes\content_userscript.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\initial_config.json c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango-ui\button.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango-ui\toolbar.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango-ui\ui.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\browser.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\console.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\event_listener.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\initialize.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\io.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\jsonstorage.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\kango.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\lang.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\messaging.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\userscript_engine.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\kango\xhr.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\main.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\manifest.json c:\users\pieter en anja\AppData\Local\Minibar\chrome\minibar\actions.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\minibar\cachedxhr.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\minibar\config.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\minibar\macros.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\minibar\minibar.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\MinibarPlugin.dll c:\users\pieter en anja\AppData\Local\Minibar\chrome\popup.html c:\users\pieter en anja\AppData\Local\Minibar\chrome\popup.js c:\users\pieter en anja\AppData\Local\Minibar\chrome\tab.html c:\users\pieter en anja\AppData\Local\Minibar\chrome\tab.js c:\users\pieter en anja\AppData\Local\Minibar\chrome_installer.js c:\users\pieter en anja\AppData\Local\Minibar\common.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome.manifest c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\content.xul c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\extension_info.json c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\icons\icon128.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\icons\icon19.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\icons\icon32.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\icons\icon48.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\initial_config.json c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\button.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\popup_window.xul c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-left.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-middle.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\bottom-right.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-left.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\middle-right.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\style.css c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-bottom.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-left.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-right.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\tail-top.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-left.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-middle.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\theme\bubble\top-right.png c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\toolbar_stub.html c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango-ui\ui.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\browser.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\console.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\event_listener.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\initialize.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\io.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\jsonstorage.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\kango.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\lang.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\messaging.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\storage.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\uninstall_observer.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\userscript_engine.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\kango\xhr.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\main.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\actions.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\cachedxhr.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\config.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\homepage_helper.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\macros.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\minibar.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\search_helper.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\search_hook.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\chrome\content\minibar\tabpage_helper.js c:\users\pieter en anja\AppData\Local\Minibar\firefox\install.rdf c:\users\pieter en anja\AppData\Local\Minibar\firefox\plugins\npMinibarPlugin.dll c:\users\pieter en anja\AppData\Local\Minibar\firefox_installer.js c:\users\pieter en anja\AppData\Local\Minibar\ie_installer.js c:\users\pieter en anja\AppData\Local\Minibar\minibar.crx c:\users\pieter en anja\AppData\Local\Minibar\minibar.xpi c:\users\pieter en anja\AppData\Local\Minibar\SettingsHelper.exe c:\users\pieter en anja\AppData\Local\Minibar\Uninstall.exe c:\users\pieter en anja\Documents\12212013_110530.log . . (((((((((((((((((((( Bestanden Gemaakt van 2013-12-03 to 2014-01-03 )))))))))))))))))))))))))))))) . . 2014-01-03 12:56 . 2014-01-03 12:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-01-03 10:43 . 2014-01-03 10:43 40392 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{222313CC-6888-442C-88F8-F0B25605628A}\MpKsl0a08dc65.sys ERROR(0x00000005) 2014-01-02 17:40 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{222313CC-6888-442C-88F8-F0B25605628A}\mpengine.dll ERROR(0x00000005) 2014-01-02 17:38 . 2014-01-02 17:38 -------- d-----w- c:\program files\Microsoft Silverlight 2014-01-02 17:26 . 2014-01-02 17:26 -------- d-----w- c:\windows\system32\wbem\MOF\good 2014-01-02 17:26 . 2014-01-02 17:26 -------- d-----w- c:\windows\system32\wbem\MOF\bad 2014-01-01 14:01 . 2013-12-04 02:57 7760024 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005) 2013-12-17 20:43 . 2013-12-17 20:43 -------- d-----w- C:\_OTL 2013-12-16 18:32 . 2013-12-16 18:32 -------- d-----w- C:\zoek 2013-12-13 17:23 . 2013-11-14 23:18 757488 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-12-13 17:23 . 2013-11-14 22:50 1806848 ----a-w- c:\windows\system32\jscript9.dll 2013-12-13 17:23 . 2013-11-14 22:44 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-12-13 17:23 . 2013-11-14 22:43 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-12-13 17:23 . 2013-11-14 22:43 104448 ----a-w- c:\program files\Internet Explorer\jsdebuggeride.dll 2013-12-13 17:23 . 2013-11-14 22:42 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-12-13 06:04 . 2013-10-30 00:35 2050560 ----a-w- c:\windows\system32\win32k.sys 2013-12-13 06:04 . 2013-10-30 02:12 335360 ----a-w- c:\windows\system32\SysFxUI.dll 2013-12-13 06:04 . 2013-10-30 01:43 130048 ----a-w- c:\windows\system32\drivers\drmk.sys 2013-12-13 06:04 . 2013-10-30 00:43 167936 ----a-w- c:\windows\system32\drivers\portcls.sys 2013-12-13 06:04 . 2013-10-22 07:19 158208 ----a-w- c:\windows\system32\imagehlp.dll 2013-12-13 06:04 . 2013-10-11 02:08 131072 ----a-w- c:\windows\system32\wshom.ocx 2013-12-13 06:04 . 2013-10-11 02:08 36864 ----a-w- c:\windows\system32\wshcon.dll 2013-12-13 06:04 . 2013-10-11 02:08 172032 ----a-w- c:\windows\system32\scrrun.dll 2013-12-13 06:04 . 2013-10-11 00:35 135168 ----a-w- c:\windows\system32\cscript.exe 2013-12-13 06:04 . 2013-10-11 00:35 155648 ----a-w- c:\windows\system32\wscript.exe 2013-12-08 14:35 . 2013-12-08 15:30 -------- d-----w- c:\program files\trend micro 2013-12-08 14:35 . 2013-12-08 14:35 -------- d-----w- C:\rsit 2013-12-07 14:24 . 2013-12-07 14:24 -------- d-----w- c:\program files\ParetoLogic 2013-12-07 09:54 . 2013-12-07 09:54 -------- d-----w- c:\users\pieter en anja\AppData\Roaming\eCyber 2013-12-07 09:53 . 2014-01-03 12:44 -------- d-----w- c:\program files\iSafe 2013-12-07 09:53 . 2014-01-02 08:50 -------- d-----w- c:\users\pieter en anja\AppData\Roaming\iSafe 2013-12-06 06:23 . 2013-10-17 10:14 719224 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{15DD0BEA-18D5-4437-A1FF-BF62A3C358F6}\gapaengine.dll ERROR(0x00000005) . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-12-11 18:12 . 2012-04-14 07:41 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-12-11 18:12 . 2011-05-15 07:17 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-11-19 10:21 . 2009-10-02 16:08 230048 ------w- c:\windows\system32\MpSigStub.exe 2013-11-09 08:44 . 2013-11-09 08:44 62576 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{57C029CF-4007-4154-AA50-1D1F0FEFBD21}\offreg.dll ERROR(0x00000005) 2013-10-30 02:13 . 2008-01-21 02:23 1304064 ----a-w- c:\windows\system32\WMALFXGFXDSP.dll 2013-10-21 05:02 . 2013-10-21 05:02 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-10-17 10:14 . 2013-11-23 09:34 719224 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll ERROR(0x00000005) 2013-10-14 06:39 . 2013-11-08 05:55 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{57C029CF-4007-4154-AA50-1D1F0FEFBD21}\mpengine.dll ERROR(0x00000005) 2013-10-14 06:39 . 2008-11-26 13:47 7796464 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005) 2013-10-11 02:08 . 2013-11-13 06:00 444928 ----a-w- c:\windows\system32\IKEEXT.DLL 2013-10-11 02:07 . 2013-11-13 06:00 596480 ----a-w- c:\windows\system32\FWPUCLNT.DLL 2010-07-08 14:22 . 2013-09-30 20:08 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952] "Spotify Web Helper"="c:\users\pieter en anja\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-12-23 1168896] "FLV Player"="c:\users\pieter en anja\AppData\Local\WebPlayer\FLV Player\WebPlayer.exe" [2012-10-26 202752] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-11 39408] "Spotify"="c:\users\pieter en anja\AppData\Roaming\Spotify\spotify.exe" [2013-12-23 5951488] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-12-02 6695456] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-08 30192] "Google EULA Launcher"="c:\program files\Google\Google EULA\GoogleEULALauncher.exe" [2008-10-14 20480] "OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304] "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-12-02 2221352] "FixCamera"="c:\windows\FixCamera.exe" [2007-07-11 20480] "snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584] "CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816] "CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720] "CommonToolkitTray"="c:\program files\Fighters\Tray\FightersTray.exe" [2012-11-13 1405544] "KPN Assistent"="c:\program files\KPN\KPN Assistent\KPN Assistent\KPN_Assistent.exe" [2013-06-12 38142582] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-01 152392] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-04-29 642304] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X] "panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X] "panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X] "panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-8-22 44176] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot "ArcSoft Connection Service"=c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . R2 0114881387384327mcinstcleanup;McAfee Application Installer Cleanup (0114881387384327);c:\windows\TEMP\0114881387384327mcinst.exe [x] . . --- Andere Services/Drivers In Geheugen --- . *NewlyCreated* - MPKSL0A08DC65 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-12-06 06:09 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe . Inhoud van de 'Gedeelde Taken' map . 2014-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 18:12] . 2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:42] . 2014-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 12:42] . 2014-01-03 c:\windows\Tasks\SLOW-PCfighter-pieter en anja-Notification.job - c:\program files\Fighters\SLOW-PCfighter\Sync.exe [2012-03-02 16:06] . 2014-01-03 c:\windows\Tasks\SLOW-PCfighter-pieter en anja-Startup.job - c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2012-03-02 16:07] . 2012-08-05 c:\windows\Tasks\User_Feed_Synchronization-{6CC2ED6B-1AD9-4076-AE4B-5C2927BC4B55}.job - c:\windows\system32\msfeedssync.exe [2013-08-28 16:41] . . ------- Bijkomende Scan ------- . uStart Page = about:blank uDefault_Page_URL = about:blank mStart Page = about:blank mDefault_Page_URL = about:blank uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.254 FF - ProfilePath - c:\users\pieter en anja\AppData\Roaming\Mozilla\Firefox\Profiles\iy4wii2d.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - about:blank FF - prefs.js: keyword.URL - FF - ExtSQL: !HIDDEN! 2009-09-02 22:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=78aa10880000000000000024211f2c6c&q= FF - user.js: extensions.BabylonToolbar.id - 78aa10880000000000000024211f2c6c FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB} FF - user.js: extensions.BabylonToolbar.instlDay - 15998 FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.24.6 FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.24.6 FF - user.js: extensions.BabylonToolbar.vrsnTs - 1.8.24.612:14 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - nl FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.ffxUnstlRst - true FF - user.js: extensions.BabylonToolbar.admin - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=125056&tsp=5041 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.autoRvrt - false FF - user.js: extensions.BabylonToolbar.rvrt - false FF - user.js: extensions.BabylonToolbar.newTab - false . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - (no file) ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - (no file) SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A} - c:\program files\McAfee\SiteAdvisor\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-01-03 13:56 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . Voltooingstijd: 2014-01-03 13:58:47 ComboFix-quarantined-files.txt 2014-01-03 12:58 . Pre-Run: 540.823.756.800 bytes beschikbaar Post-Run: 540.814.700.544 bytes beschikbaar . - - End Of File - - 2F24CADFDC3F0BDF685DA59B8D10F2A6 5C616939100B85E558DA92B899A0FC36