Vrighty
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Vrighty
-
-
Sorry, forgot you wanted them posted them with copy/paste.
Attach.txt:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3-7-2008 0:38:28
System Uptime: 22-11-2012 12:09:19 (4 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | M51SE
Processor: Intel® Core2 Duo CPU T5750 @ 2.00GHz | Socket 478 | 1000/167mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 26,268 GiB free.
D: is FIXED (NTFS) - 107 GiB total, 29,514 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
1ClickDownloader
Aangifte inkomstenbelasting 2010
Activation Assistant for the 2007 Microsoft Office suites
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2 - Nederlands
Agere Systems HDA Modem
Akamai NetSession Interface
Akamai NetSession Interface Service
ASUS CopyProtect
ASUS InstantFun
ASUS LifeFrame3
ASUS Live Update
ASUS Security Protect Manager
ASUS SmartLogon
ASUS Splendid Video Enhancement Technology
Asus_Camera_ScreenSaver
ATI Catalyst Install Manager
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
µTorrent
AuthenTec Fingerprint Sensor Minimum Install
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AVG Free 9.0
Call of Duty
Call of Duty - United Offensive
Canon Easy-WebPrint EX
Canon iP4700 series Printer Driver
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-Branding
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CD-LabelPrint
Creeper World DEMO
CyberLink LabelPrint
DAEMON Tools Lite
DAEMON Tools Toolbar
Delft GeoSystems Common Files
DWG TrueView 2010
Gebruikersregistratie voor Canon iP4700 series
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® PROSet/Wireless Software
Intel® Matrix Storage Manager
ITRWoW 3.2.2a
Java Auto Updater
Java 6 Update 37
JMB36X Raid Configurer
Junk Mail filter update
LightScribe System Software 1.12.37.1
Malwarebytes' Anti-Malware
mCore
mDriver
mHelp
Microsoft .NET Framework 3.5 Language Pack SP1 - nld
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Dutch) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Dutch) 2007
Microsoft Office InfoPath MUI (Dutch) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office Project 2007 Service Pack 3 (SP3)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual Basic Power Packs 3.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
mMHouse
Mozilla Firefox (3.6.18)
mPfMgr
MSheet
MSVCRT
NB Probe
OGA Notifier 2.0.0048.0
P4P
Power2Go
Power4Gear eXtreme
RAIDar 4.1.3
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
RocketDock 1.3.5
SecureW2 EAP Suite 1.1.2 for Windows
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Skins
Skype web features
Skype™ 5.10
Softonic_English Toolbar
Spotify
Stronghold Kingdoms
Synaptics Pointing Device Driver
Taalpakket voor Microsoft .NET Framework 3.5 SP1 - NL
TeamSpeak 3 Client
TeamViewer 4
TorrentMan Toolbar
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
USB 2.0 1.3M UVC WebCam
VBA
VLC media player 1.0.1
Winamp
Windows Live - Hulpprogramma voor uploaden
Windows Live aanmeldhulp
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
WinFlash
WinRAR
WinZip 12.0
Wireless Console 2
Yontoo 1.10.02
.
==== End Of File ===========================
dds.txt
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 1.6.0_37
Run by Koen at 16:02:40 on 2012-11-22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1515 [GMT 1:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Program Files\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\ASUS CopyProtect\aspg.exe
C:\Program Files\P4G\BatteryLife.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Windows\System32\ACEngSvr.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\P4P\P4P.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Users\Koen\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\System32\svchost.exe -k Cognizance
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026
uDefault_Page_URL = hxxp://www.asus.com
mDefault_Page_URL = hxxp://www.asus.com
uProxyOverride = 127.0.0.1:9421;<local>
uURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
uURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
mURLSearchHooks: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
mURLSearchHooks: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Reader Help bij koppelingen: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
BHO: Windows Live Aanmelden - Help: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: ASUS Security Protect Manager: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\program files\asus security center\asus security protect manager\bin\ItIEAddIn.dll
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll
TB: TorrentMan Toolbar: {7C5C0F58-E061-457D-9033-77307F5ED00C} - c:\program files\torrentman\tbTorr.dll
TB: Softonic English Toolbar: {930F1200-F5F1-4870-BAC6-E233EC8E7023} - c:\program files\softonic_english\tbSoft.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: TorrentMan Toolbar: {7c5c0f58-e061-457d-9033-77307f5ed00c} - c:\program files\torrentman\tbTorr.dll
TB: Softonic English Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - c:\program files\softonic_english\tbSoft.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Akamai NetSession Interface] "c:\users\koen\appdata\local\akamai\netsession_win.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [badoo Desktop] c:\programdata\badoo\badoo desktop\1.6.55.1183\Badoo.Desktop.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [skytel] Skytel.exe
mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [PowerForPhone] "c:\program files\p4p\P4P.exe"
mRun: [ASUS Camera ScreenSaver] c:\windows\ASScrProlog.exe
mRun: [ASUS Screen Saver Protector] c:\windows\ASScrPro.exe
mRun: [CognizanceTS] rundll32.exe c:\progra~1\asusse~1\asusse~1\bin\ASTSVCC.dll,RegisterModule
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/nl/mjss/MJSS.cab109791.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/NL-NL/a-UNO1/GAME_UNO1.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
TCP: NameServer = 213.46.228.196 62.179.104.196
TCP: Interfaces\{F54F85D5-1994-4009-B495-A8277868EBCB} : DHCPNameServer = 213.46.228.196 62.179.104.196
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
AppInit_DLLs= APSHook.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli ASWLNPkg
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\koen\appdata\roaming\mozilla\firefox\profiles\9t0tliyt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109217&tt=3612_6&babsrc=KW_ss&mntrId=226b3e1200000000000000221528e026&q=
FF - component: c:\users\koen\appdata\roaming\mozilla\firefox\profiles\9t0tliyt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\npjpi160_35.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_271.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Babylon: ffxtlbr@babylon.com - %profile%\extensions\ffxtlbr@babylon.com
FF - Ext: Yontoo: plugin@yontoo.com - %profile%\extensions\plugin@yontoo.com
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar.autoRvrt - false
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=226b3e1200000000000000221528e026&q=
FF - user.js: extensions.BabylonToolbar.id - 226b3e1200000000000000221528e026
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15586
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1219:56:24
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109217&tt=3612_6
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extentions.y2layers.installId - 74be9997-943b-4ad6-9fd0-adba258ee303
FF - user.js: extentions.y2layers.defaultEnableAppsList - bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube,YontooNewOffers
.
FF - user.js: extensions.autoDisableScopes - 14
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-30 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-30 29712]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-30 243152]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2008-1-21 21504]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-30 308136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l160x86.sys [2007-10-31 46592]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2012-11-18 16:59:44 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-18 16:58:33 2047488 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-11-22 11:10:26 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-10-09 10:58:13 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 10:58:13 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-08 07:56:24 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-24 13:32:24 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32:20 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27:41 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27:41 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 15:53:29 172544 ----a-w- c:\windows\system32\wintrust.dll
2011-04-08 14:28:29 3050664 ----a-w- c:\program files\ccsetup305.exe
2010-03-25 18:07:14 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
.
============= FINISH: 16:04:13,32 ===============
-
-
I dont think i got the whole croupondropdown. Because he isnt sending me to unwanted sites unless i click the banners... only a bit of spamming and those tags.
Still it is pretty annoying and i would like to have it removed. Dont worry, i wont do any banking/important stuff on this computer just to be sure.
-
Hello,
Thanks for your responce:D I will follow your steps.
This is my latest log file of Malware(it is in dutch, sorry):
------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Databaseversie: 4434
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
15-8-2010 22:53:53
mbam-log-2010-08-15 (22-53-53).txt
Scantype: Snelle scan
Objecten gescand: 136388
Verstreken tijd: 7 minuut/minuten, 8 seconde(n)
Geheugenprocessen geïnfecteerd: 0
Geheugenmodulen geïnfecteerd: 0
Registersleutels geïnfecteerd: 0
Registerwaarden geïnfecteerd: 0
Registerdata geïnfecteerd: 0
Mappen geïnfecteerd: 0
Bestanden geïnfecteerd: 7
Geheugenprocessen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Registerdata geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Mappen geïnfecteerd:
(Geen kwaadaardige objecten gedetecteerd)
Bestanden geïnfecteerd:
C:\Users\Koen\AppData\Local\Temp\C1F6.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Koen\AppData\Local\Temp\7B2C.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\Koen\AppData\Roaming\usernt.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Koen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syscron.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\_ex-68.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Koen\Local Settings\Application Data\Windows Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
------------------------------------------------------------------
after this, i still had problems with Coupondropdown. I have read the following steps. But b4 i download anything i realy want to know what i am downloading xD. I hope you understand=]
-
Hello,
First of all: i have already found a few topics about the Coupodropdown but none actually had the same problem as me.
The problem i have with coupondropdown:
Each time when i am viewing a picture/message on facebook he keeps spamming the line ''Ads by Coupondropdown'' just above the messages. Besides that i think he is also the cause of the none stop refreshing every sec.
Another problem (i think it is the same) he is giving me is randomly change words into tags. When i click them they redirect me to sites that sell stuff ect ect. Besides the clicking part, when i hold my mouse above the tag i get a picture of the site it will bring me to.
I have already done:
-a Malwarebytes and AVG run but he didnt found any,
-removed cookies/downloads with CCleaner,
-checked my program list for unwanted programs for uninstal (suggested on mulitple forums like this),
-Checked Google chrome adds to remove Coupondropdown, it wasnt there (also suggested on multiple forums)
anything else i can do to remove it? I am a bit of a newbie with advance computer tricks. So i havent tried the save mode yet and remove some files, dont want to mess up any;)
Thanks a lot for any usefull answers:D
Greets
Vrighty
Coupondropdown (only fb spam and tags)
in Resolved Malware Removal Logs
Posted
I removed all files. Only Yontoo gave me some trobble. First attempt gave an error and AVG popped up with a message ''Tarma installer'' was being annoying. I removed it manualy and Yontoo got removed (i think).
I couldnt shut down AVG antivir and anispyware... there was just no button on AVG to temp close it-,-.
JUNKWARE:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.4.8 (11.22.2012)
OS: Windows Vista Home Premium x86
Ran by Koen on vr 23-11-2012 at 19:18:07,13
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-3040196533-823620445-3569254780-1000\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\conduit"
Successfully deleted: [Registry Key] "hkey_current_user\software\babylontoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\sweetim"
Successfully deleted: [Registry Key] "hkey_local_machine\software\babylon"
Successfully deleted: [Registry Key] "hkey_local_machine\software\conduit"
Successfully deleted: [Registry Key] "hkey_local_machine\software\iminent"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{fd72061e-9fde-484d-a58a-0bab4151cad8}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fd72061e-9fde-484d-a58a-0bab4151cad8}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\Users\Koen\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Koen\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\yontoo"
~~~ FireFox
Successfully deleted: [File] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\user.js
Successfully deleted: [File] C:\user.js
Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\ffxtlbr@babylon.com
Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\oneclickdownload@oneclickdownload.com
Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\extensions\plugin@yontoo.com
Successfully deleted: [Folder] C:\Users\Koen\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
Successfully deleted: [File] "C:\Program Files\mozilla firefox\searchplugins"\babylon.xml
Successfully deleted the following from "C:\Users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\prefs.js"
user_pref("CT1142338.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT1142338.AllowNonPrivacy", false);
user_pref("CT1142338.CTID", "CT1142338");
user_pref("CT1142338.CTPBaseServerUrl", "http://grouping.services.conduit.com/");
user_pref("CT1142338.CommunityChanged", false);
user_pref("CT1142338.CurrentServerDate", "20-3-2010");
user_pref("CT1142338.DialogsAlignMode", "LTR");
user_pref("CT1142338.EMailNotifierPollDate", "Sat Mar 20 2010 12:24:49 GMT+0100");
user_pref("CT1142338.FeedLastCount128311388426518939", 383);
user_pref("CT1142338.FeedPollDate128400382093694199", "Sat Mar 20 2010 12:24:47 GMT+0100");
user_pref("CT1142338.FeedPollDate128400382093694200", "Sat Mar 20 2010 12:24:47 GMT+0100");
user_pref("CT1142338.FeedPollDate128400382093694201", "Sat Mar 20 2010 12:24:47 GMT+0100");
user_pref("CT1142338.FeedPollDate128400382093694202", "Sat Mar 20 2010 12:24:48 GMT+0100");
user_pref("CT1142338.FeedPollDate128400382093694203", "Sat Mar 20 2010 12:24:48 GMT+0100");
user_pref("CT1142338.FeedPollDate128400382093694204", "Sat Mar 20 2010 12:24:48 GMT+0100");
user_pref("CT1142338.FeedPollDate128795189875412541", "Sat Mar 20 2010 14:24:49 GMT+0100");
user_pref("CT1142338.FeedPollDate128795190048693893", "Sat Mar 20 2010 14:24:49 GMT+0100");
user_pref("CT1142338.FeedPollDate128795190288694224", "Sat Mar 20 2010 12:24:48 GMT+0100");
user_pref("CT1142338.FeedPollDate128795190536975738", "Sat Mar 20 2010 14:24:49 GMT+0100");
user_pref("CT1142338.FeedPollDate128795190743694609", "Sat Mar 20 2010 14:24:49 GMT+0100");
user_pref("CT1142338.FeedPollDate128795190874007232", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795191041350439", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795191313381778", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795191487444304", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795191630569465", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795191790100333", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795191910256261", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795192020569087", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedPollDate128795192359788404", "Sat Mar 20 2010 14:24:50 GMT+0100");
user_pref("CT1142338.FeedTTL128795190288694224", 1440);
user_pref("CT1142338.FeedTTL128795190874007232", 15);
user_pref("CT1142338.FeedTTL128795191313381778", 10);
user_pref("CT1142338.FeedTTL128795192020569087", 5);
user_pref("CT1142338.FirstServerDate", "20-3-2010");
user_pref("CT1142338.FirstTime", true);
user_pref("CT1142338.FirstTimeFF3", true);
user_pref("CT1142338.FixPageNotFoundErrors", true);
user_pref("CT1142338.FixPageNotFoundUrl", "http://SoftonicEnglish.OurToolbar.com/notfound/?actid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID&url=EB_MAIN_FRAME_URL");
user_pref("CT1142338.GroupingServerCheckInterval", 1440);
user_pref("CT1142338.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT1142338.Initialize", true);
user_pref("CT1142338.InitializeCommonPrefs", true);
user_pref("CT1142338.InvalidateCache", false);
user_pref("CT1142338.IsGrouping", false);
user_pref("CT1142338.IsMulticommunity", false);
user_pref("CT1142338.IsOpenThankYouPage", true);
user_pref("CT1142338.IsOpenUninstallPage", true);
user_pref("CT1142338.LanguagePackLastCheckTime", "Sat Mar 20 2010 12:24:48 GMT+0100");
user_pref("CT1142338.LanguagePackReloadInterval", "24");
user_pref("CT1142338.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1142338.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT1142338.LastLogin", "Fri Apr 17 2009 18:38:39 GMT+0200");
user_pref("CT1142338.LastLogin_2.5.6.0", "Sat Mar 20 2010 12:24:47 GMT+0100");
user_pref("CT1142338.LatestVersion", "2.1.0.18");
user_pref("CT1142338.Locale", "en-us");
user_pref("CT1142338.LoginCache", 4);
user_pref("CT1142338.MCDetectTooltipHeight", "83");
user_pref("CT1142338.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1142338.MCDetectTooltipWidth", "295");
user_pref("CT1142338.MyGadgetsServerUrl", "http://services.MyStuff.u-page.com/MyStuffService.asmx/LegacyLogin");
user_pref("CT1142338.MyGadgetsTrustedDomains", "u-page.com");
user_pref("CT1142338.RadioIsPodcast", false);
user_pref("CT1142338.RadioLastCheckTime", "Sat Mar 20 2010 12:24:47 GMT+0100");
user_pref("CT1142338.RadioLastUpdateIPServer", "3");
user_pref("CT1142338.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1142338.RadioMediaID", "6866669");
user_pref("CT1142338.RadioMediaType", "Media Player");
user_pref("CT1142338.RadioMenuSelectedID", "EBRadioMenu_CT11423386866669");
user_pref("CT1142338.RadioStationName", "MTV");
user_pref("CT1142338.RadioStationURL", "http://www.radios.com.br/asx/dmtvgo-br.asx");
user_pref("CT1142338.SHRINK_TOOLBAR", 1);
user_pref("CT1142338.SearchEngine", "Search||http://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT1142338&octid=EB_ORIGINAL_CTID");
user_pref("CT1142338.SearchFromAddressBarIsInit", true);
user_pref("CT1142338.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=2&q=");
user_pref("CT1142338.SearchInNewTabEnabled", true);
user_pref("CT1142338.SearchInNewTabIntervalMM", 1440);
user_pref("CT1142338.SearchInNewTabLastCheckTime", "Sat Mar 20 2010 12:24:49 GMT+0100");
user_pref("CT1142338.SearchInNewTabServiceUrl", "http://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT1142338.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT1142338.Server", "http://users.conduit.com");
user_pref("CT1142338.SettingsCheckIntervalMin", 120);
user_pref("CT1142338.SettingsInvalidateCache", false);
user_pref("CT1142338.SettingsLastCheckTime", "Sat Mar 20 2010 12:24:46 GMT+0100");
user_pref("CT1142338.SettingsLastUpdate", "1268899490");
user_pref("CT1142338.ThirdPartyComponentsInterval", 504);
user_pref("CT1142338.ThirdPartyComponentsLastCheck", "Sat Mar 20 2010 12:24:46 GMT+0100");
user_pref("CT1142338.ThirdPartyComponentsLastUpdate", "1268899490");
user_pref("CT1142338.ToolbarAlignMode", "SYSTEM");
user_pref("CT1142338.ToolbarName", "Softonic English");
user_pref("CT1142338.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT1142338.UserID", "UN20090417183838862");
user_pref("CT1142338.VusualLastUpdateTime", "1236942811");
user_pref("CT1142338.WeatherNetwork", "");
user_pref("CT1142338.WeatherPollDate", "Sat Mar 20 2010 12:24:48 GMT+0100");
user_pref("CT1142338.WeatherUnit", "C");
user_pref("CT1142338.alertChannelId", "634");
user_pref("CT1142338.clientLogIsEnabled", true);
user_pref("CT1142338.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1142338.myStuffEnabled", true);
user_pref("CT1142338.myStuffPublihserMinWidth", 400);
user_pref("CT1142338.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1142338.myStuffServiceIntervalMM", 1440);
user_pref("CT1142338.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1142338.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT1640187.AboutPrivacyUrl", "http://www.conduit.com/privacy/Default.aspx");
user_pref("CT1640187.AllowNonPrivacy", false);
user_pref("CT1640187.CTID", "CT1640187");
user_pref("CT1640187.CTPBaseServerUrl", "http://grouping.services.conduit.com/");
user_pref("CT1640187.CommunityChanged", false);
user_pref("CT1640187.CurrentServerDate", "20-3-2010");
user_pref("CT1640187.DialogsAlignMode", "LTR");
user_pref("CT1640187.EMailNotifierPollDate", "Sat Mar 20 2010 12:24:53 GMT+0100");
user_pref("CT1640187.EnableUsage", true);
user_pref("CT1640187.FeedLastCount128540215162575518", 200);
user_pref("CT1640187.FeedPollDate128779600725843963", "Sat Mar 20 2010 14:24:51 GMT+0100");
user_pref("CT1640187.FeedPollDate128779601561937848", "Sat Mar 20 2010 14:24:51 GMT+0100");
user_pref("CT1640187.FeedPollDate128779602135218837", "Sat Mar 20 2010 14:24:51 GMT+0100");
user_pref("CT1640187.FeedPollDate128779602603813070", "Sat Mar 20 2010 12:24:52 GMT+0100");
user_pref("CT1640187.FeedPollDate128779602899750840", "Sat Mar 20 2010 12:24:52 GMT+0100");
user_pref("CT1640187.FeedPollDate128779603139437656", "Sat Mar 20 2010 12:24:52 GMT+0100");
user_pref("CT1640187.FirstServerDate", "20-3-2010");
user_pref("CT1640187.FirstTime", true);
user_pref("CT1640187.FirstTimeFF3", true);
user_pref("CT1640187.FixPageNotFoundErrors", false);
user_pref("CT1640187.GroupingServerCheckInterval", 1440);
user_pref("CT1640187.GroupingServiceUrl", "http://grouping.services.conduit.com/");
user_pref("CT1640187.Initialize", true);
user_pref("CT1640187.InitializeCommonPrefs", true);
user_pref("CT1640187.InstalledDate", "Sat Mar 20 2010 12:24:52 GMT+0100");
user_pref("CT1640187.InvalidateCache", false);
user_pref("CT1640187.IsGrouping", false);
user_pref("CT1640187.IsMulticommunity", false);
user_pref("CT1640187.LanguagePackLastCheckTime", "Sat Mar 20 2010 12:24:52 GMT+0100");
user_pref("CT1640187.LanguagePackReloadInterval", "24");
user_pref("CT1640187.LanguagePackReloadIntervalMM", 1440);
user_pref("CT1640187.LanguagePackServiceUrl", "http://translation.users.conduit.com/Translation.ashx");
user_pref("CT1640187.LastLogin", "Fri Apr 17 2009 17:42:57 GMT+0200");
user_pref("CT1640187.LastLogin_2.5.6.0", "Sat Mar 20 2010 12:24:51 GMT+0100");
user_pref("CT1640187.LatestVersion", "2.1.0.18");
user_pref("CT1640187.Locale", "en-us");
user_pref("CT1640187.LoginCache", 4);
user_pref("CT1640187.MCDetectTooltipHeight", "83");
user_pref("CT1640187.MCDetectTooltipUrl", "http://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT1640187.MCDetectTooltipWidth", "295");
user_pref("CT1640187.RadioIsPodcast", false);
user_pref("CT1640187.RadioLastCheckTime", "Sat Mar 20 2010 12:24:51 GMT+0100");
user_pref("CT1640187.RadioLastUpdateIPServer", "3");
user_pref("CT1640187.RadioLastUpdateServer", "128929877726170000");
user_pref("CT1640187.RadioMediaType", "Media Player");
user_pref("CT1640187.RadioMenuSelectedID", "EBRadioMenu_CT164018710984132");
user_pref("CT1640187.RadioStationName", "181%20Rock%20on%20181.FM");
user_pref("CT1640187.RadioStationURL", "http://www.181.fm/stream/asx/181-rock");
user_pref("CT1640187.SHRINK_TOOLBAR", 1);
user_pref("CT1640187.SearchFromAddressBarIsInit", true);
user_pref("CT1640187.SearchFromAddressBarUrl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=2&q=");
user_pref("CT1640187.SearchInNewTabEnabled", true);
user_pref("CT1640187.SearchInNewTabIntervalMM", 1440);
user_pref("CT1640187.SearchInNewTabServiceUrl", "http://hosting.conduit-services.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT1640187.SearchInNewTabUsageUrl", "http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
user_pref("CT1640187.Server", "http://users.conduit.com");
user_pref("CT1640187.SettingsCheckIntervalMin", 120);
user_pref("CT1640187.SettingsLastCheckTime", "Sat Mar 20 2010 12:24:50 GMT+0100");
user_pref("CT1640187.SettingsLastUpdate", "1239882342");
user_pref("CT1640187.ThirdPartyComponentsInterval", 504);
user_pref("CT1640187.ThirdPartyComponentsLastCheck", "Sat Mar 20 2010 12:24:50 GMT+0100");
user_pref("CT1640187.ThirdPartyComponentsLastUpdate", "1267806643");
user_pref("CT1640187.ToolbarAlignMode", "SYSTEM");
user_pref("CT1640187.ToolbarName", "TorrentMan");
user_pref("CT1640187.TrusteLinkUrl", "http://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
user_pref("CT1640187.UserID", "UN20090417174257058");
user_pref("CT1640187.VusualLastUpdateTime", "1239882342");
user_pref("CT1640187.WeatherNetwork", "");
user_pref("CT1640187.WeatherPollDate", "Sat Mar 20 2010 12:24:52 GMT+0100");
user_pref("CT1640187.WeatherUnit", "C");
user_pref("CT1640187.alertChannelId", "45107");
user_pref("CT1640187.clientLogIsEnabled", false);
user_pref("CT1640187.clientLogServiceUrl", "http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT1640187.myStuffEnabled", true);
user_pref("CT1640187.myStuffPublihserMinWidth", 400);
user_pref("CT1640187.myStuffSearchUrl", "http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=2&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT1640187.myStuffServiceIntervalMM", 1440);
user_pref("CT1640187.myStuffServiceUrl", "http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT1640187.uninstallLogServiceUrl", "http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CommunityToolbar.MyGadgetsIntervalMM", 1440);
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
user_pref("CommunityToolbar.ToolbarsList", "CT1142338,CT1640187");
user_pref("CommunityToolbar.ToolbarsList2", "CT1142338");
user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Mar 20 2010 14:24:51 GMT+0100");
user_pref("CommunityToolbar.alert.clientsServerUrl", "http://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Mar 20 2010 12:24:46 GMT+0100");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1234796400");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "http://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "{1818bed1-b1ba-4db3-99ca-54a258a260f2}");
user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Mar 20 2010 12:24:50 GMT+0100");
user_pref("browser.newtab.url", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=NT_ss&mntrId=226b3e1200000000000000221528e026");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.defaulturl", "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
user_pref("browser.startup.homepage", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=HP_ss&mntrId=226b3e1200000000000000221528e026");
user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
user_pref("extensions.BabylonToolbar.autoRvrt", "false");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=109217&tt=3612_6");
user_pref("extensions.BabylonToolbar.bbDpng", "7");
user_pref("extensions.BabylonToolbar.cntry", "NL");
user_pref("extensions.BabylonToolbar.dfltLng", "en");
user_pref("extensions.BabylonToolbar.envrmnt", "production");
user_pref("extensions.BabylonToolbar.excTlbr", false);
user_pref("extensions.BabylonToolbar.hdrMd5", "D297B6E1EA8223314E1A39CDD2818B43");
user_pref("extensions.BabylonToolbar.hmpg", true);
user_pref("extensions.BabylonToolbar.id", "226b3e1200000000000000221528e026");
user_pref("extensions.BabylonToolbar.instlDay", "15586");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1219:56:24");
user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
user_pref("extensions.BabylonToolbar.newTab", false);
user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"26\",\"lastVrsn\":\"26\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0}");
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.sg", "none");
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "base");
user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "http://search.babylon.com/?babsrc=TB_def&mntrId=226b3e1200000000000000221528e026&q=");
user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1219:56:24");
user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109217&tt=3612_6");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1219:56:24");
user_pref("extentions.y2layers.defaultEnableAppsList", "bestvideodownloader,ezLooker,pagerage,buzzdock,dropdowndeals,twittube,YontooNewOffers");
user_pref("extentions.y2layers.installId", "74be9997-943b-4ad6-9fd0-adba258ee303");
user_pref("keyword.URL", "http://search.babylon.com/?affID=109217&tt=3612_6&babsrc=KW_ss&mntrId=226b3e1200000000000000221528e026&q=");
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Koen\appdata\local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Folder] C:\Users\Koen\appdata\local\Google\Chrome\User Data\Default\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on vr 23-11-2012 at 19:25:33,49
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
RKILL:
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/23/2012 07:30:30 PM in x86 mode.
Windows Version: Windows Vista Home Premium Service Pack 2
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\System32\ACEngSvr.exe (PID: 2928) [WD-HEUR]
* C:\Windows\ASScrPro.exe (PID: 4344) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Automatic
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
Program finished at: 11/23/2012 07:30:55 PM
Execution time: 0 hours(s), 0 minute(s), and 24 seconds(s)
COMBOFIX
ComboFix 12-11-23.02 - Koen 23-11-2012 19:48:55.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.3070.1603 [GMT 1:00]
Gestart vanuit: c:\users\Koen\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\SecureW2
c:\program files\SecureW2\Uninstall.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\TTLS Manager.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\SecureW2\Uninstall.lnk
c:\users\Koen\AppData\Local\TempDIR
c:\users\Koen\AppData\Local\Windows Server
c:\users\Koen\AppData\Local\Windows Server\flags.ini
c:\users\Koen\AppData\Local\Windows Server\server.dat
c:\users\Koen\AppData\Local\Windows Server\uses32.dat
D:\install.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-10-23 to 2012-11-23 ))))))))))))))))))))))))))))))
.
.
2012-11-23 19:14 . 2012-11-23 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 18:17 . 2012-11-23 18:17 -------- d-----w- c:\windows\ERUNT
2012-11-23 18:17 . 2012-11-23 18:17 -------- d-----w- C:\JRT
2012-11-18 16:59 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-18 16:58 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-23 19:38 . 2008-07-03 00:20 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-10-09 10:58 . 2012-04-09 08:36 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 10:58 . 2011-05-27 07:10 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-24 13:32 . 2012-06-21 09:39 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-24 13:32 . 2010-04-18 15:08 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-13 13:28 . 2012-10-10 10:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 10:28 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 10:28 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-04-08 14:28 . 2011-04-08 14:28 3050664 ----a-w- c:\program files\ccsetup305.exe
2010-03-25 18:07 . 2010-03-25 18:06 42281152 ----a-w- c:\program files\avira_antivir_personal_en.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-18 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Akamai NetSession Interface"="c:\users\Koen\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-08-27 4702208]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"PowerForPhone"="c:\program files\P4P\P4P.exe" [2007-08-03 778240]
"ASUS Camera ScreenSaver"="c:\windows\ASScrProlog.exe" [2008-07-03 37232]
"ASUS Screen Saver Protector"="c:\windows\ASScrPro.exe" [2008-07-03 33136]
"CognizanceTS"="c:\progra~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-21 17920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
Akamai REG_MULTI_SZ Akamai
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-18 00:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 10:58]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 14:28]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-08 14:28]
.
2012-11-23 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]
.
2012-10-31 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.46.228.196 62.179.104.196
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxp://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\users\Koen\AppData\Roaming\Mozilla\Firefox\Profiles\9t0tliyt.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-Badoo Desktop - c:\programdata\Badoo\Badoo Desktop\1.6.55.1183\Badoo.Desktop.exe
AddRemove-SecureW2 EAP Suite - c:\program files\SecureW2\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-23 20:39
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'Explorer.exe'(2540)
c:\windows\system32\APSHook.dll
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItClient.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\AVG\AVG9\avgwdsvc.exe
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\ASUS\NB Probe\SPM\spmgr.exe
c:\program files\TeamViewer\Version4\TeamViewer_Service.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\ATK Hotkey\Hcontrol.exe
c:\program files\ATKOSD2\ATKOSD2.exe
c:\program files\Wireless Console 2\wcourier.exe
c:\program files\ASUS\ASUS CopyProtect\aspg.exe
c:\program files\P4G\BatteryLife.exe
c:\program files\ASUS\Splendid\ACMON.exe
c:\windows\System32\ACEngSvr.exe
c:\windows\system32\conime.exe
c:\program files\ATK Hotkey\ATKOSD.exe
c:\program files\ATK Hotkey\KBFiltr.exe
c:\program files\ATK Hotkey\WDC.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Voltooingstijd: 2012-11-23 20:42:46 - machine werd herstart
ComboFix-quarantined-files.txt 2012-11-23 19:42
.
Pre-Run: 28.189.061.120 bytes beschikbaar
Post-Run: 27.987.021.824 bytes beschikbaar
.
- - End Of File - - A1A77A456CF97A2A70C8A2C5D03F65A1