tessloo
-
Items
43 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door tessloo
-
-
combofix
ComboFix 13-07-27.01 - Wim 30/07/2013 18:28:21.9.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.545 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Wim x\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Wim x\Bureaublad\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
FILE ::
"c:\windows\Tasks\Lyrics-Pal Update.job"
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-30 ))))))))))))))))))))))))))))))
.
.
2013-07-28 12:33 . 2013-04-29 07:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 12:12 . 2012-04-10 07:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:12 . 2011-11-05 09:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 01:23 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:53 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:53 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-07 18:27 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-05 09:08 . 2004-08-04 12:00 1876864 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22 . 2004-08-04 12:00 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-29 15:16 . 2013-05-29 15:16 128104 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2013-05-29 03:55 . 2013-05-29 03:55 93928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2013-05-29 03:55 . 2013-05-29 03:55 230376 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2013-05-29 03:55 . 2013-05-29 03:55 108904 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2013-05-29 03:55 . 2013-05-29 03:55 287336 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2013-05-29 03:55 . 2013-05-29 03:55 161384 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2013-05-29 03:55 . 2013-05-29 03:55 106344 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2013-05-29 03:55 . 2013-05-29 03:55 95464 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2013-05-29 03:55 . 2013-05-29 03:55 52328 ----a-w- c:\windows\system32\drivers\NNSpihs.sys
2013-05-29 03:55 . 2013-05-29 03:55 124648 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2013-05-29 03:55 . 2013-05-29 03:55 84200 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2013-05-29 03:55 . 2013-05-29 03:55 126184 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2013-05-29 03:55 . 2013-05-29 03:55 107752 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
2013-05-28 09:41 . 2013-05-28 09:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-28 09:41 . 2012-10-23 14:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-28 09:41 . 2012-10-23 14:36 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-28 09:41 . 2010-09-10 17:13 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-28 09:26 . 2013-05-28 09:26 97768 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2013-05-28 09:26 . 2013-05-28 09:26 179688 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2013-05-28 09:26 . 2013-05-28 09:26 114920 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2013-05-28 09:26 . 2013-05-28 09:26 145128 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2013-05-28 09:26 . 2013-05-28 09:26 103400 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2013-05-08 09:58 . 2009-01-30 18:35 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-07 22:27 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet(2).dll
2013-05-07 22:27 . 2004-08-04 12:00 1215488 ----a-w- c:\windows\system32\urlmon(2).dll
2013-05-07 22:27 . 2004-08-04 12:00 105984 ----a-w- c:\windows\system32\url(2).dll
2013-05-03 05:39 . 2004-08-04 00:58 2074496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-03 05:39 . 2004-08-04 12:00 2197888 ----a-w- c:\windows\system32\ntoskrnl.exe
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2013-01-08 15:56 87768 ----a-w- c:\program files\pandasecuritytb\pandasecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\pandasecuritytb\pandasecurityDx.dll" [2013-01-08 87768]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim x\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim x\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim x\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim x\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Facebook Update"="c:\documents and settings\Wim x\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-12-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2013-04-11 235072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-05-28 32736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]
.
c:\documents and settings\Wim x\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\Wim x\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wim x\\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Wim x\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Panda Security\\Panda Security Toolbar\\dtuser.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Wim x\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Wim x\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\pandasecuritytb\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [29/05/2013 5:55 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [29/05/2013 5:55 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [29/05/2013 5:55 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [29/05/2013 5:55 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [29/05/2013 5:55 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [29/05/2013 5:55 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [29/05/2013 5:55 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [29/05/2013 5:55 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [29/05/2013 5:55 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [29/05/2013 5:55 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [29/05/2013 5:55 93928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/05/2013 11:26 179688]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/05/2013 11:20 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/05/2013 11:26 145128]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/05/2013 11:26 103400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/05/2013 11:26 114920]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [29/05/2013 17:16 128104]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [28/05/2013 11:42 37344]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [28/07/2013 14:33 47632]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 14:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 11:14 30312]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [28/05/2013 11:26 97768]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 16:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 11:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 11:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 11:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 11:14 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [29/05/2013 5:55 52328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 09:34 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:12]
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim x.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-29 01:44]
.
2013-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004Core.job
- c:\documents and settings\Wim x\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 19:13]
.
2013-07-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004UA.job
- c:\documents and settings\Wim x\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 19:13]
.
2013-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004Core.job
- c:\documents and settings\Wim x\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 07:09]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004UA.job
- c:\documents and settings\Wim x\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 07:09]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim x\Application Data\Mozilla\Firefox\Profiles\35h94zfn.default-1349377835968\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-30 18:39
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,f2,54,21,8e,c9,d3,41,99,c9,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,f2,54,21,8e,c9,d3,41,99,c9,0c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3468)
c:\documents and settings\Wim x\Application Data\Dropbox\bin\DropboxExt.19.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Silverlight\xapauthenticodesip.dll
.
Voltooingstijd: 2013-07-30 18:40:49
ComboFix-quarantined-files.txt 2013-07-30 16:40
ComboFix2.txt 2013-07-29 14:49
ComboFix3.txt 2012-02-24 09:13
.
Pre-Run: 3.675.353.088 bytes beschikbaar
Post-Run: 3.670.921.216 bytes beschikbaar
.
- - End Of File - - CE6E47A58F9A287323396EAD497D6FF2
3051207086651214E435112E51817DC5
-
log combofix
ComboFix 13-07-27.01 - Wim 29/07/2013 16:34:34.8.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.315 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Wim \Bureaublad\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
FW: Cloud Antivirus Firewall *Disabled* {1337562C-110A-4AF8-B12B-750C0B30E802}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Wim \Application Data\Wim v1.18.0 - Trial version.vbs
c:\documents and settings\Wim \Menu Start\Programma's\Opstarten\OpenOffice.org 3.2 .lnk
c:\documents and settings\Wim \Mijn documenten\mctmp324.tmp
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\windows\system32\1575642013.dat
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\2e3017d87326b068.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\46c4f8b3185a2e34.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\9578d0bfdf01b63a.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d76fa9e2e3314278.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2013-06-28 to 2013-07-29 ))))))))))))))))))))))))))))))
.
.
2013-07-28 12:33 . 2013-04-29 07:17 47632 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
2013-07-25 14:39 . 2013-07-28 12:46 -------- d-----w- c:\program files\LyricsPal
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 12:12 . 2012-04-10 07:10 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 12:12 . 2011-11-05 09:57 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-08 01:23 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet.dll
2013-06-07 21:53 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-07 21:53 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-06-07 18:27 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2013-06-05 09:08 . 2004-08-04 12:00 1876864 ----a-w- c:\windows\system32\win32k.sys
2013-06-04 07:22 . 2004-08-04 12:00 563200 ----a-w- c:\windows\system32\qedit.dll
2013-05-29 15:16 . 2013-05-29 15:16 128104 ----a-w- c:\windows\system32\drivers\PSINProt.sys
2013-05-29 03:55 . 2013-05-29 03:55 93928 ----a-w- c:\windows\system32\drivers\NNStlsc.sys
2013-05-29 03:55 . 2013-05-29 03:55 230376 ----a-w- c:\windows\system32\drivers\NNSStrm.sys
2013-05-29 03:55 . 2013-05-29 03:55 108904 ----a-w- c:\windows\system32\drivers\NNSSmtp.sys
2013-05-29 03:55 . 2013-05-29 03:55 287336 ----a-w- c:\windows\system32\drivers\NNSProt.sys
2013-05-29 03:55 . 2013-05-29 03:55 161384 ----a-w- c:\windows\system32\drivers\NNSPrv.sys
2013-05-29 03:55 . 2013-05-29 03:55 106344 ----a-w- c:\windows\system32\drivers\NNSPop3.sys
2013-05-29 03:55 . 2013-05-29 03:55 95464 ----a-w- c:\windows\system32\drivers\NNSpicc.sys
2013-05-29 03:55 . 2013-05-29 03:55 52328 ----a-w- c:\windows\system32\drivers\NNSpihs.sys
2013-05-29 03:55 . 2013-05-29 03:55 124648 ----a-w- c:\windows\system32\drivers\NNSIds.sys
2013-05-29 03:55 . 2013-05-29 03:55 84200 ----a-w- c:\windows\system32\drivers\NNSAlpc.sys
2013-05-29 03:55 . 2013-05-29 03:55 126184 ----a-w- c:\windows\system32\drivers\NNSHttp.sys
2013-05-29 03:55 . 2013-05-29 03:55 107752 ----a-w- c:\windows\system32\drivers\NNSHttps.sys
2013-05-28 09:41 . 2013-05-28 09:42 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-28 09:41 . 2012-10-23 14:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-28 09:41 . 2012-10-23 14:36 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-28 09:41 . 2010-09-10 17:13 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-28 09:26 . 2013-05-28 09:26 97768 ----a-w- c:\windows\system32\drivers\PSINReg.sys
2013-05-28 09:26 . 2013-05-28 09:26 179688 ----a-w- c:\windows\system32\drivers\PSINKNC.sys
2013-05-28 09:26 . 2013-05-28 09:26 114920 ----a-w- c:\windows\system32\drivers\PSINProc.sys
2013-05-28 09:26 . 2013-05-28 09:26 145128 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2013-05-28 09:26 . 2013-05-28 09:26 103400 ----a-w- c:\windows\system32\drivers\PSINFile.sys
2013-05-08 09:58 . 2009-01-30 18:35 1543680 ------w- c:\windows\system32\wmvdecod.dll
2013-05-07 22:27 . 2004-08-04 12:00 920064 ----a-w- c:\windows\system32\wininet(2).dll
2013-05-07 22:27 . 2004-08-04 12:00 1215488 ----a-w- c:\windows\system32\urlmon(2).dll
2013-05-07 22:27 . 2004-08-04 12:00 105984 ----a-w- c:\windows\system32\url(2).dll
2013-05-03 05:39 . 2004-08-04 00:58 2074496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-03 05:39 . 2004-08-04 12:00 2197888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-01 01:59 . 2013-05-01 01:59 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2013-05-01 01:59 . 2013-05-01 01:59 69632 ----a-w- c:\windows\system32\QuickTime.qts
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}]
2013-01-08 15:56 87768 ----a-w- c:\program files\pandasecuritytb\pandasecurityDx.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files\pandasecuritytb\pandasecurityDx.dll" [2013-01-08 87768]
.
[HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim \Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim \Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\documents and settings\Wim \Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DriverMax"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"DriverMax_RESTART"="c:\program files\Innovative Solutions\DriverMax\devices.exe" [2010-03-01 9216928]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Facebook Update"="c:\documents and settings\Wim \Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-12-15 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"Panda Security URL Filtering"="c:\documents and settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2013-04-11 235072]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"PSUAMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" [2013-05-28 32736]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"FileZilla Server Interface"="c:\program files\FileZilla Server\FileZilla Server Interface.exe" [2012-02-26 1044992]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"panda2_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda2_0dn" [X]
"panda2_0dn_XP"="reg.exe delete HKCU\Software\panda2_0dn" [X]
"panda4_0dn"="reg.exe delete HKCU\Software\AppDataLow\Software\panda4_0dn" [X]
"panda4_0dn_XP"="reg.exe delete HKCU\Software\panda4_0dn" [X]
.
c:\documents and settings\Wim\Menu Start\Programma's\Opstarten\
Dropbox.lnk - c:\documents and settings\Wim\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wim \\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\Wim \\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Panda Security\\Panda Security Toolbar\\dtuser.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\Wim \\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\Wim\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\pandasecuritytb\\dtUser.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R1 NNSALPC;NNSAlpc;c:\windows\system32\drivers\NNSAlpc.sys [29/05/2013 5:55 84200]
R1 NNSHTTP;NNSHttp;c:\windows\system32\drivers\NNSHttp.sys [29/05/2013 5:55 126184]
R1 NNSHTTPS;NNSHttps;c:\windows\system32\drivers\NNSHttps.sys [29/05/2013 5:55 107752]
R1 NNSIDS;NNSids;c:\windows\system32\drivers\NNSIds.sys [29/05/2013 5:55 124648]
R1 NNSPICC;NNSPicc;c:\windows\system32\drivers\NNSpicc.sys [29/05/2013 5:55 95464]
R1 NNSPOP3;NNSPop3;c:\windows\system32\drivers\NNSPop3.sys [29/05/2013 5:55 106344]
R1 NNSPROT;NNSProt;c:\windows\system32\drivers\NNSProt.sys [29/05/2013 5:55 287336]
R1 NNSPRV;NNSPrv;c:\windows\system32\drivers\NNSPrv.sys [29/05/2013 5:55 161384]
R1 NNSSMTP;NNSSmtp;c:\windows\system32\drivers\NNSSmtp.sys [29/05/2013 5:55 108904]
R1 NNSSTRM;NNSStrm;c:\windows\system32\drivers\NNSStrm.sys [29/05/2013 5:55 230376]
R1 NNSTLSC;NNSTlsc;c:\windows\system32\drivers\NNStlsc.sys [29/05/2013 5:55 93928]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/05/2013 11:26 179688]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/05/2013 11:20 140768]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/05/2013 11:26 145128]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/05/2013 11:26 103400]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/05/2013 11:26 114920]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [29/05/2013 17:16 128104]
R2 PSUAService;Panda Product Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSUAService.exe [28/05/2013 11:42 37344]
R3 PSKMAD;PSKMAD;c:\windows\system32\drivers\PSKMAD.sys [28/07/2013 14:33 47632]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 14:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 11:14 30312]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 PSINReg;PSINReg;c:\windows\system32\drivers\PSINReg.sys [28/05/2013 11:26 97768]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 16:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 11:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 11:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 11:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 11:14 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 13:37 517096]
S4 NNSPIHS;NNSPihs;c:\windows\system32\drivers\NNSpihs.sys [29/05/2013 5:55 52328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 09:34 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Inhoud van de 'Gedeelde Taken' map
.
2013-07-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 12:12]
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim ***.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-03-29 01:44]
.
2013-07-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2013-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004Core.job
- c:\documents and settings\Wim \Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 19:13]
.
2013-07-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004UA.job
- c:\documents and settings\Wim \Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-12-15 19:13]
.
2013-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004Core.job
- c:\documents and settings\Wim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 07:09]
.
2013-07-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-2049760794-725345543-1004UA.job
- c:\documents and settings\Wim\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 07:09]
.
2013-07-29 c:\windows\Tasks\Lyrics-Pal Update.job
- c:\program files\LyricsPal\Lyrics.exe [2013-07-24 19:04]
.
.
------- Bijkomende Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim \Application Data\Mozilla\Firefox\Profiles\35h94zfn.default-1349377835968\
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-07-07 11:12; {9309FA47-1B48-4768-AFA4-9E0556F5DC81}; c:\program files\LyricsPal\125.xpi
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-SolutoService
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2013-07-29 16:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,f2,54,21,8e,c9,d3,41,99,c9,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,bd,f2,54,21,8e,c9,d3,41,99,c9,0c,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Voltooingstijd: 2013-07-29 16:49:16
ComboFix-quarantined-files.txt 2013-07-29 14:49
ComboFix2.txt 2012-02-24 09:13
.
Pre-Run: 1.518.071.808 bytes beschikbaar
Post-Run: 3.827.953.664 bytes beschikbaar
.
- - End Of File - - DC01C35CAA2365C8106252FC2C27063F
3051207086651214E435112E51817DC5
-
probleem is nog niet van de baan
nieuw hjt-logje
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 19:27:13, on 28/07/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Documents and Settings\Wim appelen\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Wim appelen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Wim appelen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Wim appelen\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 10177 bytes
mbam-log
Malwarebytes Anti-Malware 1.75.0.1300Malwarebytes : Free anti-malware download
Databaseversie: v2013.07.28.03
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Wim :: WIM [administrator]
28/07/2013 17:56:04
mbam-log-2013-07-28 (17-56-04).txt
Scan type: Snelle scan
Ingeschakelde scan opties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scan opties: P2P
Objecten gescand: 248367
Verstreken tijd: 48 minuut/minuten, 10 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 5
HKCR\Typelib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCR\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
HKCU\SOFTWARE\Funmoods (PUP.FunMoods) -> Succesvol in quarantaine geplaatst en verwijderd.
HKLM\SOFTWARE\Google\chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki (PUP.Funmoods) -> Succesvol in quarantaine geplaatst en verwijderd.
Registerwaarden gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{B9309F54-7374-5CDA-3A18-AE3066FF9094} (Trojan.Agent.BRGen2) -> Data: "C:\Documents and Settings\Wim \Application Data\Omymze\ysxu.exe" -> Succesvol in quarantaine geplaatst en verwijderd.
Registerdata gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 13
C:\Documents and Settings\wim\Application Data\Omymze\ysxu.exe (Trojan.Agent.BRGen2) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\wim\Mijn documenten\Downloads\LOIC-1.0.7.42-binary.zip (PUP.HackTool.LOIC) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim \Mijn documenten\Downloads\swf_avi_Converter.exe (Trojan.Repacked) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim \Mijn documenten\Downloads\installer_save_flash.exe (PUP.BundleInstaller.PHP) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim \Mijn documenten\Downloads\installer_xilisoft_mp4_converter.exe (PUP.BundleInstaller.PHP) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim \Mijn documenten\Downloads\PDFCreatorSetup.exe (PUP.Adware.InstallCore) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\RECYCLER\S-1-5-21-117609710-2049760794-725345543-1004\Dc172\Megalith_GPS_Tuner_v5_2_XScale_keymaker.zip (Trojan.FakeMS.Gen) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim\Local Settings\temp\lyricsPaltmp.exe (PUP.LyricsAd) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim \Local Settings\temp\LyricsPal_1060-8101_v116.exe (PUP.LyricsAd) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim \Local Settings\temp\QM8MBkm3.exe.part (PUP.Optional.Softonic) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\All Users\Application Data\KeyLog.txt (Stolen.Data) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim\Local Settings\TempDIR\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Succesvol in quarantaine geplaatst en verwijderd.
C:\Documents and Settings\Wim \Mijn documenten\wincmd.exe (Trojan.Agent) -> Succesvol in quarantaine geplaatst en verwijderd.
(einde)
-
Logje
Logfile of Trend Micro HijackThis v2.0.4Scan saved at 8:08:12, on 28/07/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
C:\Documents and Settings\Application Data\Dropbox\bin\Dropbox.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\TechSmith\SnagIt 7\TSCHelp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN NL: Hotmail, Outlook, Skype, Messenger, het laatste nieuws, entertainment en meer!
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Lyrics-Pal - {AB9778AB-BAEF-49B9-96EE-D6E4BD0BCE68} - C:\Program Files\LyricsPal\125.dll
O2 - BHO: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O2 - BHO: Lyrics-Pal - {C8FBE488-BAF5-4019-A7F7-C888045987D3} - C:\Program Files\LyricsPal\122.dll (file missing)
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: PNBHO - {FBAAD182-3C7A-4BC4-A5E9-207B8E0F02FD} - C:\Program Files\DeLorme\SendToGPS\PNPluginForIE.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Panda Security Toolbar - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\pandasecuritytb\pandasecurityDx.dll
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [Panda Security URL Filtering] "C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FileZilla Server Interface] "C:\Program Files\FileZilla Server\FileZilla Server Interface.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files\Innovative Solutions\DriverMax\devices.exe" -RESTART
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Wim appelen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Wim appelen\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [idle32] C:\Documents and Settings\Wim appelen\Mijn documenten\wincmd.exe
O4 - HKCU\..\Run: [{B9309F54-7374-5CDA-3A18-AE3066FF9094}] "C:\Documents and Settings\Wim appelen\Application Data\Omymze\ysxu.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [panda4_0dn_XP] reg.exe delete "HKCU\Software\panda4_0dn" /f (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [panda2_0dn] reg.exe delete "HKCU\Software\AppDataLow\Software\panda2_0dn" /f (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\Wim appelen\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.2 .lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: SnagIt 7.lnk = C:\Program Files\TechSmith\SnagIt 7\SnagIt32.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobiele favorieten maken... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: GEARSecurity - Unknown owner - C:\WINDOWS\System32\GEARSec.exe (file missing)
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUAService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 10627 bytes
-
Hallo
De laatste weken heb ik volgend probleem.
Op elke willekeurige website heb ik geweldig veel reclame.
Op de site van een krant bv zijn er woorden uit een artikel die veranderd zijn van kleur. Ga ik hierover met de muis dan
komt er een pop-up tevoorschijn.
Ook staat er onder elke reclame in het klein "ads not by this site".
Iemand een idee hoe ik hier vanaf geraak?
Alvast bedankt
-
topic mag op slot
Heb de laptop binnengedaan.
Er zat één of ander virus op
-
mag op slot hoor.
-
ik dacht dat 't daar mss mee te maken had.
-
twee weken geleden bleef de laptop telkens opnieuw opstarten.
Er zit nog geen andere schijf in. Ik zou deze willen vervangen nav een aantal crashes
Via Dell support center zijn er een aantal crashgebeurtenissen van het besturingssysteem te zien.
volgende melding staat er: "er is opnieuw opgestart na een foutencontrole. Foutencontrole 0x000000000a,0x000000002.....). Er is een dump opgeslagen in C:Windows\MEMORY.DMP."
Sinds toen is de webcam en het geluid weggevallen
Besturingsysteem Microsoft Windows Vista Business Edition (32-bit)
On Sat 2/06/2012 6:44:44 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-09.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8226A83C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:44:44 GMT your computer crashed
crash dump file: C:\Windows\memory.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8226A83C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:40:51 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-08.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8223D83C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:37:49 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-07.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8224983C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:33:57 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-06.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8227D83C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:30:30 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-05.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8223283C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:26:42 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-04.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8224083C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:24:37 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-03.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8224583C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:20:37 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-02.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8226083C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
On Sat 2/06/2012 6:18:34 GMT your computer crashed
crash dump file: C:\Windows\Minidump\Mini060212-01.dmp
This was probably caused by the following module: raspptp.sys (raspptp+0xCC84)
Bugcheck code: 0xA (0x0, 0x2, 0x1, 0xFFFFFFFF8223583C)
Error: IRQL_NOT_LESS_OR_EQUAL
file path: C:\Windows\system32\drivers\raspptp.sys
product: Microsoft® Windows® Operating System
company: Microsoft Corporation
description: Peer-to-Peer Tunneling Protocol
Bug check description: This indicates that Microsoft Windows or a kernel-mode driver accessed paged memory at DISPATCH_LEVEL or above.
This appears to be a typical software driver bug and is not likely to be caused by a hardware problem.
The crash took place in a standard Microsoft module. Your system configuration may be incorrect. Possibly this problem is caused by another driver on your system which cannot be identified at this time.
-
Wat er is gebeurt weet ik niet maar de webcam van mijn laptop werkt niet meer.
Ook heeft 't geluid het laten afweten.
Betreft een laptop van dell (vostro1520)
Als ik deze opstart heb ik een popup met als titel:
"oem13mon.exe"
waarin vermeld word:
"ongeldige installatiekopie c:\windows\sustem32\ksuser.dll is niet geschikt voor windows of het bevat een fout. Probeer opnieuw op te starten ...."
vervolgens een popup met de vermelding:
"Live!Cam Console Auto Launcher werkt niet meer"
1. Online naar een oplossing zoeken
2. Programma sluiten
iemand een idee wat dit zou kunnen zijn.
alvast bedankt
-
en dat kan volledig met die gratis versie?
-
Hallo,
Ik zou mijn harde schijf willen vervangen.
Maar hoe maak ik een kopie van alles wat op die schijf staat.
Is er een mogelijkheid om alles in één keer op een dvd te zetten en daarna op de
nieuwe schijf te plaatsen.
-
-
Heb je all eens geprobeerd van je browser te verwijderen en opnieuw te installeren?
dit nogmaals geprobeerd en blijkbaar is het nu wel weg. Voor alle scans van hjt en combofix had ik dit al geprobeerd. Helaas zonder resultaat. Met Revo FF verwijderd en blijkbaar is Babylon ook naar de eeuwige jachtvelden
-
... Of installeer Revo Uninstaller. Onder de knop Gereedschap staan alle geinstalleerde programma's. Als Babylon Search daarbij staat dan selecteren en Deinstalleren (knop boven). Daarna kun je uit 4 opties kiezen. Kies Gevorderd en ook alle registervermeldingen worden verwijderd en wel voorgoed. Ik heb er nooit meer last van gehad in elk geval. Succes
Aageema
Ik had al gezocht met Revo, helaas niets terug te vinden van Babylon.
Als ik mijn startpagina verander naar Mozilla Firefox-startpagina dan heb ik er geen last van. Gebruik ik de standaard van FF (about:home) dan is de ellende er weer
-
Maar nu de cruciale vraag : wat met Babylon ?
helaas
:argh::frown:wat nu? ik begrijp er niets van
edit: about:config gedaan in adresbalk. Als ik dan filter op Babylon zie ik het volgende
-
nog eens
ComboFix 12-02-21.02 - Administrator 24/02/2012 10:07:36.7.1 - x86 MINIMALMicrosoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.812 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Wim \Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Wim \Bureaublad\CFScript.txt
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-24 to 2012-02-24 ))))))))))))))))))))))))))))))
.
.
2012-02-23 14:19 . 2012-02-23 14:19 -------- d-----w- c:\documents and settings\Administrator
2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto
2012-02-20 15:28 . 2012-02-24 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro
2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache
2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll
2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter
2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx
2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake
2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor
2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor
2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput
2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax
2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash
2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime
2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly
2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft
2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView
2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith
2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF
2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc
2012-02-04 14:04 . 2012-02-24 09:00 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend
2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner
2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor
2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179
2012-01-26 11:23 . 2012-02-21 16:21 -------- d-----w- c:\program files\Cain
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll
2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Soluto"="c:\program files\Soluto\soluto.exe" [2012-01-25 1712176]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wim \\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]
S0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2012-02-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
.
------- Bijkomende Scan -------
.
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0qb8ta4d.default\
.
- - - - ORPHANS VERWIJDERD - - - -
.
ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-24 10:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-02-24 10:13:49
ComboFix-quarantined-files.txt 2012-02-24 09:13
ComboFix2.txt 2012-02-23 18:48
ComboFix3.txt 2012-02-23 18:23
ComboFix4.txt 2012-02-22 17:27
ComboFix5.txt 2012-02-24 09:05
.
Pre-Run: 39.837.585.408 bytes beschikbaar
Post-Run: 39.827.046.400 bytes beschikbaar
.
- - End Of File - - ED479E9ACF2FC31A1627C6DF9DAA6FB8
-
opstarten in veilige modus is geen probleem. Alleen zijn de picto's van het kladblokbestand en combofix niet aanwezig op het scherm (alles in grote resolutie). Heb dan de resolutie proberen aan te passen maar dit lukt blijkbaar niet in veilige modus
-
nog eens
ComboFix 12-02-21.02 - Wim 22/02/2012 18:20:08.4.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.497 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Wim \Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Wim \Bureaublad\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-22 to 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto
2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto
2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro
2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache
2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll
2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter
2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx
2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake
2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim \Application Data\SoMud
2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor
2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor
2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak
2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput
2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax
2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash
2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime
2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player
2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\FLVService
2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim \Application Data\Xilisoft
2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft
2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView
2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\TechSmith
2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith
2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF
2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc
2012-02-04 14:04 . 2012-02-22 17:18 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend
2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner
2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor
2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179
2012-01-26 11:23 . 2012-02-21 16:21 -------- d-----w- c:\program files\Cain
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll
2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wim \\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/04/2011 12:58 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
Inhoud van de 'Gedeelde Taken' map
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim .job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim\Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-22 18:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(1132)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Voltooingstijd: 2012-02-22 18:27:04
ComboFix-quarantined-files.txt 2012-02-22 17:27
ComboFix2.txt 2012-02-22 15:03
ComboFix3.txt 2012-02-22 12:54
ComboFix4.txt 2012-02-21 16:10
.
Pre-Run: 39.039.377.408 bytes beschikbaar
Post-Run: 39.032.627.200 bytes beschikbaar
.
- - End Of File - - D21BEBA652DDFB299D6EE74720C9D434
-
hopla
ComboFix 12-02-21.02 - Wim 22/02/2012 13:44:56.2.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.578 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Wim \Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Wim \Bureaublad\CFScript.txt
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
* Nieuw herstelpunt werd aangemaakt
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}\mia.lib
c:\documents and settings\Wim \Mijn documenten\Downloads\PowerPointViewer.exe
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\Updater\config.xml
c:\program files\Funmoods
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe
c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll
c:\program files\Funmoods\funmoods\1.5.11.16\uninstall.exe
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-22 to 2012-02-22 ))))))))))))))))))))))))))))))
.
.
2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto
2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto
2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro
2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache
2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll
2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter
2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx
2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake
2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim\Application Data\SoMud
2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor
2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor
2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak
2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput
2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax
2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash
2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime
2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player
2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\FLVService
2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim\Application Data\Xilisoft
2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft
2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView
2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\TechSmith
2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith
2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF
2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc
2012-02-04 14:04 . 2012-02-22 12:42 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend
2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner
2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor
2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179
2012-01-26 11:23 . 2012-02-21 16:21 -------- d-----w- c:\program files\Cain
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll
2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\Wim \\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]
R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]
S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]
.
Inhoud van de 'Gedeelde Taken' map
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim .job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim \Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-funmoods - c:\program files\Funmoods\funmoods\1.5.11.16\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-22 13:52
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
Voltooingstijd: 2012-02-22 13:54:19
ComboFix-quarantined-files.txt 2012-02-22 12:54
ComboFix2.txt 2012-02-21 16:10
.
Pre-Run: 38.931.501.056 bytes beschikbaar
Post-Run: 38.922.973.184 bytes beschikbaar
.
- - End Of File - - 3BCC564BB0505E73DFB79E7757B222ED
-
logje
ComboFix 12-02-21.02 - Wim 21/02/2012 16:49:12.1.1 - x86Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.488 [GMT 1:00]
Gestart vanuit: c:\documents and settings\Wim\Bureaublad\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
C:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-01-21 to 2012-02-21 ))))))))))))))))))))))))))))))
.
.
2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto
2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto
2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro
2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter
2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache
2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll
2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll
2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter
2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx
2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax
2012-02-14 17:43 . 2012-02-14 17:43 -------- d-----w- c:\program files\Funmoods
2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake
2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake
2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim \Application Data\SoMud
2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor
2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor
2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll
2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll
2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll
2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll
2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5
2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak
2012-02-14 16:35 . 2012-01-20 13:14 17280 ----a-w- c:\windows\system32\roboot.exe
2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput
2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax
2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash
2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper
2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2012-02-13 16:01 . 2012-02-13 17:10 -------- d-----w- c:\program files\Ask.com
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar
2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN
2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime
2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player
2012-02-13 15:40 . 2012-02-13 17:10 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}
2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly
2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim\Local Settings\Application Data\FLVService
2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim \Application Data\Xilisoft
2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft
2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView
2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim\Local Settings\Application Data\TechSmith
2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith
2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF
2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc
2012-02-04 14:04 . 2012-02-20 14:22 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend
2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner
2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor
2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179
2012-01-26 11:23 . 2012-01-26 17:14 -------- d-----w- c:\program files\Cain
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys
2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll
2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax
2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll
2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll
2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll
2011-12-23 19:58 . 2011-12-23 19:58 172032 ----a-w- c:\windows\system32\muzapp.exe
2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll
2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax
2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll
2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll
2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax
2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll
2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys
2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll
2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll
2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll
2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll
2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll
2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]
SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Documents and Settings\\Wim \Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=
"c:\\Program Files\\Soluto\\Soluto.exe"=
"c:\\Program Files\\Soluto\\SolutoService.exe"=
"c:\\Program Files\\Soluto\\SolutoConsole.exe"=
"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]
R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/04/2011 12:58 140608]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]
R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]
R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
.
--- Andere Services/Drivers In Geheugen ---
.
*NewlyCreated* - WS2IFSL
.
Inhoud van de 'Gedeelde Taken' map
.
2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]
.
2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]
.
.
------- Bijkomende Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 195.130.130.3 195.130.131.3
FF - ProfilePath - c:\documents and settings\Wim Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.funmoods_i.instlDay - 15384
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-AdobeBridge - (no file)
HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-21 17:06
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'explorer.exe'(3384)
c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll
c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Andere Aktieve Processen ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\BrytonBridge\BBDaemon.exe
c:\program files\TechSmith\SnagIt 7\TSCHelp.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2012-02-21 17:10:55 - machine werd herstart
ComboFix-quarantined-files.txt 2012-02-21 16:10
.
Pre-Run: 37.833.269.248 bytes beschikbaar
Post-Run: 39.080.947.712 bytes beschikbaar
.
- - End Of File - - 34E32C4E028DEEAD1485136334CF502A
-
Alles behalve Google weggehaald, helaas zonder resultaat
-
Babylon staat er niet meer tussen. Maar zoekresultaten nog steeds via Babylon Search
een zoekopdracht in volgend scherm
geeft volgend resultaat
-
Een zoekopdracht in het vakje naast het URL-vak geeft de resultaten wel via Google
geef ik in het bovenstaande vak (zie screenshot) iets in dan worden de resultaten via Babylon Search weergegeven
:argh:
:frown:
spyware?
in Archief Bestrijding malware & virussen
Geplaatst:
't lijkt me opgelost
merci voor de hulp