contextbinder

Volgende stap: eens werk maken van een (liefst gratis) virus -scanner en anit -spyware; Tips welkom

Bingo: Vervelende balk is verdwenen Hartelijk dank aan allen

Wederom een probleem minder - op pijltje geklikt, vervelende suggesties zijn weg (had ik wellicht moeten weten) Rechts onderaan staat er idd: Ads not by this site Had ik opgemerkt maar vanwaar komen deze en hoe laat je ze verdwijnen

Onderstaand screenshot google, gevolg door een zoekopdracht op tractor, - - - Updated - - - Onderstaand screenshot google, gevolg door een zoekopdracht op tractor,

Ik vrees dat er nog steeds een grote promo -balk aanwezig is (zichtbaar o.a. op homepage google, net onder de tekst Google aangeboden in F D E), ook als ik iets zoek op google staan er steeds een 3 - 4 tal Ads bovenaan die niets te maken hebben met het gezochte onderwerp.

Log van combofix ComboFix 12-12-10.01 - peter 11/12/2012 18:43:18.4.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1194 [GMT 1:00] Gestart vanuit: c:\users\peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\peter\Desktop\CFScript.txt SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-11 to 2012-12-11 )))))))))))))))))))))))))))))) . . 2012-12-11 18:09 . 2012-12-11 18:09 -------- d-----w- c:\users\peter\AppData\Local\temp 2012-12-11 18:09 . 2012-12-11 18:09 -------- d-----w- c:\users\Frieda\AppData\Local\temp 2012-12-11 18:09 . 2012-12-11 18:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-11 16:16 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A0314AD-7913-4D9E-95C5-8361B1C18AA1}\mpengine.dll 2012-12-07 17:25 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-07 17:25 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-07 17:25 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-07 17:25 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-06 18:29 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-06 18:28 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-12-06 18:27 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-06 18:27 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-06 17:17 . 2012-12-06 17:37 -------- d-----w- C:\32788R22FWJFW(1) 2012-12-05 21:41 . 2012-12-06 17:48 -------- d-----w- c:\users\peter\AppData\Local\Temp(10) 2012-12-05 21:41 . 2012-12-05 21:41 -------- d-----w- c:\users\Frieda\AppData\Local\Temp(7) 2012-12-05 20:42 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\users\peter\AppData\Roaming\Malwarebytes 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\programdata\Malwarebytes 2012-12-02 10:55 . 2012-12-05 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-02 10:55 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-02 00:41 . 2012-12-02 00:41 -------- d-----w- c:\programdata\HitmanPro 2012-12-01 15:16 . 2012-12-01 15:16 -------- d-----w- c:\program files\Enigma Software Group 2012-12-01 15:15 . 2012-12-01 15:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-12-01 14:29 . 2012-12-01 14:29 181808 ----a-w- c:\windows\RegBootClean.exe 2012-12-01 13:41 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-11-30 20:10 . 2012-11-30 22:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-30 20:09 . 2012-12-01 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-11-30 19:54 . 2012-11-30 19:55 -------- d-----w- c:\users\peter\AppData\Roaming\Luxology 2012-11-30 19:41 . 2012-11-30 19:41 -------- d-----w- c:\program files\RegCleaner 2012-11-30 15:26 . 2012-11-30 15:26 -------- d-----w- c:\users\Frieda\AppData\Roaming\Grisoft 2012-11-28 20:23 . 2012-11-28 20:23 -------- d-----w- c:\programdata\Grisoft 2012-11-15 13:42 . 2012-11-15 13:42 -------- d-----w- c:\program files\Common Files\Java 2012-11-15 13:41 . 2012-11-15 13:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-09 11:01 . 2007-10-30 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-19 10:39 . 2012-03-28 17:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-19 10:39 . 2012-03-28 17:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-15 13:40 . 2012-08-19 11:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-15 13:40 . 2010-05-18 17:43 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-06 19:44 . 2012-12-06 19:43 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Skytel"="Skytel.exe" [2007-06-15 1826816] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-30 33136] "DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 988160] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-12-10 692224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-12-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:39] . 2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001Core.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . 2012-12-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001UA.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = w2003-sbs:8080 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-14 11:46; 50a3769af1bf0@50a3769af1c33.com; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\50a3769af1bf0@50a3769af1c33.com FF - ExtSQL: !HIDDEN! 2009-12-26 15:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-12-11 19:09 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . . C:\ADSM_PData_0150 . Scan succesvol afgerond verborgen bestanden: 1 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(5972) c:\program files\SetPoint\GameHook.dll c:\program files\SetPoint\lgscroll.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\program files\ASUS\ASUS Direct Console\MSNHOOK.DLL . Voltooingstijd: 2012-12-11 19:14:39 ComboFix-quarantined-files.txt 2012-12-11 18:14 ComboFix2.txt 2012-12-08 20:01 ComboFix3.txt 2012-12-08 16:49 ComboFix4.txt 2012-12-06 19:30 ComboFix5.txt 2012-12-11 17:34 . Pre-Run: 26.390.118.400 bytes beschikbaar Post-Run: 26.371.248.128 bytes beschikbaar . - - End Of File - - B96588E625935088B9CD5DAC46B7091A

Yep, vervelende balk is nog steeds aanwezig ...

Log Adwcleaner # AdwCleaner v2.011 - Verslag gemaakt op 09/12/2012 om 12:51:48 # Geactualiseerd op 02/12/2012 door Xplode # Besturingssysteem : Windows Vista Home Premium Service Pack 2 (32 bits) # Gebruiker : peter - PC_VAN_PETER # Opstarten Modus : Normale modus # Gelanceerd vanaf : C:\Users\peter\Desktop\adwcleaner.exe # Optie [Verwijderen] ***** [Diensten] ***** ***** [Files / Mappen] ***** File Verwijdert : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\searchplugins\funmoods.xml File Verwijdert : C:\Users\peter\Desktop\Search The Web.url File Verwijdert : C:\Users\peter\Desktop\sweetpcfix.url Map Verwijdert : C:\Program Files\Conduit Map Verwijdert : C:\Program Files\Vuze_Remote Map Verwijdert : C:\Users\Frieda\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\Frieda\AppData\LocalLow\PriceGong Map Verwijdert : C:\Users\Frieda\AppData\LocalLow\Vuze_Remote Map Verwijdert : C:\Users\peter\AppData\Local\Conduit Map Verwijdert : C:\Users\peter\AppData\Local\OpenCandy Map Verwijdert : C:\Users\peter\AppData\LocalLow\Conduit Map Verwijdert : C:\Users\peter\AppData\LocalLow\PriceGong Map Verwijdert : C:\Users\peter\AppData\LocalLow\SweetIM Map Verwijdert : C:\Users\peter\AppData\LocalLow\Vuze_Remote Map Verwijdert : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\ConduitCommon Map Verwijdert : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\CT2504091 Map Verwijdert : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc} Map Verwijdert : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\SweetPacksToolbarData Map Verwijdert : C:\Users\peter\AppData\Roaming\OpenCandy ***** [Register] ***** Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Conduit Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\PriceGong Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\Vuze_Remote Sleutel Verwijdert : HKCU\Software\AppDataLow\Toolbar Sleutel Verwijdert : HKCU\Software\Conduit Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKCU\Software\Softonic Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escort.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\esrv.EXE Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{34560874-63A0-46A0-882D-5D7E705ECEB5} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\CLSID\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Toolbar.CT2504091 Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKLM\Software\Conduit Sleutel Verwijdert : HKLM\Software\Funmoods Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348D8BFA-15A8-4B1A-AC7A-28A17BD8D19E} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{944587E3-38C8-4C03-AC9C-7CA1B8E0D2DE} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E30ED111-BD63-48C2-A6CB-AB3C9FFFB07C} Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar Sleutel Verwijdert : HKLM\Software\Vuze_Remote Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}] ***** [browsers] ***** -\\ Internet Explorer v7.0.6002.18005 Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0DyCtD0CyEtA0EtAtCtC0EyE0CtN0D0Tzu0CtAtAyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1602471350 --> hxxp://www.google.com -\\ Mozilla Firefox v17.0.1 (nl) Profielnaam : default File : C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\prefs.js C:\Users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\user.js ... Verwijdert ! Verwijdert : user_pref("CT2504091..clientLogIsEnabled", true); Verwijdert : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Verwijdert : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Verwijdert : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Verwijdert : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Verwijdert : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true); Verwijdert : user_pref("CT2504091.BrowserCompStateIsOpen_129990558296257215", true); Verwijdert : user_pref("CT2504091.CTID", "CT2504091"); Verwijdert : user_pref("CT2504091.CurrentServerDate", "9-12-2012"); Verwijdert : user_pref("CT2504091.DSInstall", false); Verwijdert : user_pref("CT2504091.DialogsAlignMode", "LTR"); Verwijdert : user_pref("CT2504091.DialogsGetterLastCheckTime", "Fri Dec 07 2012 19:35:45 GMT+0100"); Verwijdert : user_pref("CT2504091.DownloadReferralCookieData", ""); Verwijdert : user_pref("CT2504091.EMailNotifierPollDate", "Wed Apr 25 2012 20:02:29 GMT+0200"); Verwijdert : user_pref("CT2504091.FeedLastCount129079840422964131", 0); Verwijdert : user_pref("CT2504091.FeedPollDate128891351169457140", "Wed Apr 25 2012 19:57:28 GMT+0200"); Verwijdert : user_pref("CT2504091.FeedPollDate129079840422964131", "Wed Apr 25 2012 19:57:28 GMT+0200"); Verwijdert : user_pref("CT2504091.FeedTTL128891351169457140", 40); Verwijdert : user_pref("CT2504091.FirstServerDate", "25-4-2012"); Verwijdert : user_pref("CT2504091.FirstTime", true); Verwijdert : user_pref("CT2504091.FirstTimeFF3", true); Verwijdert : user_pref("CT2504091.FirstTimeHiddenVer", true); Verwijdert : user_pref("CT2504091.FixPageNotFoundErrors", true); Verwijdert : user_pref("CT2504091.GroupingServerCheckInterval", 1440); Verwijdert : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Verwijdert : user_pref("CT2504091.HPInstall", false); Verwijdert : user_pref("CT2504091.HasUserGlobalKeys", true); Verwijdert : user_pref("CT2504091.Initialize", true); Verwijdert : user_pref("CT2504091.InitializeCommonPrefs", true); Verwijdert : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3); Verwijdert : user_pref("CT2504091.InstallationId", "ConduitNSISIntegration"); Verwijdert : user_pref("CT2504091.InstallationType", "ConduitNSISIntegration"); Verwijdert : user_pref("CT2504091.InstalledDate", "Wed Apr 25 2012 19:57:28 GMT+0200"); Verwijdert : user_pref("CT2504091.IsAlertDBUpdated", true); Verwijdert : user_pref("CT2504091.IsGrouping", false); Verwijdert : user_pref("CT2504091.IsInitSetupIni", true); Verwijdert : user_pref("CT2504091.IsMulticommunity", false); Verwijdert : user_pref("CT2504091.IsOpenThankYouPage", false); Verwijdert : user_pref("CT2504091.IsOpenUninstallPage", false); Verwijdert : user_pref("CT2504091.LanguagePackLastCheckTime", "Sat Dec 08 2012 21:25:12 GMT+0100"); Verwijdert : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440); Verwijdert : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Verwijdert : user_pref("CT2504091.LastLogin_3.12.2.3", "Mon Jun 04 2012 23:24:41 GMT+0200"); Verwijdert : user_pref("CT2504091.LastLogin_3.13.0.6", "Sun Jul 15 2012 15:53:40 GMT+0200"); Verwijdert : user_pref("CT2504091.LastLogin_3.14.1.0", "Tue Aug 21 2012 21:27:37 GMT+0200"); Verwijdert : user_pref("CT2504091.LastLogin_3.15.1.0", "Tue Nov 06 2012 20:31:31 GMT+0100"); Verwijdert : user_pref("CT2504091.LastLogin_3.16.0.3", "Sun Dec 09 2012 09:15:56 GMT+0100"); Verwijdert : user_pref("CT2504091.LatestVersion", "3.16.0.3"); Verwijdert : user_pref("CT2504091.Locale", "en-us"); Verwijdert : user_pref("CT2504091.MCDetectTooltipHeight", "83"); Verwijdert : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Verwijdert : user_pref("CT2504091.MCDetectTooltipWidth", "295"); Verwijdert : user_pref("CT2504091.MyStuffEnabledAtInstallation", true); Verwijdert : user_pref("CT2504091.OriginalFirstVersion", "3.12.2.3"); Verwijdert : user_pref("CT2504091.SearchCaption", "Web Search"); Verwijdert : user_pref("CT2504091.SearchFromAddressBarIsInit", true); Verwijdert : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...] Verwijdert : user_pref("CT2504091.SearchInNewTabEnabled", true); Verwijdert : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440); Verwijdert : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Sat Dec 08 2012 21:25:11 GMT+0100"); Verwijdert : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Verwijdert : user_pref("CT2504091.SendProtectorDataViaLogin", true); Verwijdert : user_pref("CT2504091.ServiceMapLastCheckTime", "Sat Dec 08 2012 21:25:12 GMT+0100"); Verwijdert : user_pref("CT2504091.SettingsLastCheckTime", "Sun Dec 09 2012 09:15:53 GMT+0100"); Verwijdert : user_pref("CT2504091.SettingsLastUpdate", "1354707561"); Verwijdert : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13"); Verwijdert : user_pref("CT2504091.ThirdPartyComponentsInterval", 504); Verwijdert : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Wed Apr 25 2012 19:57:25 GMT+0200"); Verwijdert : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1312887586"); Verwijdert : user_pref("CT2504091.ToolbarShrinkedFromSetup", false); Verwijdert : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091"); Verwijdert : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Verwijdert : user_pref("CT2504091.UserID", "UN33408303227563807"); Verwijdert : user_pref("CT2504091.alertChannelId", "897164"); Verwijdert : user_pref("CT2504091.autoDisableScopes", -1); Verwijdert : user_pref("CT2504091.backendstorage.cbcountry_000", "4245"); Verwijdert : user_pref("CT2504091.backendstorage.cbfirsttime", "5765642041707220323520323031322031393A35373A33332[...] Verwijdert : user_pref("CT2504091.backendstorage.shoppingapp.gk.exipres", "4D6F6E2041707220333020323031322031393A[...] Verwijdert : user_pref("CT2504091.backendstorage.shoppingapp.gk.geolocation", "62656C6769756D"); Verwijdert : user_pref("CT2504091.backendstorage.url_history0001", "687474703A2F2F6B61742E70682F6F6E672D62616B2D7[...] Verwijdert : user_pref("CT2504091.components.129079840422182852", false); Verwijdert : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Verwijdert : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Wed Apr 25 2012 19:57:29 GMT+0200"); Verwijdert : user_pref("CT2504091.homepageProtectorEnableByLogin", true); Verwijdert : user_pref("CT2504091.initDone", true); Verwijdert : user_pref("CT2504091.isAppTrackingManagerOn", true); Verwijdert : user_pref("CT2504091.myStuffEnabled", true); Verwijdert : user_pref("CT2504091.myStuffPublihserMinWidth", 400); Verwijdert : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Verwijdert : user_pref("CT2504091.myStuffServiceIntervalMM", 1440); Verwijdert : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Verwijdert : user_pref("CT2504091.navigateToUrlOnSearch", false); Verwijdert : user_pref("CT2504091.revertSettingsEnabled", true); Verwijdert : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10); Verwijdert : user_pref("CT2504091.searchProtectorEnableByLogin", true); Verwijdert : user_pref("CT2504091.testingCtid", ""); Verwijdert : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Sat Dec 08 2012 21:25:12 GMT+0100"); Verwijdert : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Wed Apr 25 2012 19:57:30 GMT+0200"); Verwijdert : user_pref("CT2504091.usagesFlag", 2); Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...] Verwijdert : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Verwijdert : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\peter\\AppData\\Roaming\\Mozilla\\F[...] Verwijdert : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3"); Verwijdert : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Verwijdert : user_pref("CommunityToolbar.ToolbarsList", "CT2504091"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091"); Verwijdert : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091"); Verwijdert : user_pref("CommunityToolbar.globalUserId", "245810ca-e85b-42ed-8121-cd0d2f0bdf41"); Verwijdert : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Verwijdert : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Verwijdert : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091"); Verwijdert : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Apr 25 2012 19:57:3[...] Verwijdert : user_pref("CommunityToolbar.notifications.alertEnabled", false); Verwijdert : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Verwijdert : user_pref("CommunityToolbar.notifications.locale", "en"); Verwijdert : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Verwijdert : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Apr 25 2012 19:57:27 GMT+0200"); Verwijdert : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Verwijdert : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Verwijdert : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Verwijdert : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Verwijdert : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Verwijdert : user_pref("CommunityToolbar.notifications.userId", "dedbd01c-d923-4096-94a3-889bf6d5ca64"); Verwijdert : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.be/"); Verwijdert : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...] Verwijdert : user_pref("aol_toolbar.default.homepage.check", false); Verwijdert : user_pref("aol_toolbar.default.search.check", false); Verwijdert : user_pref("browser.search.defaultenginename", "Funmoods"); Verwijdert : user_pref("extensions.50a3769af1ca6.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...] Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 0); Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Verwijdert : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=[...] Verwijdert : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "1354305963863"); Verwijdert : user_pref("sweetim.toolbar.Visibility.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.Visibility.intervaldays", "7"); Verwijdert : user_pref("sweetim.toolbar.cargo", "3.1010000.10002"); Verwijdert : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.cda.returnValue", "hide"); Verwijdert : user_pref("sweetim.toolbar.dialogs.0.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-h[...] Verwijdert : user_pref("sweetim.toolbar.dialogs.0.height", "335"); Verwijdert : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog"); Verwijdert : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;"); Verwijdert : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.ht[...] Verwijdert : user_pref("sweetim.toolbar.dialogs.0.width", "761"); Verwijdert : user_pref("sweetim.toolbar.dialogs.1.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-h[...] Verwijdert : user_pref("sweetim.toolbar.dialogs.1.height", "300"); Verwijdert : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog"); Verwijdert : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog"); Verwijdert : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html"[...] Verwijdert : user_pref("sweetim.toolbar.dialogs.1.width", "500"); Verwijdert : user_pref("sweetim.toolbar.dialogs.2.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handl[...] Verwijdert : user_pref("sweetim.toolbar.dialogs.2.height", "150"); Verwijdert : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove"); Verwijdert : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog"); Verwijdert : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp"); Verwijdert : user_pref("sweetim.toolbar.dialogs.2.width", "530"); Verwijdert : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...] Verwijdert : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0"); Verwijdert : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7"); Verwijdert : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log"); Verwijdert : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000"); Verwijdert : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7"); Verwijdert : user_pref("sweetim.toolbar.mode.debug", "false"); Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Verwijdert : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Verwijdert : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://search.sweetim.com/search.asp?src=2&q="); Verwijdert : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true"); Verwijdert : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification"); Verwijdert : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", ""); Verwijdert : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*"); Verwijdert : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb"); Verwijdert : user_pref("sweetim.toolbar.scripts.0.enable", "true"); Verwijdert : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb"); Verwijdert : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js"); Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Verwijdert : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true"); Verwijdert : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification"); Verwijdert : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ""); Verwijdert : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*"); Verwijdert : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb"); Verwijdert : user_pref("sweetim.toolbar.scripts.2.enable", "false"); Verwijdert : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS"); Verwijdert : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js"); Verwijdert : user_pref("sweetim.toolbar.scripts.3.addcontextdiv", "false"); Verwijdert : user_pref("sweetim.toolbar.scripts.3.callback", ""); Verwijdert : user_pref("sweetim.toolbar.scripts.3.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...] Verwijdert : user_pref("sweetim.toolbar.scripts.3.domain-whitelist", ""); Verwijdert : user_pref("sweetim.toolbar.scripts.3.elementid", "id_predict_include_script"); Verwijdert : user_pref("sweetim.toolbar.scripts.3.enable", "false"); Verwijdert : user_pref("sweetim.toolbar.scripts.3.id", "id_script_prad"); Verwijdert : user_pref("sweetim.toolbar.scripts.3.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?[...] Verwijdert : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...] Verwijdert : user_pref("sweetim.toolbar.search.history.capacity", "10"); Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Verwijdert : user_pref("sweetim.toolbar.searchguard.enable", ""); Verwijdert : user_pref("sweetim.toolbar.simapp_id", "{FB86622B-3B25-11E2-9A27-001D606886E1}"); Verwijdert : user_pref("sweetim.toolbar.version", "1.6.0.3"); Profielnaam : default File : C:\Users\Frieda\AppData\Roaming\Mozilla\Firefox\Profiles\kg1s8pdo.default\prefs.js Verwijdert : user_pref("aol_toolbar.default.homepage.check", false); Verwijdert : user_pref("aol_toolbar.default.search.check", false); Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 0); Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", ""); Verwijdert : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", ""); Verwijdert : user_pref("sweetim.toolbar.previous.browser.startup.homepage", ""); Verwijdert : user_pref("sweetim.toolbar.previous.keyword.URL", ""); Verwijdert : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Verwijdert : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Verwijdert : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v [Onmogelijk de versie te verkrijgen] File : C:\Users\peter\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. File : C:\Users\Frieda\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] De file bevat geen enkele ongeoorloofde invoer. ************************* AdwCleaner[s1].txt - [27728 octets] - [09/12/2012 12:51:48] ########## EOF - C:\AdwCleaner[s1].txt - [27789 octets] ##########

PC ziet er idd een pak beter uit nu - geen last meer van woorden die oplichten welke dan verbonden zijn met links. Waar ik wel nog last van heb is een grote reclamebalk op elke pagina: bvb homepage van google: net onder de tekst: Google beschikbaar in ... staat een grote rechthoek met diverse reclame: Delhaize, Zalando, Casino, Flirtverzoek, AS adventure ... wellicht een of ander spyware ding, zou handig zijn deze ook te kunnen uitschakelen. Ik ben u alvast eeuwig dankbaar, scheelt wellicht al een aantal levensjaren

Log van Combofix ComboFix 12-12-07.01 - peter 08/12/2012 20:27:58.3.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1226 [GMT 1:00] Gestart vanuit: c:\users\peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\peter\Desktop\CFScript.txt SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))) . . 2012-12-08 19:55 . 2012-12-08 19:56 -------- d-----w- c:\users\peter\AppData\Local\temp 2012-12-08 19:55 . 2012-12-08 19:55 -------- d-----w- c:\users\Frieda\AppData\Local\temp 2012-12-08 19:55 . 2012-12-08 19:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-07 18:32 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81D5AA85-06C8-4537-A29C-E580F95C1788}\mpengine.dll 2012-12-07 17:25 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-07 17:25 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-07 17:25 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-07 17:25 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-06 18:29 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-06 18:28 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-12-06 18:27 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-06 18:27 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-06 17:17 . 2012-12-06 17:37 -------- d-----w- C:\32788R22FWJFW(1) 2012-12-05 21:41 . 2012-12-06 17:48 -------- d-----w- c:\users\peter\AppData\Local\Temp(10) 2012-12-05 21:41 . 2012-12-05 21:41 -------- d-----w- c:\users\Frieda\AppData\Local\Temp(7) 2012-12-05 20:42 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\users\peter\AppData\Roaming\Malwarebytes 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\programdata\Malwarebytes 2012-12-02 10:55 . 2012-12-05 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-02 10:55 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-02 00:41 . 2012-12-02 00:41 -------- d-----w- c:\programdata\HitmanPro 2012-12-01 15:16 . 2012-12-01 15:16 -------- d-----w- c:\program files\Enigma Software Group 2012-12-01 15:15 . 2012-12-01 15:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-12-01 14:29 . 2012-12-01 14:29 181808 ----a-w- c:\windows\RegBootClean.exe 2012-12-01 13:41 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-11-30 20:10 . 2012-11-30 22:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-30 20:09 . 2012-12-01 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-11-30 19:54 . 2012-11-30 19:55 -------- d-----w- c:\users\peter\AppData\Roaming\Luxology 2012-11-30 19:41 . 2012-11-30 19:41 -------- d-----w- c:\program files\RegCleaner 2012-11-30 15:26 . 2012-11-30 15:26 -------- d-----w- c:\users\Frieda\AppData\Roaming\Grisoft 2012-11-28 20:23 . 2012-11-28 20:23 -------- d-----w- c:\programdata\Grisoft 2012-11-15 13:42 . 2012-11-15 13:42 -------- d-----w- c:\program files\Common Files\Java 2012-11-15 13:41 . 2012-11-15 13:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-06 19:40 . 2007-10-30 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-19 10:39 . 2012-03-28 17:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-19 10:39 . 2012-03-28 17:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-15 13:40 . 2012-08-19 11:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-15 13:40 . 2010-05-18 17:43 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-06 19:44 . 2012-12-06 19:43 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Skytel"="Skytel.exe" [2007-06-15 1826816] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-30 33136] "DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 988160] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-12-10 692224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:39] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001Core.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001UA.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = w2003-sbs:8080 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q= FF - ExtSQL: 2012-11-14 11:46; 50a3769af1bf0@50a3769af1c33.com; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\50a3769af1bf0@50a3769af1c33.com FF - ExtSQL: !HIDDEN! 2009-12-26 15:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-12-08 20:56 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . [0] 0x00000DA8 . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(2712) c:\program files\SetPoint\GameHook.dll c:\program files\SetPoint\lgscroll.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\program files\ASUS\ASUS Direct Console\MSNHOOK.DLL . Voltooingstijd: 2012-12-08 21:01:21 ComboFix-quarantined-files.txt 2012-12-08 20:01 ComboFix2.txt 2012-12-08 16:49 ComboFix3.txt 2012-12-06 19:30 ComboFix4.txt 2012-12-05 21:41 . Pre-Run: 27.261.599.744 bytes beschikbaar Post-Run: 27.232.079.872 bytes beschikbaar . - - End Of File - - 4DAA1F4A115BC8BC8768FC7D7793368F

Heb voor de zekerheid de HijachThis opgestart en optie Als Admin gekozen (niet tegenstaande dat het account peter als Admin staat vermeld bij gebruikersprofielen Windows), is nu wel gelukt. Aansluitend Combofix nogmaals geprobeerd, deze keer met succes, beide logs hieronder Log van HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:02:31, on 8/12/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SetPoint\SetPoint.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Windows\system32\conime.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\peter\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 7081 bytes Log Combofix ComboFix 12-12-07.01 - peter 08/12/2012 17:16:20.2.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1268 [GMT 1:00] Gestart vanuit: c:\users\peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\peter\Desktop\CFScript.txt SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-08 to 2012-12-08 )))))))))))))))))))))))))))))) . . 2012-12-08 16:43 . 2012-12-08 16:44 -------- d-----w- c:\users\peter\AppData\Local\temp 2012-12-08 16:43 . 2012-12-08 16:43 -------- d-----w- c:\users\Frieda\AppData\Local\temp 2012-12-08 16:43 . 2012-12-08 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-07 18:32 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{81D5AA85-06C8-4537-A29C-E580F95C1788}\mpengine.dll 2012-12-07 17:25 . 2012-06-02 00:02 985088 ----a-w- c:\windows\system32\crypt32.dll 2012-12-07 17:25 . 2012-06-02 00:02 98304 ----a-w- c:\windows\system32\cryptnet.dll 2012-12-07 17:25 . 2012-06-02 00:02 133120 ----a-w- c:\windows\system32\cryptsvc.dll 2012-12-07 17:25 . 2012-08-24 15:53 172544 ----a-w- c:\windows\system32\wintrust.dll 2012-12-06 18:29 . 2012-09-13 13:28 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-06 18:28 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-12-06 18:27 . 2012-08-29 11:27 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-12-06 18:27 . 2012-08-29 11:27 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-12-06 17:17 . 2012-12-06 17:37 -------- d-----w- C:\32788R22FWJFW(1) 2012-12-05 21:41 . 2012-12-06 17:48 -------- d-----w- c:\users\peter\AppData\Local\Temp(10) 2012-12-05 21:41 . 2012-12-05 21:41 -------- d-----w- c:\users\Frieda\AppData\Local\Temp(7) 2012-12-05 20:42 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\users\peter\AppData\Roaming\Malwarebytes 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\programdata\Malwarebytes 2012-12-02 10:55 . 2012-12-05 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-02 10:55 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-02 00:41 . 2012-12-02 00:41 -------- d-----w- c:\programdata\HitmanPro 2012-12-01 15:16 . 2012-12-01 15:16 -------- d-----w- c:\program files\Enigma Software Group 2012-12-01 15:15 . 2012-12-01 15:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-12-01 14:29 . 2012-12-01 14:29 181808 ----a-w- c:\windows\RegBootClean.exe 2012-12-01 13:41 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-11-30 20:10 . 2012-11-30 22:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-30 20:09 . 2012-12-01 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-11-30 19:54 . 2012-11-30 19:55 -------- d-----w- c:\users\peter\AppData\Roaming\Luxology 2012-11-30 19:41 . 2012-11-30 19:41 -------- d-----w- c:\program files\RegCleaner 2012-11-30 15:26 . 2012-11-30 15:26 -------- d-----w- c:\users\Frieda\AppData\Roaming\Grisoft 2012-11-28 20:23 . 2012-11-28 20:23 -------- d-----w- c:\programdata\Grisoft 2012-11-15 13:42 . 2012-11-15 13:42 -------- d-----w- c:\program files\Common Files\Java 2012-11-15 13:41 . 2012-11-15 13:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-06 19:40 . 2007-10-30 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-19 10:39 . 2012-03-28 17:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-19 10:39 . 2012-03-28 17:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-15 13:40 . 2012-08-19 11:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-15 13:40 . 2010-05-18 17:43 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-12-06 19:44 . 2012-12-06 19:43 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Skytel"="Skytel.exe" [2007-06-15 1826816] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-30 33136] "DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 988160] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [bU] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-12-10 692224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-12-08 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:39] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001Core.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001UA.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = w2003-sbs:8080 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-14 11:46; 50a3769af1bf0@50a3769af1c33.com; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\50a3769af1bf0@50a3769af1c33.com FF - ExtSQL: !HIDDEN! 2009-12-26 15:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS VERWIJDERD - - - - . AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe AddRemove-{16726771-C380-4280-BAF9-1223B3838786} - c:\programdata\SaveAs\uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-12-08 17:44 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(4208) c:\program files\SetPoint\GameHook.dll c:\program files\SetPoint\lgscroll.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll c:\program files\ASUS\ASUS Direct Console\MSNHOOK.DLL . Voltooingstijd: 2012-12-08 17:49:49 ComboFix-quarantined-files.txt 2012-12-08 16:49 ComboFix2.txt 2012-12-06 19:30 ComboFix3.txt 2012-12-05 21:41 . Pre-Run: 27.593.560.064 bytes beschikbaar Post-Run: 27.356.291.072 bytes beschikbaar . - - End Of File - - A1408ABD3AA9BC8C65CF6C97BE747E63

Vergeten te vermelden bij vorige post: PC heeft 2 gebruikers, altijd ingelogd als Admin Logje van HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:04:57, on 8/12/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Windows\system32\conime.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\peter\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 7062 bytes

Hallo, heb combofix nog 3 maal opgestart met CFScript, 1 keer in veilige modus, 1 keer in veilige modus met netwerkmogelijkheden (tevens update van Combofix) en 1 keer in normale modus. In veilige modus: Bij het verschijnen van het blauwe scherm de melding: Kan het bericht nr 0x8 niet vinden in berichtenbestand voor systeem. Daarna maakt hij herstelpunt en begint te scannen. Tussen punt 38 en 39 krijg ik de melding: Access denied, admin permission needed to use the selected option, use admin command prompt to complete. Het scannen gaat gewoon door tot het einde (met elke keer de melding voltooid). Na het scannen krijg ik de melding in het blauwe scherm dat het rapport wordt voorbereid. Daarna verdwijnt het blauwe scherm en gebeurt er niets meer - meer dan 1 uur gewacht. Veilige modus met netwerkmogelijkheden - idem Gewone modus: Combofix laad het CFScript maar start niet op -blauwe scherm verschijnt niet - 50min gewacht. Vraagje: Kan je in taakbeheer zien of Combofix actief is ? Heb HJT uitgevoerd en de 2 punten aangevinkt - zal log plaatsen in volgende post.

Net combofix uitgevoerd in veilige modus - ziet er al beter uit, daarna HJT in normale modus, Log HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:26:29, on 7/12/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\peter\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 7119 bytes Log van Combofix ComboFix 12-12-04.01 - peter 07/12/2012 18:42:16.2.2 - x86 MINIMAL Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.1615 [GMT 1:00] Gestart vanuit: C:\Users\peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: C:\Users\peter\Desktop\CFScript.txt SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) c:\program files\MocaFlix c:\program files\MocaFlix\sprotector.dll c:\program files\MocaFlix\uninstall.exe c:\program files\Optimizer Pro c:\program files\Optimizer Pro\Ducth.ini c:\program files\Optimizer Pro\file_id.diz c:\program files\Optimizer Pro\HomePage.url c:\program files\Optimizer Pro\OptimizerPro.chm c:\program files\Optimizer Pro\OptimizerPro.exe c:\program files\Optimizer Pro\OptProGuard.exe c:\program files\Optimizer Pro\OptProLauncher.exe c:\program files\Optimizer Pro\OptProReminder.exe c:\program files\Optimizer Pro\OptProSchedule.exe c:\program files\Optimizer Pro\OptProSmartScan.exe c:\program files\Optimizer Pro\OptProStart.exe c:\program files\Optimizer Pro\OptProUninstaller.exe c:\program files\Optimizer Pro\scan.gif c:\program files\Optimizer Pro\sqlite3.dll c:\program files\Optimizer Pro\unins000.dat c:\program files\Optimizer Pro\unins000.exe c:\program files\SweetIM c:\programdata\InstallMate c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\_Setup.dll c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\_Setupx.dll c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\20121114113510.log c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\Setup.dat c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\Setup.exe c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\Setup.ico c:\programdata\InstallMate\{4A45D8F6-ED97-B876-5A9D-A5B591A6FA00}\TsuDll.dll c:\programdata\Premium c:\programdata\SaveAs c:\programdata\SaveAs\50a3769af1dc4.html c:\programdata\SaveAs\50a3769af1dfc.js c:\programdata\SaveAs\kkjbkcckcjoofommgofpeljnnkddjcpg.crx c:\programdata\SaveAs\settings.ini c:\programdata\SaveAs\uninstall.exe c:\users\peter\AppData\Roaming\Optimizer Pro c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCall.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla17.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla18.exe c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla19.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla2.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla20.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.dll c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseCustomCalla21.exe c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP\WiseData.ini

Log van Combofix ComboFix 12-12-04.01 - peter 06/12/2012 19:42:44.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2046.653 [GMT 1:00] Gestart vanuit: c:\users\peter\Desktop\ComboFix.exe gebruikte Opdracht switches :: c:\users\peter\Desktop\CFScript.txt SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {61CDFD9D-3CAC-9270-C6FC-52325ACB795B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((( Andere Verwijderingen ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Java\jre7\bin\ssv.dll c:\users\peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2 .lnk c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi c:\windows\assembly\GAC\Desktop.ini c:\windows\msvcr71.dll c:\windows\wininit.ini . Besmet exemplaar van c:\windows\system32\Services.exe werd aangetroffen en gedesinfecteerd Hersteld exemplaar van - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.0.6002.18005_none_d14b3973ca6acc56\services.exe . . (((((((((((((((((((( Bestanden Gemaakt van 2012-11-06 to 2012-12-06 )))))))))))))))))))))))))))))) . . 2012-12-06 19:17 . 2012-12-06 19:21 -------- d-----w- c:\users\peter\AppData\Local\temp 2012-12-06 19:17 . 2012-12-06 19:17 -------- d-----w- c:\users\Frieda\AppData\Local\temp 2012-12-06 19:17 . 2012-12-06 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-06 18:43 . 2012-11-19 00:04 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC1F4D2D-1E62-4E23-84DB-E593B90BE7FE}\mpengine.dll 2012-12-06 17:17 . 2012-12-06 17:37 -------- d-----w- C:\32788R22FWJFW(1) 2012-12-05 21:41 . 2012-12-06 17:48 -------- d-----w- c:\users\peter\AppData\Local\Temp(10) 2012-12-05 21:41 . 2012-12-05 21:41 -------- d-----w- c:\users\Frieda\AppData\Local\Temp(7) 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\users\peter\AppData\Roaming\Malwarebytes 2012-12-02 10:55 . 2012-12-02 10:55 -------- d-----w- c:\programdata\Malwarebytes 2012-12-02 10:55 . 2012-12-05 17:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-12-02 10:55 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-02 00:41 . 2012-12-02 00:41 -------- d-----w- c:\programdata\HitmanPro 2012-12-01 15:16 . 2012-12-01 15:16 -------- d-----w- c:\program files\Enigma Software Group 2012-12-01 15:15 . 2012-12-02 15:12 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP 2012-12-01 15:15 . 2012-12-01 15:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-12-01 14:29 . 2012-12-01 14:29 181808 ----a-w- c:\windows\RegBootClean.exe 2012-12-01 13:41 . 2012-06-05 07:37 256904 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-11-30 20:10 . 2012-11-30 22:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-11-30 20:09 . 2012-12-01 13:36 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2012-11-30 19:54 . 2012-11-30 19:55 -------- d-----w- c:\users\peter\AppData\Roaming\Luxology 2012-11-30 19:41 . 2012-11-30 22:12 -------- d-----w- c:\program files\SweetIM 2012-11-30 19:41 . 2012-11-30 19:41 -------- d-----w- c:\program files\RegCleaner 2012-11-30 15:26 . 2012-11-30 15:26 -------- d-----w- c:\users\Frieda\AppData\Roaming\Grisoft 2012-11-28 20:23 . 2012-11-28 20:23 -------- d-----w- c:\programdata\Grisoft 2012-11-15 13:42 . 2012-11-15 13:42 -------- d-----w- c:\program files\Common Files\Java 2012-11-15 13:41 . 2012-11-15 13:41 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-11-14 10:51 . 2012-11-14 10:51 -------- d-----w- c:\users\peter\AppData\Roaming\Optimizer Pro 2012-11-14 10:35 . 2012-11-14 10:35 -------- d-----w- c:\program files\MocaFlix 2012-11-14 10:35 . 2012-12-02 00:49 -------- d-----w- c:\programdata\Premium 2012-11-14 10:35 . 2012-11-14 10:35 -------- d-----w- c:\program files\Optimizer Pro 2012-11-14 10:35 . 2012-12-01 14:29 -------- d-----w- c:\programdata\SaveAs 2012-11-14 10:35 . 2012-12-02 00:49 -------- d-----w- c:\programdata\InstallMate . . . ((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-06 19:21 . 2007-10-30 20:09 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-11-19 10:39 . 2012-03-28 17:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-11-19 10:39 . 2012-03-28 17:23 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-11-15 13:40 . 2012-08-19 11:25 821736 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-11-15 13:40 . 2010-05-18 17:43 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-01 17:25 . 2012-11-01 17:24 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten ))))))))))))))))))))))))))))))))))))))))))))))))))) . . *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1] @="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}" [HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}] 2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-26 161328] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-03-26 1057328] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "Skytel"="Skytel.exe" [2007-06-15 1826816] "SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-21 630784] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2006-09-12 155648] "ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376] "ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440] "PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2007-10-30 33136] "DirectMessenger"="c:\program files\ASUS\ASUS Direct Console\LCMP.EXE" [2007-07-21 988160] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080] "beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2010-05-31 2060288] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [bU] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ SetPoint.lnk - c:\program files\SetPoint\SetPoint.exe [2009-12-10 692224] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Inhoud van de 'Gedeelde Taken' map . 2012-12-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 10:39] . 2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-11-11 14:21] . 2012-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001Core.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . 2012-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2505962282-1386148753-3021142582-1001UA.job - c:\users\Frieda\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-13 19:21] . . ------- Bijkomende Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Settings,ProxyServer = w2003-sbs:8080 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 195.130.130.2 195.130.131.2 FF - ProfilePath - c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/ FF - ExtSQL: 2012-11-14 11:46; 50a3769af1bf0@50a3769af1c33.com; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\50a3769af1bf0@50a3769af1c33.com FF - ExtSQL: 2012-11-30 21:05; {EEE6C361-6118-11DC-9C72-001320C79847}; c:\users\peter\AppData\Roaming\Mozilla\Firefox\Profiles\082x6lab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF - ExtSQL: !HIDDEN! 2009-12-26 15:59; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover Rootkit scan 2012-12-06 20:23 Windows 6.0.6002 Service Pack 2 NTFS . scannen van verborgen processen ... . scannen van verborgen autostart items ... . scannen van verborgen bestanden ... . Scan succesvol afgerond verborgen bestanden: 0 . ************************************************************************** . --------------------- VERGRENDELDE REGISTER SLEUTELS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Geladen Onder Lopende Processen --------------------- . - - - - - - - > 'Explorer.exe'(3260) c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll . ------------------------ Andere Aktieve Processen ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\ASUS\ASUS Data Security Manager\ADSMSrv.exe c:\program files\ATK Hotkey\ASLDRSrv.exe c:\program files\ATKGFNEX\GFNEXSrv.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files\ASUS\NB Probe\SPM\spmgr.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files\ATK Hotkey\Hcontrol.exe c:\program files\ATKOSD2\ATKOSD2.exe c:\program files\Wireless Console 2\wcourier.exe c:\program files\P4G\BatteryLife.exe c:\program files\ASUS\Splendid\ACMON.exe c:\windows\System32\ACEngSvr.exe c:\program files\ATK Hotkey\ATKOSD.exe c:\program files\ATK Hotkey\KBFiltr.exe c:\program files\ATK Hotkey\WDC.exe c:\windows\system32\conime.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Voltooingstijd: 2012-12-06 20:30:51 - machine werd herstart ComboFix-quarantined-files.txt 2012-12-06 19:30 ComboFix2.txt 2012-12-05 21:41 . Pre-Run: 28.670.705.664 bytes beschikbaar Post-Run: 26.776.424.448 bytes beschikbaar . - - End Of File - - 0CAF29E84624DE2DA333E3FA1BD71E0A Log van HJT Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:46:10, on 6/12/2012 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\ASUS\ATK Media\DMedia.exe C:\Program Files\P4P\P4P.exe C:\Windows\ASScrPro.exe C:\Program Files\ASUS\ASUS Direct Console\LCMP.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Belgium Identity Card\beid35gui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\ASUS\ASUS Direct Console\D3DCheck.exe C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE C:\Program Files\Apoint2K\HidFind.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Apoint2K\Apvfb.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\peter\Downloads\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUS R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = w2003-sbs:8080 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (file missing) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [skytel] Skytel.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [ChkMail] C:\Program Files\ChkMail\ChkMail\ChkMail.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [PowerForPhone] "C:\Program Files\P4P\P4P.exe" O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe O4 - HKLM\..\Run: [DirectMessenger] "C:\Program Files\ASUS\ASUS Direct Console\LCMP.EXE" O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Futuremark SystemInfo) - Sign in O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- End of file - 7339 bytes