Ga naar inhoud

Bundespolizei...


Aanbevolen berichten

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]

DDS::

IE: Zoek op het web - c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

Firefox::

FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL –

FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com

FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com

FF - Ext: BittorrentBar_NL Community Toolbar: {2d8d9acc-f6d7-4362-8876-a275ca929591} - %profile%\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}

FF - Ext: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - %profile%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}

FF - Ext: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - %profile%\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

FF - Ext: DealPly: {EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} - %profile%\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

FF - user.js: extensions.BabylonToolbar_i.id - a06a49e7000000000000001f3b994f33

FF - user.js: extensions.BabylonToolbar_i.hardId - a06a49e7000000000000001f3b994f33

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:09

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-03-28.01 - Timo 28/03/2012 13:01:09.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1702 [GMT 2:00]

Gestart vanuit: c:\users\Timo\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Timo\Desktop\CFScript.txt

AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}

SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\chrome.manifest

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\chrome\bittorrentbar_nl.jar

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\ConduitAutoCompleteSearch.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\ConduitAutoCompleteSearch.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\ConduitToolbar.idl

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\ConduitToolbar.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\ConduitToolbar.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\RadioWMPCore.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\RadioWMPCore.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\components\RadioWMPCoreGecko19.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\alertSettingsComponent.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\appContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\engineContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\engineSettings.json

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\fbAlert.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\getAppsContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\postAppsContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\toolbarContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\defaults\unsharedAppsContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\install.rdf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\lib\xpcom.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\META-INF\manifest.mf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\META-INF\zigbert.rsa

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\META-INF\zigbert.sf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\searchplugin\conduit.gif

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\searchplugin\conduit.ico

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\searchplugin\conduit.PNG

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\searchplugin\conduit.src

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\searchplugin\conduit.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\setup.ini

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{2d8d9acc-f6d7-4362-8876-a275ca929591}\version.txt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\chrome.manifest

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\chrome\softonic_english.jar

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitAutoCompleteSearch.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitAutoCompleteSearch.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitToolbar.idl

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitToolbar.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\ConduitToolbar.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\FFExternalAlert.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\components\RadioWMPCore.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\defaults\default_radio_skin.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\defaults\fbAlert.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\install.rdf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\lib\xpcom.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF\manifest.mf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF\zigbert.rsa

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\META-INF\zigbert.sf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.gif

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.ico

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.PNG

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.src

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\searchplugin\conduit.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\setup.ini

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}\version.txt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome.manifest

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\dealply.xul

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\chrome\content\images\dealplyIcon32.png

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\defaults\preferences\defaults.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}\install.rdf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome.manifest

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\chrome\bs_player.jar

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitAutoCompleteSearch.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.idl

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\ConduitToolbar.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFExternalAlert.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\RadioWMPCore.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\default_radio_skin.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\defaults\fbAlert.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\install.rdf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\lib\xpcom.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\manifest.mf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.rsa

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\META-INF\zigbert.sf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.gif

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.ico

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.PNG

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.src

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\searchplugin\conduit.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\version.txt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\chrome.manifest

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\chrome\conduitengine.jar

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\ConduitAutoCompleteSearch.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\ConduitToolbar.idl

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\ConduitToolbar.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\ConduitToolbar.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\RadioWMPCore.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\RadioWMPCore.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\alertSettingsComponent.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\appContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\engineContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\engineSettings.json

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\fbAlert.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\getAppsContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\postAppsContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\toolbarContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\defaults\unsharedAppsContextMenu.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\DualPackage\install.rdf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\install.rdf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\lib\xpcom.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\META-INF\manifest.mf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\META-INF\zigbert.rsa

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\META-INF\zigbert.sf

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\searchplugin\conduit.gif

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\searchplugin\conduit.ico

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\searchplugin\conduit.PNG

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\searchplugin\conduit.src

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\searchplugin\conduit.xml

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\setup.ini

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\engine@conduit.com\version.txt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\ffxtlbr@Facemoods.com

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\ffxtlbr@Facemoods.com\chrome.manifest

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.dll

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\ffxtlbr@Facemoods.com\components\FFHst.xpt

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences\instlPref.js

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\ffxtlbr@Facemoods.com\facemoods.jar

c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\extensions\ffxtlbr@Facemoods.com\install.rdf

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-28 ))))))))))))))))))))))))))))))

.

.

2012-03-28 11:07 . 2012-03-28 11:07 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-24 17:38 . 2012-03-24 17:38 -------- d-----w- c:\windows\CheckSur

2012-03-22 19:29 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-22 19:29 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-22 19:29 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-22 19:29 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-22 19:29 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-21 18:09 . 2012-03-21 18:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-03-21 18:09 . 2012-03-21 18:09 519680 ----a-w- c:\windows\system32\d3d11.dll

2012-03-21 18:09 . 2012-03-21 18:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2012-03-21 18:09 . 2012-03-21 18:09 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2012-03-21 18:09 . 2012-03-21 18:09 252928 ----a-w- c:\windows\system32\dxdiag.exe

2012-03-21 18:09 . 2012-03-21 18:09 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2012-03-21 18:09 . 2012-03-21 18:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-03-19 18:13 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-19 18:13 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-19 18:13 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2012-03-19 18:13 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2012-03-19 18:13 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2012-03-19 18:13 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2012-03-19 18:13 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-03-19 18:13 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-03-19 18:13 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-19 18:13 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-03-19 18:13 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll

2012-03-19 18:12 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-03-19 18:12 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-03-19 18:12 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-03-19 18:12 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-19 18:02 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-19 18:02 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-19 11:09 . 2012-03-19 11:09 -------- d-----w- c:\windows\system32\ca-ES

2012-03-19 11:09 . 2012-03-19 11:09 -------- d-----w- c:\windows\system32\eu-ES

2012-03-19 11:09 . 2012-03-19 11:09 -------- d-----w- c:\windows\system32\vi-VN

2012-03-19 11:03 . 2012-03-19 11:03 -------- d-----w- c:\windows\system32\SPReview

2012-03-19 10:46 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll

2012-03-19 10:46 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe

2012-03-19 10:34 . 2009-04-10 22:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys

2012-03-19 10:33 . 2009-04-10 22:28 48128 ----a-w- c:\windows\system32\l2nacp.dll

2012-03-19 10:29 . 2012-03-19 10:29 -------- d-----w- c:\windows\system32\EventProviders

2012-03-19 09:46 . 2012-03-19 09:46 -------- d-----w- c:\users\Timo\Octopus

2012-03-19 09:21 . 2012-03-19 09:21 -------- d-----w- c:\program files\CCleaner

2012-03-17 11:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2012-03-17 11:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2012-03-17 11:38 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll

2012-03-17 11:38 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll

2012-03-17 11:38 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll

2012-03-17 11:38 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll

2012-03-17 11:38 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe

2012-03-17 11:38 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe

2012-03-17 11:36 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-03-17 11:35 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll

2012-03-17 11:23 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2012-03-17 11:23 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2012-03-17 11:23 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe

2012-03-17 11:21 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

2012-03-17 11:07 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-03-17 11:07 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2012-03-17 11:07 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2012-03-17 11:07 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2012-03-17 11:07 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2012-03-14 17:56 . 2012-03-14 17:56 -------- d-----w- C:\PerfLogs

2012-03-14 17:21 . 2008-01-18 22:36 6656 ----a-w- c:\windows\system32\sdspres.dll

2012-03-14 17:21 . 2008-01-18 22:33 193024 ----a-w- c:\windows\system32\recdisc.exe

2012-03-14 17:20 . 2008-01-18 22:36 28160 ----a-w- c:\windows\system32\sxproxy.dll

2012-03-14 17:13 . 2008-01-18 22:35 8203264 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwusa.dll

2012-03-14 17:12 . 2008-01-18 22:36 403968 ----a-w- c:\windows\system32\p2pcollab.dll

2012-03-14 17:11 . 2008-01-18 22:33 218112 ----a-w- c:\windows\system32\WindowsAnytimeUpgrade.exe

2012-03-14 16:08 . 2012-03-14 16:08 -------- d-----w- c:\users\Timo\AppData\Roaming\Malwarebytes

2012-03-14 16:08 . 2012-03-14 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-14 16:08 . 2012-03-14 16:08 -------- d-----w- c:\programdata\Malwarebytes

2012-03-14 16:08 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-14 16:06 . 2012-03-17 11:14 -------- d-----w- C:\backups

2012-03-13 20:04 . 2012-03-13 20:05 -------- d-----w- c:\users\Timo\AppData\Roaming\kodak

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-28 09:23 . 2010-07-17 15:49 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2012-03-28 09:23 . 2010-07-18 19:37 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-03-21 18:09 . 2012-03-21 18:09 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui

2012-03-20 18:24 . 2010-07-17 15:58 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2012-03-14 17:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2012-03-14 17:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2012-03-07 20:37 . 2012-01-15 08:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 19:52 . 2012-02-15 19:52 3332784 ----a-w- c:\windows\system32\drivers\appdrv01.sys

2012-02-15 19:52 . 2012-02-15 19:52 316888 ----a-w- c:\windows\system32\appdrvrem01.exe

2012-02-09 12:41 . 2011-09-22 10:32 20040 ----a-w- c:\windows\system32\drivers\NSNetmon.sys

2012-02-09 12:41 . 2012-02-09 12:41 53088 ----a-w- c:\windows\system32\BGLsp.dll

2012-02-09 12:41 . 2011-09-22 10:32 216136 ----a-w- c:\windows\system32\drivers\NSKernel.sys

2012-02-09 12:40 . 2011-09-22 10:32 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys

2012-01-26 23:21 . 2010-09-13 17:57 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2012-02-08 16:44 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5868349-8000-4DF4-8B04-1B98BC3EB318}\mpengine.dll

2010-10-12 14:33 . 2010-10-12 14:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-10-12 16:15 . 2010-10-12 16:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-10-12 14:37 . 2010-10-12 14:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-10-12 14:35 . 2010-10-12 14:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-10-12 14:34 . 2010-10-12 14:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-10-12 14:32 . 2010-10-12 14:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-10-12 14:35 . 2010-10-12 14:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-10-12 14:34 . 2010-10-12 14:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-07-14 10:42 . 2010-07-14 10:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-10-12 14:37 . 2010-10-12 14:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuard.exe" [2012-03-23 1710944]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]

2012-01-07 14:09 326776 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

2011-11-03 21:20 137536 ----atw- c:\users\Timo\AppData\Local\Facebook\Update\FacebookUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]

2009-12-08 06:51 774144 ------w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2945745822-2279633797-4175448609-1000]

"EnableNotificationsRef"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

BullGuard_Main REG_MULTI_SZ BsMain

BullGuard REG_MULTI_SZ BsFileScan

BullGuard_Proxy REG_MULTI_SZ BsMailProxy

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945745822-2279633797-4175448609-1000Core.job

- c:\users\Timo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 21:20]

.

2012-03-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945745822-2279633797-4175448609-1000UA.job

- c:\users\Timo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 21:20]

.

2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 19:43]

.

2012-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 19:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

LSP: c:\windows\system32\BGLsp.dll

TCP: DhcpNameServer = 195.130.131.133 195.130.130.5

FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.be/

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=109130&babsrc=adbartrp&mntrId=a06a49e7000000000000001f3b994f33&q=

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: BullGuard Safe Browsing: antiphishing@bullguard - c:\program files\BullGuard Ltd\BullGuard Antivirus\Antiphishing\FF\antiphishing@bullguard

FF - user.js: extensions.BabylonToolbar_i.id - a06a49e7000000000000001f3b994f33

FF - user.js: extensions.BabylonToolbar_i.hardId - a06a49e7000000000000001f3b994f33

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:09

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-03-28 13:07

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-03-28 13:09:26

ComboFix-quarantined-files.txt 2012-03-28 11:09

ComboFix2.txt 2012-03-28 09:19

.

Pre-Run: 47.837.986.816 bytes beschikbaar

Post-Run: 47.811.514.368 bytes beschikbaar

.

- - End Of File - - 9CEF0469A6B270C124F394E0E86BB38A

Link naar reactie
Delen op andere sites

Dit is slechts gedeeltelijk gelukt. Herhaal nog even deze opdracht :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\

FF - prefs.js: keyword.URL -

FF - user.js: extensions.BabylonToolbar_i.id - a06a49e7000000000000001f3b994f33

FF - user.js: extensions.BabylonToolbar_i.hardId - a06a49e7000000000000001f3b994f33

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15346

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:09

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109130

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

ComboFix 12-03-28.01 - Timo 02/04/2012 12:37:06.3.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.3070.1919 [GMT 2:00]

Gestart vanuit: c:\users\Timo\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Timo\Desktop\CFScript.txt

AV: BullGuard Antivirus *Disabled/Outdated* {504FFF66-3028-EB7E-2E60-62B19ADD791C}

SP: BullGuard Antispyware *Disabled/Outdated* {EB2E1E82-1612-E4F0-14D0-59C3E15A33A1}

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-02 to 2012-04-02 ))))))))))))))))))))))))))))))

.

.

2012-04-02 10:38 . 2012-04-02 10:38 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-24 17:38 . 2012-03-24 17:38 -------- d-----w- c:\windows\CheckSur

2012-03-22 19:29 . 2012-02-14 15:45 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-03-22 19:29 . 2012-02-14 15:45 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2012-03-22 19:29 . 2012-02-13 14:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2012-03-22 19:29 . 2012-02-13 13:47 683008 ----a-w- c:\windows\system32\d2d1.dll

2012-03-22 19:29 . 2012-02-13 13:44 1068544 ----a-w- c:\windows\system32\DWrite.dll

2012-03-21 18:09 . 2012-03-21 18:09 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2012-03-21 18:09 . 2012-03-21 18:09 519680 ----a-w- c:\windows\system32\d3d11.dll

2012-03-21 18:09 . 2012-03-21 18:09 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2012-03-21 18:09 . 2012-03-21 18:09 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2012-03-21 18:09 . 2012-03-21 18:09 252928 ----a-w- c:\windows\system32\dxdiag.exe

2012-03-21 18:09 . 2012-03-21 18:09 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2012-03-21 18:09 . 2012-03-21 18:09 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2012-03-19 18:13 . 2011-10-27 08:01 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-19 18:13 . 2011-10-27 08:01 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-19 18:13 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll

2012-03-19 18:13 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax

2012-03-19 18:13 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax

2012-03-19 18:13 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax

2012-03-19 18:13 . 2011-10-14 16:03 189952 ----a-w- c:\windows\system32\winmm.dll

2012-03-19 18:13 . 2011-10-14 16:00 23552 ----a-w- c:\windows\system32\mciseq.dll

2012-03-19 18:13 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys

2012-03-19 18:13 . 2011-11-18 20:23 1205064 ----a-w- c:\windows\system32\ntdll.dll

2012-03-19 18:13 . 2011-10-14 16:02 429056 ----a-w- c:\windows\system32\EncDec.dll

2012-03-19 18:12 . 2011-11-18 17:47 66560 ----a-w- c:\windows\system32\packager.dll

2012-03-19 18:12 . 2011-11-25 15:59 376320 ----a-w- c:\windows\system32\winsrv.dll

2012-03-19 18:12 . 2011-12-14 16:17 680448 ----a-w- c:\windows\system32\msvcrt.dll

2012-03-19 18:12 . 2011-09-20 21:02 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-19 18:02 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll

2012-03-19 18:02 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-19 11:09 . 2012-03-19 11:09 -------- d-----w- c:\windows\system32\ca-ES

2012-03-19 11:09 . 2012-03-19 11:09 -------- d-----w- c:\windows\system32\eu-ES

2012-03-19 11:09 . 2012-03-19 11:09 -------- d-----w- c:\windows\system32\vi-VN

2012-03-19 11:03 . 2012-03-19 11:03 -------- d-----w- c:\windows\system32\SPReview

2012-03-19 10:46 . 2009-04-10 22:28 928768 ----a-w- c:\windows\system32\scavenge.dll

2012-03-19 10:46 . 2009-04-10 22:27 57856 ----a-w- c:\windows\system32\compcln.exe

2012-03-19 10:34 . 2009-04-10 22:32 141288 ----a-w- c:\windows\system32\drivers\ecache.sys

2012-03-19 10:33 . 2009-04-10 22:28 48128 ----a-w- c:\windows\system32\l2nacp.dll

2012-03-19 10:29 . 2012-03-19 10:29 -------- d-----w- c:\windows\system32\EventProviders

2012-03-19 09:46 . 2012-03-19 09:46 -------- d-----w- c:\users\Timo\Octopus

2012-03-19 09:21 . 2012-03-19 09:21 -------- d-----w- c:\program files\CCleaner

2012-03-17 11:38 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2012-03-17 11:38 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2012-03-17 11:38 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll

2012-03-17 11:38 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll

2012-03-17 11:38 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll

2012-03-17 11:38 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll

2012-03-17 11:38 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe

2012-03-17 11:38 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe

2012-03-17 11:36 . 2011-07-06 15:31 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2012-03-17 11:35 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll

2012-03-17 11:23 . 2010-12-17 15:45 2067968 ----a-w- c:\windows\system32\mstscax.dll

2012-03-17 11:23 . 2010-12-17 13:54 677888 ----a-w- c:\windows\system32\mstsc.exe

2012-03-17 11:23 . 2009-04-11 06:28 63488 ----a-w- c:\windows\system32\tscupgrd.exe

2012-03-17 11:21 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

2012-03-17 11:07 . 2009-11-08 09:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2012-03-17 11:07 . 2009-11-08 09:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2012-03-17 11:07 . 2009-11-08 09:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2012-03-17 11:07 . 2009-11-08 09:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2012-03-17 11:07 . 2009-11-08 09:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2012-03-14 17:56 . 2012-03-14 17:56 -------- d-----w- C:\PerfLogs

2012-03-14 17:21 . 2008-01-18 22:36 6656 ----a-w- c:\windows\system32\sdspres.dll

2012-03-14 17:21 . 2008-01-18 22:33 193024 ----a-w- c:\windows\system32\recdisc.exe

2012-03-14 17:20 . 2008-01-18 22:36 28160 ----a-w- c:\windows\system32\sxproxy.dll

2012-03-14 17:13 . 2008-01-18 22:35 8203264 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwusa.dll

2012-03-14 17:12 . 2008-01-18 22:36 403968 ----a-w- c:\windows\system32\p2pcollab.dll

2012-03-14 17:11 . 2008-01-18 22:33 218112 ----a-w- c:\windows\system32\WindowsAnytimeUpgrade.exe

2012-03-14 16:08 . 2012-03-14 16:08 -------- d-----w- c:\users\Timo\AppData\Roaming\Malwarebytes

2012-03-14 16:08 . 2012-03-14 16:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-03-14 16:08 . 2012-03-14 16:08 -------- d-----w- c:\programdata\Malwarebytes

2012-03-14 16:08 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-14 16:06 . 2012-03-17 11:14 -------- d-----w- C:\backups

2012-03-13 20:04 . 2012-03-13 20:05 -------- d-----w- c:\users\Timo\AppData\Roaming\kodak

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-02 08:24 . 2010-07-17 15:49 17408 ----a-w- c:\windows\system32\rpcnetp.exe

2012-04-02 08:24 . 2010-07-18 19:37 58288 ----a-w- c:\windows\system32\rpcnet.dll

2012-03-21 18:09 . 2012-03-21 18:09 4096 ----a-w- c:\windows\system32\drivers\nl-NL\dxgkrnl.sys.mui

2012-03-20 18:24 . 2010-07-17 15:58 17408 ----a-w- c:\windows\system32\rpcnetp.dll

2012-03-14 17:46 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll

2012-03-14 17:46 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll

2012-03-07 20:37 . 2012-01-15 08:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-15 19:52 . 2012-02-15 19:52 3332784 ----a-w- c:\windows\system32\drivers\appdrv01.sys

2012-02-15 19:52 . 2012-02-15 19:52 316888 ----a-w- c:\windows\system32\appdrvrem01.exe

2012-02-09 12:41 . 2011-09-22 10:32 20040 ----a-w- c:\windows\system32\drivers\NSNetmon.sys

2012-02-09 12:41 . 2012-02-09 12:41 53088 ----a-w- c:\windows\system32\BGLsp.dll

2012-02-09 12:41 . 2011-09-22 10:32 216136 ----a-w- c:\windows\system32\drivers\NSKernel.sys

2012-02-09 12:40 . 2011-09-22 10:32 308296 ----a-w- c:\windows\system32\drivers\Trufos.sys

2012-01-26 23:21 . 2010-09-13 17:57 237072 ------w- c:\windows\system32\MpSigStub.exe

2012-01-06 04:19 . 2012-02-08 16:44 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C5868349-8000-4DF4-8B04-1B98BC3EB318}\mpengine.dll

2010-10-12 14:33 . 2010-10-12 14:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll

2010-10-12 16:15 . 2010-10-12 16:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2010-10-12 14:37 . 2010-10-12 14:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2010-10-12 14:35 . 2010-10-12 14:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2010-10-12 14:34 . 2010-10-12 14:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2010-10-12 14:32 . 2010-10-12 14:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2010-10-12 14:35 . 2010-10-12 14:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2010-10-12 14:34 . 2010-10-12 14:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2010-07-14 10:42 . 2010-07-14 10:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2010-10-12 14:37 . 2010-10-12 14:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-03-31 16:54 . 2012-03-31 16:54 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\Steam\Steam.exe" [2011-08-02 1242448]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"BullGuard"="c:\program files\BullGuard Ltd\BullGuard Antivirus\BullGuard.exe" [2012-03-28 1711456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsMain]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2009-12-11 13:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-12-21 23:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ExpressFiles]

2012-01-07 14:09 326776 ----a-w- c:\program files\ExpressFiles\ExpressFiles.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]

2011-11-03 21:20 137536 ----atw- c:\users\Timo\AppData\Local\Facebook\Update\FacebookUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-12-13 16:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-10 22:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Companion]

2009-12-08 06:51 774144 ------w- c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 11:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2945745822-2279633797-4175448609-1000]

"EnableNotificationsRef"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

BullGuard_Main REG_MULTI_SZ BsMain

BullGuard REG_MULTI_SZ BsFileScan

BullGuard_Proxy REG_MULTI_SZ BsMailProxy

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945745822-2279633797-4175448609-1000Core.job

- c:\users\Timo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 21:20]

.

2012-04-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2945745822-2279633797-4175448609-1000UA.job

- c:\users\Timo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-03 21:20]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 19:43]

.

2012-04-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 19:43]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/

uInternet Settings,ProxyOverride = *.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

LSP: c:\windows\system32\BGLsp.dll

TCP: DhcpNameServer = 195.130.131.133 195.130.130.5

FF - ProfilePath - c:\users\Timo\AppData\Roaming\Mozilla\Firefox\Profiles\7ctg4dpj.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-02 12:38

Windows 6.0.6002 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Voltooingstijd: 2012-04-02 12:40:36

ComboFix-quarantined-files.txt 2012-04-02 10:40

ComboFix2.txt 2012-03-28 11:09

ComboFix3.txt 2012-03-28 09:19

.

Pre-Run: 45.474.066.432 bytes beschikbaar

Post-Run: 45.456.437.248 bytes beschikbaar

.

- - End Of File - - 666B93DD7A9D6D36F8A498B41BC85020

Link naar reactie
Delen op andere sites

Nu is alles prima verlopen ... perfect ! Combofix mag verwijderd worden :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Als dit probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.