Spring naar inhoud

Guest's Foto
Welkom,
Guest
Wenst u zich te registreren?


Foto
- - - - -

babylon zoekmachine


  • Dit onderwerp is gesloten Dit onderwerp is gesloten
29 reacties op dit onderwerp

#1 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 18 februari 2012 - 10:36


Wanneer ik in Google een zoekterm ingeef worden de resultaten onder volgende URl weergegeven: Babylon Search

Hjt log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:29:41, on 18/02/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BrytonBridge\BrytonDetector.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\BrytonBridge\BBDaemon.exe
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Wim\Mijn documenten\Downloads\HijackThis(1).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Smart Suggestor - {DB536AF2-E422-402d-B7FD-887297F1A198} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: brytondetector.lnk = C:\Program Files\BrytonBridge\BrytonDetector.exe
O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Smart Suggestor - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O9 - Extra 'Tools' menuitem: Smart Suggestor options - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9190 bytes


Wat mag ik verwijderen om dit te verhelpen?

#2 Asus

Asus

    Super Moderator

  • Super Moderator
  • 17575 berichten

Geplaatst 18 februari 2012 - 22:15



De malware-experts worden verwittigd...zodra ze online zijn analyseren ze je logje en begeleiden ze je verder...:top:
Theory is when you know something, but it doesn't work ... practice is when something works, but you don't know why ...

#3 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 19 februari 2012 - 02:10

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll
O2 - BHO: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\Program Files\Funmoods\funmoods\1.5.11.16\bh\funmoods.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Smart Suggestor - {DB536AF2-E422-402d-B7FD-887297F1A198} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O3 - Toolbar: Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\Program Files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll
O4 - Global Startup: brytondetector.lnk = C:\Program Files\BrytonBridge\BrytonDetector.exe
O9 - Extra button: Smart Suggestor - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll
O9 - Extra 'Tools' menuitem: Smart Suggestor options - {520BD054-EEEE-487c-84E8-D5B2DFFE5C18} - C:\Program Files\Smart Suggestor\SmartSuggestor.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".
Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.
Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.
Het scannen kan een tijdje duren, dus wees geduldig.
Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.
Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.
Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.
MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.


Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#4 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 19 februari 2012 - 09:43

hier de logjes. Je vraagt echter om dit [o4 - global startup: Brytondetector.lnk = c:\program files\brytonbridge\brytondetector.exe] te verwijderen. Dit is echter van mijn fietsgps.


Mbam

malwarebytes anti-malware 1.60.1.1000
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

databaseversie: V2012.02.19.01

windows xp service pack 3 x86 ntfs
internet explorer 8.0.6001.18702
wim :: Wim [administrator]

19/02/2012 9:23:35
mbam-log-2012-02-19 (09-23-35).txt

scantype: Snelle scan
ingeschakelde scanopties: Geheugen | opstartitems | register | bestanden en mappen | heuristiek/extra | heuristiek/shuriken | pup | pum
uitgeschakelde scanopties: P2p
objecten gescand: 169887
verstreken tijd: 10 minuut/minuten, 27 seconde(n)

geheugenprocessen gedetecteerd: 0
(geen kwaadaardige objecten gedetecteerd)

geheugenmodulen gedetecteerd: 0
(geen kwaadaardige objecten gedetecteerd)

registersleutels gedetecteerd: 0
(geen kwaadaardige objecten gedetecteerd)

registerwaarden gedetecteerd: 0
(geen kwaadaardige objecten gedetecteerd)

registerdata gedetecteerd: 0
(geen kwaadaardige objecten gedetecteerd)

mappen gedetecteerd: 0
(geen kwaadaardige objecten gedetecteerd)

bestanden gedetecteerd: 2
c:\documents and settings\wim \mijn documenten\downloads\videoconvertersetup.exe (adware.agent) -> succesvol in quarantaine geplaatst en verwijderd.
C:\documents and settings\wim \local settings\temporary internet files\content.ie5\km1bx9f4\testbundle23w_1254[1].exe (pup.adware.agent) -> succesvol in quarantaine geplaatst en verwijderd.

(einde)



hjt

logfile of trend micro hijackthis v2.0.4
scan saved at 9:37:51, on 19/02/2012
platform: Windows xp sp3 (winnt 5.01.2600)
msie: Internet explorer v8.00 (8.00.6001.18702)
boot mode: Normal

running processes:
C:\windows\system32\smss.exe
c:\windows\system32\winlogon.exe
c:\windows\system32\services.exe
c:\windows\system32\lsass.exe
c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe
c:\windows\system32\spoolsv.exe
c:\windows\explorer.exe
c:\program files\panda security\panda cloud antivirus\psunmain.exe
c:\program files\itunes\ituneshelper.exe
c:\program files\belgium identity card\beid35gui.exe
c:\program files\common files\java\java update\jusched.exe
c:\windows\system32\ctfmon.exe
c:\program files\innovative solutions\drivermax\devices.exe
c:\program files\microsoft activesync\wcescomm.exe
c:\program files\messenger\msmsgs.exe
c:\program files\brytonbridge\brytondetector.exe
c:\program files\rainmeter\rainmeter.exe
c:\program files\techsmith\snagit 7\snagit32.exe
c:\program files\openoffice.org 3\program\soffice.exe
c:\program files\openoffice.org 3\program\soffice.bin
c:\progra~1\micros~2\rapimgr.exe
c:\program files\brytonbridge\bbdaemon.exe
c:\program files\techsmith\snagit 7\tschelp.exe
c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
c:\program files\bonjour\mdnsresponder.exe
c:\program files\java\jre6\bin\jqs.exe
c:\program files\panda security\panda cloud antivirus\psanhost.exe
c:\windows\system32\svchost.exe
c:\program files\mozilla firefox\firefox.exe
c:\program files\ipod\bin\ipodservice.exe
c:\program files\mozilla firefox\plugin-container.exe
c:\documents and settings\wim\bureaublad\hijackthis.exe
c:\windows\notepad.exe
c:\windows\notepad.exe
c:\program files\malwarebytes' anti-malware\mbam.exe
c:\windows\system32\notepad.exe

r1 - hklm\software\microsoft\internet explorer\main,default_page_url = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
r1 - hklm\software\microsoft\internet explorer\main,default_search_url = Bing
r1 - hklm\software\microsoft\internet explorer\main,search page = Bing
r0 - hklm\software\microsoft\internet explorer\main,start page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl
r1 - hkcu\software\microsoft\windows\currentversion\internet settings,proxyoverride = *.local
r0 - hkcu\software\microsoft\internet explorer\toolbar,linksfoldername = koppelingen
o2 - bho: Helperobject class - {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 7\snagitbho.dll
o2 - bho: Acroiehelperstub - {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
o2 - bho: Java™ plug-in ssv helper - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
o2 - bho: Java™ plug-in 2 ssv helper - {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
o2 - bho: Jqsiestartdetectorimpl - {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
o3 - toolbar: Snagit - {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 7\snagitieaddin.dll
o3 - toolbar: &save flash - {4064ea35-578d-4073-a834-c96d82cbcf40} - c:\program files\save flash\saveflash.dll
o4 - hklm\..\run: [psunmain] "c:\program files\panda security\panda cloud antivirus\psunmain.exe" /traybar
o4 - hklm\..\run: [adobeaamupdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
o4 - hklm\..\run: [switchboard] c:\program files\common files\adobe\switchboard\switchboard.exe
o4 - hklm\..\run: [adobecs5servicemanager] "c:\program files\common files\adobe\cs5servicemanager\cs5servicemanager.exe" -launchedbylogin
o4 - hklm\..\run: [quicktime task] "c:\program files\quicktime\qttask.exe" -atboottime
o4 - hklm\..\run: [ituneshelper] "c:\program files\itunes\ituneshelper.exe"
o4 - hklm\..\run: [beid] "c:\program files\belgium identity card\beid35gui.exe" /startup
o4 - hklm\..\run: [sunjavaupdatesched] "c:\program files\common files\java\java update\jusched.exe"
o4 - hklm\..\run: [adobe reader speed launcher] "c:\program files\adobe\reader 9.0\reader\reader_sl.exe"
o4 - hklm\..\run: [adobe arm] "c:\program files\common files\adobe\arm\1.0\adobearm.exe"
o4 - hklm\..\runonce: [malwarebytes anti-malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
o4 - hkcu\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe
o4 - hkcu\..\run: [drivermax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
o4 - hkcu\..\run: [drivermax_restart] "c:\program files\innovative solutions\drivermax\devices.exe" -restart
o4 - hkcu\..\run: [registrybooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
o4 - hkcu\..\run: [h/pc connection agent] "c:\program files\microsoft activesync\wcescomm.exe"
o4 - hkcu\..\run: [msmsgs] "c:\program files\messenger\msmsgs.exe" /background
o4 - hkus\s-1-5-19\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'lokale service')
o4 - hkus\s-1-5-20\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'netwerkservice')
o4 - hkus\s-1-5-18\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'system')
o4 - hkus\.default\..\run: [ctfmon.exe] c:\windows\system32\ctfmon.exe (user 'default user')
o4 - startup: Openoffice.org 3.2 .lnk = c:\program files\openoffice.org 3\program\quickstart.exe
o4 - global startup: Brytondetector.lnk = c:\program files\brytonbridge\brytondetector.exe
o4 - global startup: Rainmeter.lnk = c:\program files\rainmeter\rainmeter.exe
o4 - global startup: Snagit 7.lnk = c:\program files\techsmith\snagit 7\snagit32.exe
o9 - extra button: Create mobile favorite - {2eaf5bb1-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\micros~2\inetrepl.dll
o9 - extra button: (no name) - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\micros~2\inetrepl.dll
o9 - extra 'tools' menuitem: Mobiele favorieten maken... - {2eaf5bb2-070f-11d3-9307-00c04fae2d4f} - c:\progra~1\micros~2\inetrepl.dll
o9 - extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra 'tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - c:\windows\network diagnostic\xpnetdiag.exe
o9 - extra button: Messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o9 - extra 'tools' menuitem: Windows messenger - {fb5f1910-f110-11d2-bb9e-00c04f795683} - c:\program files\messenger\msmsgs.exe
o22 - sharedtaskscheduler: Preloader van browseui - {438755c2-a8ba-11d1-b96b-00a0c90312e1} - c:\windows\system32\browseui.dll
o22 - sharedtaskscheduler: Cache-daemon voor onderdeelcategorieën - {8c7461ef-2b13-11d2-be35-3078302c2030} - c:\windows\system32\browseui.dll
o23 - service: Mobiel apple apparaat (apple mobile device) - apple inc. - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
o23 - service: Bonjour-service (bonjour service) - apple inc. - c:\program files\bonjour\mdnsresponder.exe
o23 - service: Google updateservice (gupdate) (gupdate) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Google update-service (gupdatem) (gupdatem) - google inc. - c:\program files\google\update\googleupdate.exe
o23 - service: Ipod-service (ipod service) - apple inc. - c:\program files\ipod\bin\ipodservice.exe
o23 - service: Java quick starter (javaquickstarterservice) - sun microsystems, inc. - c:\program files\java\jre6\bin\jqs.exe
o23 - service: Panda cloud antivirus service (nanoservicemain) - panda security, s.l. - c:\program files\panda security\panda cloud antivirus\psanhost.exe
o23 - service: Remote packet capture protocol v.0 (experimental) (rpcapd) - cace technologies, inc. - c:\program files\winpcap\rpcapd.exe
o23 - service: Switchboard - adobe systems incorporated - c:\program files\common files\adobe\switchboard\switchboard.exe

--
end of file - 8138 bytes



#5 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 19 februari 2012 - 15:43

Het was een onbekend bestand, maar als het van je GPS-systeem is, mag je het uiteraard laten staan. Verder ziet alles er goed uit ... heb je nog last van Babylon ?

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#6 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 19 februari 2012 - 18:27

ik dacht dat 't opgelost was. Typ ik echter een zoekterm in de startpagina van Firefox (in adresbalk staat 'about:home' ) dan worden de resultaten nog altijd via Babylon Search... weergegeven.

#7 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 19 februari 2012 - 21:30

Heb je in Firefox rechts naast het URL-vak ook een zoekvak waar de zoekmachine is ingesteld ? Klik daar op het pijltje en dan worden al je zichtbare zoekmachines getoond. Daar moet normaal die Babylon Search inzetten ... en dan kan je die daar ook verwijderen via "Zoekmachines Beheren".

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#8 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 20 februari 2012 - 06:31

Een zoekopdracht in het vakje naast het URL-vak geeft de resultaten wel via Google
pcforum.jpg

geef ik in het bovenstaande vak (zie screenshot) iets in dan worden de resultaten via Babylon Search weergegeven

Bewerkt door tessloo, 20 februari 2012 - 06:41.


#9 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 20 februari 2012 - 10:28

En als je in dat vakje naast het logo op het pijltje klikt, komen er dan geen andere zoekmachines zichtbaar (w.o. die Babylon) ?

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#10 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 20 februari 2012 - 15:17

Babylon staat er niet meer tussen. Maar zoekresultaten nog steeds via Babylon Search :hmmmm:

scrsht.jpg

een zoekopdracht in volgend schermscrsht0.jpg


geeft volgend resultaat

scrnsht1.jpg

Bewerkt door tessloo, 20 februari 2012 - 16:15.


#11 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 20 februari 2012 - 18:51

Haal Ask.com, Freecorder, Search & Search Results daar eens weg ... zijn niet echt koosjer. En dan maar weer kijken wat er gebeurt ?

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#12 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 21 februari 2012 - 14:21

Alles behalve Google weggehaald, helaas zonder resultaat :hmmmm:

#13 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 21 februari 2012 - 15:07

Download ComboFix van één van deze locaties:

Link 1
Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:
Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Geplaatste Afbeelding

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:
[FONT="]
Geplaatste Afbeelding

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[/FONT]

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#14 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 21 februari 2012 - 17:20

logje

ComboFix 12-02-21.02 - Wim 21/02/2012 16:49:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.488 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Wim\Bureaublad\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-21 to 2012-02-21 ))))))))))))))))))))))))))))))
.
.
2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto
2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto
2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro
2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache
2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll
2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter
2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx
2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-02-14 17:43 . 2012-02-14 17:43 -------- d-----w- c:\program files\Funmoods
2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake
2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim \Application Data\SoMud
2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor
2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor
2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak
2012-02-14 16:35 . 2012-01-20 13:14 17280 ----a-w- c:\windows\system32\roboot.exe
2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput
2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax
2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash
2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-13 16:01 . 2012-02-13 17:10 -------- d-----w- c:\program files\Ask.com
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime
2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player
2012-02-13 15:40 . 2012-02-13 17:10 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim\Local Settings\Application Data\FLVService
2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim \Application Data\Xilisoft
2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft
2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView
2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim\Local Settings\Application Data\TechSmith
2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith
2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF
2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc
2012-02-04 14:04 . 2012-02-20 14:22 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend
2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner
2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor
2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179
2012-01-26 11:23 . 2012-01-26 17:14 -------- d-----w- c:\program files\Cain
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 172032 ----a-w- c:\windows\system32\muzapp.exe
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll
2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Documents and Settings\\Wim \Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/04/2011 12:58 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-21 17:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3384)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\BrytonBridge\BBDaemon.exe
c:\program files\TechSmith\SnagIt 7\TSCHelp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2012-02-21 17:10:55 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-21 16:10
.
Pre-Run: 37.833.269.248 bytes beschikbaar
Post-Run: 39.080.947.712 bytes beschikbaar
.
- - End Of File - - 34E32C4E028DEEAD1485136334CF502A




#15 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 21 februari 2012 - 19:08

[FONT=&]Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.[/FONT]

Folder::
c:\program files\Funmoods
c:\program files\Ask.com
c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar
c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}

Firefox::
FF - ProfilePath - c:\documents and settings\Wim Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage –

FF - prefs.js: keyword.URL -
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp – none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.i
nstlRef – sst

[FONT=&]Sla dit bestand op je bureaublad op als CFScript.[/FONT]

[FONT=&]Sleep CFScript.txt in ComboFix.exe[/FONT]
[FONT=&]Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
[/FONT]
[FONT=&]Post na herstart de inhoud van de Combofix.txt in je volgende bericht[/FONT].

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#16 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 22 februari 2012 - 14:26

hopla

ComboFix 12-02-21.02 - Wim 22/02/2012 13:44:56.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.578 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Wim \Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Wim \Bureaublad\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}\mia.lib
c:\documents and settings\Wim \Mijn documenten\Downloads\PowerPointViewer.exe
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\Updater\config.xml
c:\program files\Funmoods
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
c:\program files\Funmoods\funmoods\1.5.11.16\uninstall.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-22 to 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto
2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto
2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro
2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache
2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll
2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter
2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx
2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake
2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim\Application Data\SoMud
2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor
2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor
2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak
2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput
2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax
2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash
2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime
2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player
2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\FLVService
2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim\Application Data\Xilisoft
2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft
2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView
2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\TechSmith
2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith
2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF
2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc
2012-02-04 14:04 . 2012-02-22 12:42 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend
2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner
2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor
2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179
2012-01-26 11:23 . 2012-02-21 16:21 -------- d-----w- c:\program files\Cain
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll
2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wim \\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]
S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]
.
Inhoud van de 'Gedeelde Taken' map
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim .job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim \Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-funmoods - c:\program files\Funmoods\funmoods\1.5.11.16\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-22 13:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-02-22 13:54:19
ComboFix-quarantined-files.txt 2012-02-22 12:54
ComboFix2.txt 2012-02-21 16:10
.
Pre-Run: 38.931.501.056 bytes beschikbaar
Post-Run: 38.922.973.184 bytes beschikbaar
.
- - End Of File - - 3BCC564BB0505E73DFB79E7757B222ED



#17 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 22 februari 2012 - 14:55

Dit is slechts gedeeltelijk gelukt, even een deel opnieuw doen :

[FONT=&]Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.[/FONT]

Firefox::
FF - ProfilePath - c:\documents and settings\Wim Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL -
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp – none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.i
nstlRef – sst

[FONT=&]Sla dit bestand op je bureaublad op als CFScript.[/FONT]

[FONT=&]Sleep CFScript.txt in ComboFix.exe[/FONT]
[FONT=&]Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.
[/FONT]
[FONT=&]Post na herstart de inhoud van de Combofix.txt in je volgende bericht[/FONT].

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​


#18 Guest_DDAVID_*

Guest_DDAVID_*
  • Gasten

Geplaatst 22 februari 2012 - 14:59

Heb je all eens geprobeerd van je browser te verwijderen en opnieuw te installeren?

#19 tessloo

tessloo

    Lid

  • Lid
  • PipPipPip
  • 44 berichten

Geplaatst 22 februari 2012 - 18:36

nog eens

ComboFix 12-02-21.02 - Wim 22/02/2012 18:20:08.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.497 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Wim \Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Wim \Bureaublad\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-22 to 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto
2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto
2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro
2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache
2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll
2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter
2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx
2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake
2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim \Application Data\SoMud
2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor
2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor
2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak
2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput
2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax
2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash
2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime
2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player
2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\FLVService
2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim \Application Data\Xilisoft
2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft
2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView
2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\TechSmith
2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith
2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF
2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc
2012-02-04 14:04 . 2012-02-22 17:18 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend
2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner
2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor
2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179
2012-01-26 11:23 . 2012-02-21 16:21 -------- d-----w- c:\program files\Cain
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll
2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wim \\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/04/2011 12:58 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim .job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim\Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-22 18:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1132)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-02-22 18:27:04
ComboFix-quarantined-files.txt 2012-02-22 17:27
ComboFix2.txt 2012-02-22 15:03
ComboFix3.txt 2012-02-22 12:54
ComboFix4.txt 2012-02-21 16:10
.
Pre-Run: 39.039.377.408 bytes beschikbaar
Post-Run: 39.032.627.200 bytes beschikbaar
.
- - End Of File - - D21BEBA652DDFB299D6EE74720C9D434



#20 kape

kape

    Website Beheerder

  • Website Beheerder
  • 40884 berichten

Geplaatst 23 februari 2012 - 08:20

Dit is heel vreemd ... blijkbaar luistert je PC én Combofix niet naar deze correcte opdracht. Wil je dit nog eens uitvoeren, maar doe het nu in "veilige modus". Benieuwd of dit enig verschil maakt en het broodnodige resultaat oplevert ?

Hebben we je goed geholpen? Overweeg eens een donatie aan PC Helpforum.​





0 gebruiker(s) lezen dit onderwerp

0 leden, 0 gasten, 0 anonieme gebruikers

Over ons

PC Helpforum helpt GRATIS computergebruikers sinds juli 2006. Ons team geeft via het forum professioneel antwoord op uw vragen en probeert uw pc problemen zo snel mogelijk op te lossen. Word lid vandaag, plaats je vraag online en het PC Helpforum-team helpt u graag verder!