Ga naar inhoud

cbega

Lid
 Bekijk profiel  Bekijk hun activiteit

  • Items

    13

  • Registratiedatum

  • Laatst bezocht

cbega's prestaties

Groentje

Groentje (2/14)

  • Eerste post
  • Actief
  • Gespreksstarter
  • Week één klaar
  • Een maand later

Recente badges

0

Reputatie

  1. cbega
    nee krijgt de popup niet meer, ben blij dat het nu eindelijk opgelost is xD, het heeft even geduurt maar echt super bedankt voor je hulp bij het probleem om het op te lossen xD
  2. cbega
    # AdwCleaner v2.009 - Verslag gemaakt op 26/11/2012 om 22:53:18 # Geactualiseerd op 24/11/2012 door Xplode # Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits) # Gebruiker : gebruiker - GEBRUIKER-PC # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\gebruiker\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Verwijdert : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml File Verwijdert : C:\user.js File Verwijdert : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\searchplugins\Askcom.xml File Verwijdert : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\searchplugins\Search_Results.xml Map Verwijdert : C:\ProgramData\Babylon Map Verwijdert : C:\ProgramData\boost_interprocess Map Verwijdert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder Map Verwijdert : C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Map Verwijdert : C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Map Verwijdert : C:\Users\gebruiker\AppData\LocalLow\mediabarim Map Verwijdert : C:\Users\gebruiker\AppData\Roaming\Babylon Map Verwijdert : C:\Users\gebruiker\AppData\Roaming\Media Finder Map Verwijdert : C:\Users\gebruiker\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com Map Verwijdert : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} Map Verwijdert : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\mediabarim ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\DataMngr_Toolbar Sleutel Verwijdert : HKCU\Software\MediaFinder Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Sleutel Verwijdert : HKLM\Software\Babylon Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery Sleutel Verwijdert : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\imweb.imwebcontrol Sleutel Verwijdert : HKLM\SOFTWARE\Classes\MF Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA} Sleutel Verwijdert : HKLM\Software\DataMngr Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wincore MediaBar ***** [browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Het register bevat geen enkele ongeoorloofde invoer. -\\ Mozilla Firefox v16.0.2 (nl) Profielnaam : default File : C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\prefs.js C:\Users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\user.js ... Verwijdert ! Verwijdert : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Verwijdert : user_pref("browser.search.defaultengine", "Ask.com"); Verwijdert : user_pref("browser.search.defaultenginename", "Ask.com"); Verwijdert : user_pref("browser.search.order.1", "Ask.com"); Verwijdert : user_pref("extensions.BabylonToolbar.admin", false); Verwijdert : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Verwijdert : user_pref("extensions.BabylonToolbar.babExt", ""); Verwijdert : user_pref("extensions.BabylonToolbar.babTrack", "affID=113480"); Verwijdert : user_pref("extensions.BabylonToolbar.bbDpng", 25); Verwijdert : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Verwijdert : user_pref("extensions.BabylonToolbar.dfltSrch", false); Verwijdert : user_pref("extensions.BabylonToolbar.hmpg", false); Verwijdert : user_pref("extensions.BabylonToolbar.id", "e0c1fa97000000000000003067f1bf17"); Verwijdert : user_pref("extensions.BabylonToolbar.instlDay", "15492"); Verwijdert : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Verwijdert : user_pref("extensions.BabylonToolbar.lastDP", 25); Verwijdert : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1718:58:31"); Verwijdert : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "16.0"); Verwijdert : user_pref("extensions.BabylonToolbar.newTab", true); Verwijdert : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP"); Verwijdert : user_pref("extensions.BabylonToolbar.noFFXTlbr", false); Verwijdert : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Verwijdert : user_pref("extensions.BabylonToolbar.propectorlck", 92427041); Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 1); Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Verwijdert : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Verwijdert : user_pref("extensions.BabylonToolbar.ptch_0717", true); Verwijdert : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Verwijdert : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Verwijdert : user_pref("extensions.BabylonToolbar.tlbrId", "tb9"); Verwijdert : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17"); Verwijdert : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1718:58:31"); Verwijdert : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17"); Verwijdert : user_pref("extensions.BabylonToolbar_i.aflt", "babsst"); Verwijdert : user_pref("extensions.BabylonToolbar_i.babExt", ""); Verwijdert : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480"); Verwijdert : user_pref("extensions.BabylonToolbar_i.hardId", "e0c1fa97000000000000003067f1bf17"); Verwijdert : user_pref("extensions.BabylonToolbar_i.id", "e0c1fa97000000000000003067f1bf17"); Verwijdert : user_pref("extensions.BabylonToolbar_i.instlDay", "15492"); Verwijdert : user_pref("extensions.BabylonToolbar_i.instlRef", "sst"); Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", false); Verwijdert : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&babsrc=N[...] Verwijdert : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar"); Verwijdert : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon"); Verwijdert : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Verwijdert : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Verwijdert : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1718:58:31"); Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17"); -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Users\gebruiker\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [8139 octets] - [26/11/2012 22:53:18] ########## EOF - C:\AdwCleaner[s1].txt - [8199 octets] ##########
  3. cbega
    ComboFix 12-11-20.01 - gebruiker 25-11-2012 19:04:07.10.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2759 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))) . . 2012-11-25 18:09 . 2012-11-25 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 14:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28C6BB39-2841-4615-AF74-944AE54CD62D}\mpengine.dll 2012-11-22 10:01 . 2012-11-22 10:01 388096 ----a-r- c:\users\gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-19 13:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-19 13:12 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-11-19 13:12 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-11-19 13:12 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.startup.homepage - Google FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Wincore MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-25 19:11:23 ComboFix-quarantined-files.txt 2012-11-25 18:11 ComboFix2.txt 2012-11-24 17:22 ComboFix3.txt 2012-11-24 16:50 ComboFix4.txt 2012-11-23 19:20 ComboFix5.txt 2012-11-25 18:02 . Pre-Run: 393.245.257.728 bytes beschikbaar Post-Run: 393.189.376.000 bytes beschikbaar . - - End Of File - - 2EE5983DB2B52C92EA65BB746F1AE993
  4. cbega
    ik heb het progamma ook nog een keer in veilige modus afgespeelt met het laatste wat je zei: ComboFix 12-11-20.01 - gebruiker 24-11-2012 18:17:21.9.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2598 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))) . . 2012-11-24 17:21 . 2012-11-24 17:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 14:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28C6BB39-2841-4615-AF74-944AE54CD62D}\mpengine.dll 2012-11-22 10:01 . 2012-11-22 10:01 388096 ----a-r- c:\users\gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-19 13:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-19 13:12 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-11-19 13:12 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-11-19 13:12 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 aswFW;avast! TDI Firewall driver; [x] R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswKbd;aswKbd; [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.startup.homepage - Google FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Wincore MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-24 18:22:55 ComboFix-quarantined-files.txt 2012-11-24 17:22 ComboFix2.txt 2012-11-24 16:50 ComboFix3.txt 2012-11-23 19:20 ComboFix4.txt 2012-11-22 09:54 ComboFix5.txt 2012-11-24 17:16 . Pre-Run: 393.653.166.080 bytes beschikbaar Post-Run: 393.488.457.728 bytes beschikbaar . - - End Of File - - 4D9CDBF4AA0652459933E15C73D6BFA1
  5. cbega
    ComboFix 12-11-20.01 - gebruiker 24-11-2012 17:43:54.8.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2682 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-24 to 2012-11-24 )))))))))))))))))))))))))))))) . . 2012-11-24 16:49 . 2012-11-24 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 14:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28C6BB39-2841-4615-AF74-944AE54CD62D}\mpengine.dll 2012-11-22 10:01 . 2012-11-22 10:01 388096 ----a-r- c:\users\gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-19 13:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-19 13:12 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-11-19 13:12 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-11-19 13:12 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.startup.homepage - Google FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-Wincore MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-24 17:50:33 ComboFix-quarantined-files.txt 2012-11-24 16:50 ComboFix2.txt 2012-11-23 19:20 ComboFix3.txt 2012-11-22 09:54 ComboFix4.txt 2012-11-20 15:12 ComboFix5.txt 2012-11-24 16:42 . Pre-Run: 393.865.666.560 bytes beschikbaar Post-Run: 393.578.815.488 bytes beschikbaar . - - End Of File - - 07E0D6D858F43ECEC87E1B2EF02F6F7C
  6. cbega
    is er anders nog een optie om een andere goede webbrowser te gebruiken, aangezien ik via internet explorer internet op ga ik deze pop up er voorlopig nog niet voorkrijg, maar aangezien ik zelf geen favoriet ben van internet explorer is er anders nog een andere goede browser progamma wat ik kan gebruiken als alternatief voor firefox, mocht het natuurlijk niet lukken dit weg te krijgen in firefox.
  7. cbega
    zo dat heb ik net gedaan, windows defender uitgezet en weer virus scanner uit gezet, hieronder het combatlogje, maar het komt er nog steeds voor, echt hardnekkig is dit ding dat het er maar voor blijft komen, is er iets wat ik verkeerd doe of? volg precies de stappen op die je verteld. ComboFix 12-11-20.01 - gebruiker 23-11-2012 20:14:02.7.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2709 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\iMesh Applications c:\program files (x86)\iMesh Applications\iMesh\aac_parser.ax c:\program files (x86)\iMesh Applications\iMesh\ac3filter.ax c:\program files (x86)\iMesh Applications\iMesh\ammp3.dll c:\program files (x86)\iMesh Applications\iMesh\avcodec-51.dll c:\program files (x86)\iMesh Applications\iMesh\avformat-51.dll c:\program files (x86)\iMesh Applications\iMesh\avutil-49.dll c:\program files (x86)\iMesh Applications\iMesh\BerkeleyLoader.dll c:\program files (x86)\iMesh Applications\iMesh\CDRip.dll c:\program files (x86)\iMesh Applications\iMesh\Copy_Folder.bat c:\program files (x86)\iMesh Applications\iMesh\DiscoveryHelper.dll c:\program files (x86)\iMesh Applications\iMesh\FixAudioDriverSignature.reg c:\program files (x86)\iMesh Applications\iMesh\GIFAnimator.dll c:\program files (x86)\iMesh Applications\iMesh\HTML\error.html c:\program files (x86)\iMesh Applications\iMesh\HTML\Images\bg-top.jpg c:\program files (x86)\iMesh Applications\iMesh\HTML\Images\closeRecommend.gif c:\program files (x86)\iMesh Applications\iMesh\HTML\loading.html c:\program files (x86)\iMesh Applications\iMesh\HTML\noInternet.html c:\program files (x86)\iMesh Applications\iMesh\HTML\offline.html c:\program files (x86)\iMesh Applications\iMesh\HTML\Recommendation_Offline.html c:\program files (x86)\iMesh Applications\iMesh\ImageUploader5.ocx c:\program files (x86)\iMesh Applications\iMesh\iMesh.exe c:\program files (x86)\iMesh Applications\iMesh\iMesh.ico c:\program files (x86)\iMesh Applications\iMesh\IMTrProgress.dll c:\program files (x86)\iMesh Applications\iMesh\IMWebControl.dll c:\program files (x86)\iMesh Applications\iMesh\InstallHelper.dll c:\program files (x86)\iMesh Applications\iMesh\lame_enc.dll c:\program files (x86)\iMesh Applications\iMesh\libungif4.dll c:\program files (x86)\iMesh Applications\iMesh\lic_helper.dll c:\program files (x86)\iMesh Applications\iMesh\license.txt c:\program files (x86)\iMesh Applications\iMesh\MP4Splitter.ax c:\program files (x86)\iMesh Applications\iMesh\MpaDecFilter.ax c:\program files (x86)\iMesh Applications\iMesh\Nickel.ocx c:\program files (x86)\iMesh Applications\iMesh\ResourcesLoc.dll c:\program files (x86)\iMesh Applications\iMesh\sciter-x.dll c:\program files (x86)\iMesh Applications\iMesh\SHW32.DLL c:\program files (x86)\iMesh Applications\iMesh\Skins\Default.skn c:\program files (x86)\iMesh Applications\iMesh\Skins\Default.xml c:\program files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\albums.css c:\program files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\albums.html c:\program files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\images\defpreview.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\images\playbtn.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\albumsview\images\playing.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\artists.css c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\artists.html c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\header.css c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\header.html c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images\defpreview.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images\play.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images\play_disabled.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images\play_down.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\artistsview\images\play_over.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\cdripview\cdrip_view.css c:\program files (x86)\iMesh Applications\iMesh\Skins\html\cdripview\cdrip_view.html c:\program files (x86)\iMesh Applications\iMesh\Skins\html\cdripview\cdrip_view.tis c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\active.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\azure.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\black.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\blue.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\bs.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\byzantium.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\close-hovered.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\close-normal.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\close-pressed.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\close.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\dark-blue.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\green.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\grey.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\hover.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\inactive.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\magenta.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\olive.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\orange.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\pink.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\pro.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\images\red.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\pro-view.html c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\scheme.css c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\scheme.tis c:\program files (x86)\iMesh Applications\iMesh\Skins\html\colorsbubble\view.html c:\program files (x86)\iMesh Applications\iMesh\Skins\html\common.css c:\program files (x86)\iMesh Applications\iMesh\Skins\html\common.tis c:\program files (x86)\iMesh Applications\iMesh\Skins\html\guitest.html c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\defalbum.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\defbutton.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\ls_btn.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\ls_btn_hover.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\ls_btn_pressed.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_bottom.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_bottom_over.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_bottom_pressed.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_fill.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_slider.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_slider_center.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_slider_center_over.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_slider_center_pressed.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_slider_over.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_slider_pressed.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_top.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_top_over.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\sbv_top_pressed.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\th_btn.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\th_btn_hover.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\th_btn_pressed.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\tip.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\tipb.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\images\white.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images\defpreview.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images\list_btn.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images\playbtn.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\videosview\images\playing.png c:\program files (x86)\iMesh Applications\iMesh\Skins\html\videosview\videos.css c:\program files (x86)\iMesh Applications\iMesh\Skins\html\videosview\videos.html c:\program files (x86)\iMesh Applications\iMesh\Skins\Images\DefArtwork.jpg c:\program files (x86)\iMesh Applications\iMesh\Skins\Images\DefFemale.gif c:\program files (x86)\iMesh Applications\iMesh\Skins\Images\DefMale.gif c:\program files (x86)\iMesh Applications\iMesh\Skins\Images\FriendshipNotif.jpg c:\program files (x86)\iMesh Applications\iMesh\Skins\Images\SendPlaylist.jpg c:\program files (x86)\iMesh Applications\iMesh\Skins\Images\TAFLogo.PNG c:\program files (x86)\iMesh Applications\iMesh\Skins\Images\ToGoLogo.PNG c:\program files (x86)\iMesh Applications\iMesh\Skins\RemoteSkin.wmz c:\program files (x86)\iMesh Applications\iMesh\Skins\Settings.xml c:\program files (x86)\iMesh Applications\iMesh\UninstallUsers.exe c:\program files (x86)\iMesh Applications\iMesh\UpdateInst.exe c:\program files (x86)\iMesh Applications\iMesh\WMAProfiles.prx c:\program files (x86)\iMesh Applications\iMesh\WMHelper.dll c:\program files (x86)\iMesh Applications\iMesh\WMHelper.log c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\BrowserConnection.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngr.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\DnsBHO.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\chrome.manifest c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\chrome.manifest.alt c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlp.xpt c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF10.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF11.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF12.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF3.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF4.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF5.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF6.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF7.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF8.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\components\DataMngrHlpFF9.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\DataMngr.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\DnsBHO.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\Error404BHO.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\NewTabBHO.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\overlay.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\overlay.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\RelatedSearch.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\RequestPreserver.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\SearchBHO.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\SettingManager.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\content\Settings.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension\install.rdf c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\IEBHO.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\as_guid.dat c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search\engines.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\data\search\search.xsl c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\imeshcode.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\about.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxpanel.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxpaneltransparent.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxpanelwin.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxprefwin.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxtransparentwin.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\dtxwin.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\emailnotifierproviders.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\external.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\imeshcode.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\neterror.xhtml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\rsspreview.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\rsswin.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\rsswin.xsl c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\vmncode.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\lib\wmpstreamer.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules\datastore.jsm c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\modules\nsDragAndDrop.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\neterror.xhtml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\partner.coupons.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\preferences.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\radiobeta.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\template.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\toolbar.htm c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\toolbar.xul c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\vmncode.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\vmnrsswin.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_icon.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconFF.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressed.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_iconPressedFF.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\tb_pref_icon.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs\tb_thumb_icon.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.jsw c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\content\widgets\com.djboxservice.dj.DJBox\widget.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\about_logo.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\babylon_logo.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\bluelite.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\bluesky.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\btn-search-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\btn-search.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\btn-settings-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\btn-settings.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\btn-widgets-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\btn-widgets.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\btn_settings.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\ca.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\dictionary.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\divider.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\downloadcom.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\dtxlogo.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\ebay.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\ebay_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\email.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\email_on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\email_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\facebook.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\games.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\go_idle.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\go_rollover.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred0.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred0_5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred1.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred1_5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred2.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred2_5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred3.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred3_5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred4.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred4_5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphred5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\graphredna.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\grey.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\ico-shield.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\icon_amazon.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\icon_games.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\icon_seperator_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\icon_twitter.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\icon_youtube.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\images.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\imesh.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\add.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\aol.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-dn.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-right-disabled.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-right.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\arrow-up.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-divider.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-end.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-mdl_ff.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btn-start.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-divider.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-end.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-mdl_ff.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\bg-btnover-start.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\blank.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btn-widgets.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btn_slider.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnback-down-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnback-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnleft-down-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnleft-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnright-down-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\btnright-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-down-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\button-splitter-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\checkmark.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\chevron.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\collapse.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\comcast.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\dtx.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\edit-back-hot.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\edit-back.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\expand.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\found.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\gmail.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_blue.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_cyan.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_lime.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_magenta.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\highlight_yellow.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\hotmail.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\ico-check.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\imap.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\lastsearch-thumb-back.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\loadingMid.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\lock.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\logo-separator.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\mailcom.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menu_bg-basic.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_bar.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menu_separator_white.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitem-splitter.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-down-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemback-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-down-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemleft-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-down-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\menuitemright-vista.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\modify.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\move.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\movetarget.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\panels.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupAbout.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupGames.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupRSS.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\css\popupWidgets.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css\dialog.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\bg.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-search.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\btn-wide-close.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\default.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-l.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-off-r.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-l.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\tab-on-r.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\transparent.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-mdl.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\ttlbar-right.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-mdl.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right-resize.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-btm-right.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images\win-right.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\main.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts\defscript.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\footer.htm c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gamecategory.xsl c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gameData.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gameList.xsl c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\games.xsl c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\gametype.xsl c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-dn.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml-drop.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-sml.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrow-up.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\arrowr-bluew5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-aboutbox.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-btnover.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bg-pnl520x390.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-addtoolbar-right.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-back.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-grey.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-close-greyover.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-drag.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-mdl.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-moredetails.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-next.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-play-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-previous.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-right-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-search-pnlbtm.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\btn-try-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\bullet-orange.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb-on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\gamethumb2-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-calendar.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-dollar.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-download.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-joystick24.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-news24.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-play.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\ico-tags.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Add.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-download.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-Info.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-play.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\icon-shop.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgon.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\menul-bgover.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\panel-botm-noscroll.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg-206.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-bg.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scroll-topwin.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-disable.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-down.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollb.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-disable.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-down.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\scrollt.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\searchbox-pnlbtm.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_grey.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\star_x_orange.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\TRUSTe_about.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-detailed-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\view-thumb-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-16px.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets-square-24px.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\images\widgets.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\initHTML.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupGames.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupHTML.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupRSS.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\popupWidgets.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\panels\scroll.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\pop.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css\manager.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\css\slider.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\bg-pnl.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-grey.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\btn-close-greyover.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\collapsed_button.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\expanded_button.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-down.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-playstation.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\ico-radio.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\music-note.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause-on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-pause.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play-on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-btn-play.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-bg.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-buffer.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-busy.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-off.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-on.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-eq-warning.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design-on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-design.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options-on.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-options.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-0.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-1.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-2.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-3.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\radio-volume-mute.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-handle.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\scrollbar-track.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slider.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\slideron.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\images\track.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\managerpanel.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radio\volumeslider.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-buffering.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-connecting.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-playing.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta-stopped.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\radiobeta.ico c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\reload.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\remove.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rename.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\resize-box.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rss.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rsschannelback.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\RSSLogo.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\rsstabdivider.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\scroll-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\scroll-right.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\search-go.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\search.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\text-ellipsis.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\throbber.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\toolbarsplitter.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\transparent_1px.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_02.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_03.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_04.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_06.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_07.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_08.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_09.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_10.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_11.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_12.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_13.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_14.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_15.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_16.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_18.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_19.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_20.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\border_21.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-grey.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\btn-close-greyover.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-hot.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\close-normal.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\loadingMid.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\proxy.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\template.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\templateFF.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\uwa\throbber.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\cond999.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\icons.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-s.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na-t.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons\na.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\add.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\arrowr-bluew5.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue-whitebg.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\bg-pnl520x350blue.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-check.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\box-uncheck.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-grey.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-close-greyover.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-delete.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btn-search-pnlbtm.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next-off.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-next.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous-off.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\btnarrow-previous.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-check.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid-s.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\ico-hotandhumid.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\options-weather.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-blue.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\over-orange.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\powered-by-weatherbug2.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-checked.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\radio-unchecked.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\searchbox-pnlbtm.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images\weather-contour.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\popupWeather.html c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lib\yahoo.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\lichen.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo-about.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo-separator.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo_about_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo_over_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo_over_t_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\logo_t_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\mail.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\maps.bmp c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\menuseparatorback.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\modify-save.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\modify.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\modifyhot.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\music.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\news.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-main.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-search.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-weather.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-weather.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\options\options-widgets.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\orange.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\pixsy.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\protect-id.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-buffering.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-connecting.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-playing.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta-stopped.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\radiobeta.ico c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\relatedlinks.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-collapse.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-delete.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-expand.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-feed.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-folder-remove.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-folder-rename.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-folder.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-found.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-reload.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss-subscribe.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rss.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rssback.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\rsstopback.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\search-over.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\search.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\search_button_over_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\search_button_png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-left.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-middle.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\searchbar\searchbar-background-right.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\settings.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\shopping.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\siteinfo.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\skin-bluelite.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\skin-bluesky.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\skin-grey.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\skin-lichen.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\skin-orange.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\skin-yellow.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\skin.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\technorati.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\throbber.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\toolbarsplitter.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\translate.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\TRUSTe_about.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\video.bmp c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\vmn.css c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\vmn.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\weather.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\web.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\widgets-square-16px.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\wikipedia.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\Wincore_icon20.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\Wincore_with_shade.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\Wincore_with_shade16.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\yahoosearch.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\yellow.gif c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\youtube.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\chrome\skin\zoom.png c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\components\windowmediator.js c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\dtUser.exe c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\manifest.xml c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\uninstall.exe c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimband.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\x64\BrowserConnection.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngr.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\x64\datamngrUI.exe c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\x64\DnsBHO.dll c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\x64\IEBHO.dll c:\program files (x86)\iMesh Applications\MediaBar\sysid.ini c:\program files (x86)\iMesh Applications\MediaBar\uninstall.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-23 to 2012-11-23 )))))))))))))))))))))))))))))) . . 2012-11-23 19:19 . 2012-11-23 19:19 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-23 14:33 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28C6BB39-2841-4615-AF74-944AE54CD62D}\mpengine.dll 2012-11-22 10:01 . 2012-11-22 10:01 388096 ----a-r- c:\users\gebruiker\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2012-11-19 13:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-19 13:12 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-11-19 13:12 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-11-19 13:12 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 aswFW;avast! TDI Firewall driver; [x] R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswKbd;aswKbd; [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1175&systemid=1&sr=0&q= FF - ExtSQL: !HIDDEN! 2012-06-01 14:28; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . BHO-{28387537-e3f9-4ed7-860c-11e69af4a8a0} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll BHO-{BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - c:\progra~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL Wow6432Node-HKLM-Run-DATAMNGR - c:\progra~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE AddRemove-Wincore MediaBar - c:\program files (x86)\iMesh Applications\MediaBar\uninstall.exe . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-23 20:20:55 ComboFix-quarantined-files.txt 2012-11-23 19:20 ComboFix2.txt 2012-11-22 09:54 ComboFix3.txt 2012-11-20 15:12 ComboFix4.txt 2012-11-20 11:09 ComboFix5.txt 2012-11-23 19:13 . Pre-Run: 394.264.547.328 bytes beschikbaar Post-Run: 393.747.791.872 bytes beschikbaar . - - End Of File - - BA4FAFF294C8F108BA5A734962ACEB3E - - - Updated - - - heb net ook nog een keer hijakthis gebrobeerd in veilige modus aangezien ik zag dat er deze: O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL nog instonden, heb die ook verwijdert gekregen via veilige modus, maar nog steeds die popup komt ervoor in firefox met browser setting change met die 2 opties die je kunt kiezen.
  8. cbega
    sorry voor de wat late reactie, was een paar dagen niet thuis, hier is het volgende logje, maar ook na vuilige modus komt die pop up ervoor. ComboFix 12-11-20.01 - gebruiker 22-11-2012 10:48:50.6.2 - x64 MINIMAL Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2624 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\3B1 c:\programdata\3B1\{EF42345B-5A6C-4C37-AFFE-019D21F65CFF}.swf . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-22 to 2012-11-22 )))))))))))))))))))))))))))))) . . 2012-11-22 09:53 . 2012-11-22 09:53 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 10:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9FF5C5A-DDBF-4455-92E3-35DE8E005749}\mpengine.dll 2012-11-19 13:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-19 13:12 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-11-19 13:12 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-11-19 13:12 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-12 14:10 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-12 14:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2012-02-27 08:49 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R1 aswFW;avast! TDI Firewall driver; [x] R1 aswSnx;aswSnx; [x] R1 aswSP;aswSP; [x] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] R2 aswFsBlk;aswFsBlk; [x] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswKbd;aswKbd; [x] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.startup.homepage - Google FF - ExtSQL: !HIDDEN! 2012-06-01 14:28; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-22 10:54:55 ComboFix-quarantined-files.txt 2012-11-22 09:54 ComboFix2.txt 2012-11-20 15:12 ComboFix3.txt 2012-11-20 11:09 ComboFix4.txt 2012-11-19 15:51 ComboFix5.txt 2012-11-22 09:48 . Pre-Run: 393.690.836.992 bytes beschikbaar Post-Run: 393.302.663.168 bytes beschikbaar . - - End Of File - - A9FB564130030DD467C8D46A4B1254EF
  9. cbega
    ComboFix 12-11-20.01 - gebruiker 20-11-2012 15:57:28.5.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2584 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-20 to 2012-11-20 )))))))))))))))))))))))))))))) . . 2012-11-20 15:11 . 2012-11-20 15:11 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-20 10:01 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A9FF5C5A-DDBF-4455-92E3-35DE8E005749}\mpengine.dll 2012-11-19 13:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-19 13:12 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll 2012-11-19 13:12 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-11-19 13:12 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-12 14:10 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-12 14:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 09:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 09:20 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 09:20 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2012-02-27 08:49 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-20 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1175&systemid=1&sr=0&q= FF - ExtSQL: !HIDDEN! 2012-06-01 14:28; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-20 16:12:40 ComboFix-quarantined-files.txt 2012-11-20 15:12 ComboFix2.txt 2012-11-20 11:09 ComboFix3.txt 2012-11-19 15:51 ComboFix4.txt 2012-11-19 13:12 . Pre-Run: 394.002.063.360 bytes beschikbaar Post-Run: 393.943.396.352 bytes beschikbaar . - - End Of File - - C06FACB8B591A7F1EBB68DF09D0162A6
  10. cbega
    bij deze het log wat er kwam nadat ik dit gedaan had. ComboFix 12-11-16.02 - gebruiker 19-11-2012 16:44:36.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2020 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\gebruiker\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\37314 c:\programdata\37314\{EDAE5599-E39C-4C5E-BE29-3BBF88116664}.swf c:\programdata\Ask . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))) . . 2012-11-19 15:49 . 2012-11-19 15:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-19 13:27 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-11-19 12:57 . 2012-11-19 12:57 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E18BE11C-54EC-4205-AA92-485F676D0574}\offreg.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 13:27 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-16 17:37 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E18BE11C-54EC-4205-AA92-485F676D0574}\mpengine.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-12 14:10 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-12 14:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 09:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 09:20 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 09:20 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 09:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2012-02-27 08:49 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832] "aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832] "aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2012-10-30 49416] "Malwarebytes Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-09-29 766536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.startup.homepage - Google FF - ExtSQL: !HIDDEN! 2012-06-01 14:28; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-19 16:51:36 ComboFix-quarantined-files.txt 2012-11-19 15:51 ComboFix2.txt 2012-11-19 13:12 . Pre-Run: 393.450.201.088 bytes beschikbaar Post-Run: 394.552.401.920 bytes beschikbaar . - - End Of File - - 1E0420F62FBC088E9B3AD638AC33EE1B
  11. cbega
    hier is het combofix logbestand, maar zag net dat het nog steeds voor komt. ComboFix 12-11-16.02 - gebruiker 19-11-2012 13:52:20.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4063.2385 [GMT 1:00] Gestart vanuit: c:\users\gebruiker\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Nieuw herstelpunt werd aangemaakt . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\nud0repor.pad c:\programdata\SPLA5C4.tmp c:\programdata\z7_0ytr.pad c:\users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\CLSV.sys c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.dll c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\dudl.exe c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\eb.dll c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\energy.dll c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\energy.drv c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\exec.dll c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\fan.dll c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\fan.drv c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\FW.tmp c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\hymt.exe c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\PE.tmp c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\runddlkey.drv c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\SICKBOY.sys c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\std.drv c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.drv c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.exe c:\users\gebruiker\AppData\Roaming\Microsoft\Windows\Recent\tjd.tmp c:\users\gebruiker\AppData\Roaming\Strong Malware Defender c:\users\gebruiker\AppData\Roaming\Strong Malware Defender\Instructions.ini . . (((((((((((((((((((( Bestanden Gemaakt van 2012-10-19 to 2012-11-19 )))))))))))))))))))))))))))))) . . 2012-11-19 12:59 . 2012-11-19 12:59 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-19 12:57 . 2012-11-19 12:57 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E18BE11C-54EC-4205-AA92-485F676D0574}\offreg.dll 2012-11-18 18:04 . 2012-11-18 18:04 -------- d-----w- c:\users\gebruiker\AppData\Roaming\Malwarebytes 2012-11-18 18:03 . 2012-11-18 18:03 -------- d-----w- c:\programdata\Malwarebytes 2012-11-18 18:03 . 2012-11-19 10:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-11-17 16:58 . 2012-11-17 16:58 -------- d-----w- c:\program files (x86)\Trend Micro 2012-11-17 15:23 . 2012-11-17 15:23 -------- d-----w- c:\programdata\Ask 2012-11-17 15:22 . 2012-09-24 22:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-16 17:37 . 2012-10-17 00:31 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E18BE11C-54EC-4205-AA92-485F676D0574}\mpengine.dll 2012-11-15 21:27 . 2012-07-26 07:49 2560 ----a-w- c:\windows\system32\drivers\nl-NL\wdf01000.sys.mui 2012-11-15 21:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 21:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 21:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 21:21 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 21:21 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 21:21 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 21:21 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 21:21 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 21:21 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 21:21 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 18:08 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 18:08 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll 2012-11-12 14:04 . 2012-11-12 14:04 -------- d-----w- c:\programdata\37314 2012-11-07 08:31 . 2012-11-19 10:11 -------- d-----w- c:\programdata\McAfee Security Scan 2012-11-07 08:31 . 2012-11-07 10:02 -------- d-----w- c:\program files (x86)\McAfee Security Scan 2012-11-01 11:44 . 2012-11-01 11:44 -------- d-----w- c:\programdata\Garmin 2012-10-20 14:26 . 2012-10-20 14:26 -------- d-----w- c:\users\gebruiker\AppData\Local\ElevatedDiagnostics . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 21:22 . 2012-01-21 18:34 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-11-07 08:31 . 2012-03-31 16:52 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-07 08:31 . 2012-01-20 12:13 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-30 22:51 . 2012-01-20 09:32 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-10-30 22:51 . 2012-03-02 16:40 262656 ----a-w- c:\windows\system32\drivers\aswNdis2.sys 2012-10-30 22:51 . 2012-03-02 16:40 21136 ----a-w- c:\windows\system32\drivers\aswKbd.sys 2012-10-30 22:51 . 2012-01-20 09:32 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-10-30 22:51 . 2012-01-20 09:32 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-10-30 22:51 . 2012-01-20 09:32 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2012-10-30 22:51 . 2012-03-02 16:40 132864 ----a-w- c:\windows\system32\drivers\aswFW.sys 2012-10-30 22:51 . 2012-01-20 09:32 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-10-30 22:51 . 2012-01-20 09:32 41224 ----a-w- c:\windows\avastSS.scr 2012-10-30 22:50 . 2012-01-20 09:32 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-10-30 22:50 . 2012-01-20 09:32 285328 ----a-w- c:\windows\system32\aswBoot.exe 2012-10-15 16:59 . 2012-02-24 15:51 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys 2012-10-05 09:59 . 2012-06-01 13:51 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-05 09:59 . 2012-06-01 13:51 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-12 14:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-12 14:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-12 14:17 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-12 14:17 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-12 14:17 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-12 14:17 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05 . 2012-10-12 14:10 220160 ----a-w- c:\windows\system32\wintrust.dll 2012-08-24 16:57 . 2012-10-12 14:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-08-22 18:12 . 2012-09-12 09:20 950128 ----a-w- c:\windows\system32\drivers\ndis.sys 2012-08-22 18:12 . 2012-09-12 09:20 376688 ----a-w- c:\windows\system32\drivers\netio.sys 2012-08-22 18:12 . 2012-09-12 09:20 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2012-08-21 21:01 . 2012-09-26 09:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] 2012-02-27 08:49 89008 ----a-w- c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{28387537-e3f9-4ed7-860c-11e69af4a8a0}"= "c:\progra~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll" [2012-02-27 89008] . [HKEY_CLASSES_ROOT\clsid\{28387537-e3f9-4ed7-860c-11e69af4a8a0}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-03-17 2371584] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-03-26 1234216] "Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-06-04 1466760] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "aswAhAScr.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832] "aswasOutExt.dll"="c:\program files\AVAST Software\Avast\aswRegSvr.exe" [2012-10-30 47832] "aswasOutExt64.dll"="c:\program files\AVAST Software\Avast\aswRegSvr64.exe" [2012-10-30 49416] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944] R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-20 1255736] S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2012-02-23 12368] S0 aswNdis2;avast! Firewall Core Firewall Service; [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 BIOS;BIOS;c:\windows\system32\drivers\BIOS64.sys [2009-06-18 14136] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-08-21 133912] S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-03 1039872] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136] S3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1301504] . . Inhoud van de 'Gedeelde Taken' map . 2012-11-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 08:31] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . 2012-11-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-20 13:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BE7A24F5-69CB-4708-B77B-B1EDA6043B95}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ------w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-08 16333856] "lxdxmon.exe"="c:\program files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [2010-02-04 672424] "EzPrint"="c:\program files (x86)\Lexmark 3600-4600 Series\ezprint.exe" [2010-02-04 107176] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\datamngr.dll c:\progra~2\IMESHA~1\MediaBar\Datamngr\x64\IEBHO.dll . ------- Bijkomende Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://search.babylon.com/?affID=113480&babsrc=HP_ss&mntrId=e0c1fa97000000000000003067f1bf17 mLocal Page = c:\windows\SysWOW64\blank.htm IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\users\gebruiker\AppData\Roaming\Mozilla\Firefox\Profiles\n8jga6a0.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - Google FF - prefs.js: keyword.URL - hxxp://dts.search-results.com/sr?src=ffb&appid=1175&systemid=1&sr=0&q= FF - ExtSQL: !HIDDEN! 2012-06-01 14:28; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files (x86)\iMesh Applications\MediaBar\Datamngr\FirefoxExtension FF - user.js: extensions.BabylonToolbar_i.newTab - false FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113480 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.hardId - e0c1fa97000000000000003067f1bf17 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15492 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:58 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS VERWIJDERD - - - - . Toolbar-10 - (no file) Wow6432Node-HKCU-Run-Strong Malware Defender - c:\programdata\fd1145\SMfd1_8050.exe Wow6432Node-HKCU-Run-Media Finder - c:\program files (x86)\Media Finder\Media Finder.exe Toolbar-10 - (no file) . . . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-1009243565-1020422625-1719829415-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Voltooingstijd: 2012-11-19 14:12:06 ComboFix-quarantined-files.txt 2012-11-19 13:12 . Pre-Run: 390.163.210.240 bytes beschikbaar Post-Run: 393.407.102.976 bytes beschikbaar . - - End Of File - - 5F1A2869EA718AD395F9FF2432F4A26D
  12. cbega
    oke hier heb ik beide log bestanden van beide progamma's Malwarebytes Anti-Malware (-evaluatieversie-) 1.65.1.1000 Malwarebytes : Free anti-malware download Databaseversie: v2012.11.18.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 gebruiker :: GEBRUIKER-PC [administrator] Realtime bescherming: Ingeschakeld 18-11-2012 19:05:27 mbam-log-2012-11-18 (19-05-27).txt Scantype: Snelle scan Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM Uitgeschakelde scanopties: P2P Objecten gescand: 272683 Verstreken tijd: 21 minuut/minuten, 26 seconde(n) Geheugenprocessen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Geheugenmodulen gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registersleutels gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerwaarden gedetecteerd: 0 (Geen kwaadaardige objecten gedetecteerd) Registerdata gedetecteerd: 1 HKCR\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|URL (Hijack.SearchPage) -> Slecht: (http://findgala.com/?&uid=8050&q={searchTerms}) Goed: (http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}) -> Succesvol in quarantaine geplaatst en gerepareerd. Mappen gedetecteerd: 1 C:\Users\gebruiker\AppData\Roaming\Strong Malware Defender (Rogue.StrongMalwareDefender) -> Succesvol in quarantaine geplaatst en verwijderd. Bestanden gedetecteerd: 3 C:\Users\gebruiker\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Strong Malware Defender.lnk (Rogue.StrongMalwareDefender) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\gebruiker\AppData\Roaming\Strong Malware Defender\cookies.sqlite (Rogue.StrongMalwareDefender) -> Succesvol in quarantaine geplaatst en verwijderd. C:\Users\gebruiker\AppData\Roaming\Strong Malware Defender\Instructions.ini (Rogue.StrongMalwareDefender) -> Succesvol in quarantaine geplaatst en verwijderd. (einde) dit is de log van mbam en hieronder het log van hijackthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:07:33, on 18-11-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12531 bytes
  13. cbega
    goedeavond, als ik mijn internet (mozilla firefox) opstart krijg ik een kadertje(als extra firefoxtab geopend) rechts onder met: browser settings change an unknown change was detected on your browser's search settings ° keep current settings ° I am aware of this change and approve it nu heb ik ook een post gevonden die ook over dit onderwerp gaat en heb de hijhacked ding al gedaan, de savelog hieronder: al heb ik na het lezen van de post geen idee wat ik nu verder ermee moet doen, dus hoop dat iemand me hierbij kan helpen dat ik er geen last meer van heb. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:15:40, on 17-11-2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe C:\Program Files (x86)\Lexmark 3600-4600 Series\ezprint.exe C:\Program Files (x86)\Logitech\Vid HD\Vid.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: DataMngr - {BE7A24F5-69CB-4708-B77B-B1EDA6043B95} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\BROWSE~1.DLL O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart O4 - HKLM\..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode O4 - HKCU\..\Run: [strong Malware Defender] "C:\ProgramData\fd1145\SMfd1_8050.exe" /s /d O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\datamngr.dll C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\IEBHO.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update-service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: lxdx_device - - C:\Windows\system32\lxdxcoms.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12615 bytes
Logo

OVER ONS

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!

SITEMAP

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.