babylon zoekmachine

kape · 20 februari 2012

Haal Ask.com, Freecorder, Search & Search Results daar eens weg ... zijn niet echt koosjer. En dan maar weer kijken wat er gebeurt ?

tessloo · 21 februari 2012

Alles behalve Google weggehaald, helaas zonder resultaat

kape · 21 februari 2012

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.

2. Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.

3. ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd.

**Let op: Als de Microsoft Windows Recovery Console al is geïnstalleerd, dan krijg je de volgende schermen niet te zien en zal ComboFix automatisch verder gaan met het scannen naar malware.

4. Volg de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren.

Je krijgt de volgende melding te zien wanneer ComboFix de Microsoft Windows Recovery Console succesvol heeft geïnstalleerd:

Klik op Ja om verder te gaan met het scannen naar malware.

5. Wanneer ComboFix klaar is, zal het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

tessloo · 21 februari 2012

logje

ComboFix 12-02-21.02 - Wim 21/02/2012 16:49:12.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.488 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Wim\Bureaublad\ComboFix.exe

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

C:\install.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-21 to 2012-02-21 ))))))))))))))))))))))))))))))

.

.

2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto

2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto

2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto

2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes

2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro

2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter

2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache

2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll

2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter

2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx

2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax

2012-02-14 17:43 . 2012-02-14 17:43 -------- d-----w- c:\program files\Funmoods

2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake

2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake

2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim \Application Data\SoMud

2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor

2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor

2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll

2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll

2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll

2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll

2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll

2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5

2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak

2012-02-14 16:35 . 2012-01-20 13:14 17280 ----a-w- c:\windows\system32\roboot.exe

2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput

2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax

2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash

2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper

2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-13 16:01 . 2012-02-13 17:10 -------- d-----w- c:\program files\Ask.com

2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar

2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN

2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime

2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player

2012-02-13 15:40 . 2012-02-13 17:10 -------- dc----w- c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}

2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly

2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim\Local Settings\Application Data\FLVService

2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim \Application Data\Xilisoft

2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft

2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView

2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim\Local Settings\Application Data\TechSmith

2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith

2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF

2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc

2012-02-04 14:04 . 2012-02-20 14:22 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend

2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner

2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor

2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179

2012-01-26 11:23 . 2012-01-26 17:14 -------- d-----w- c:\program files\Cain

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll

2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll

2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll

2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll

2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll

2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax

2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll

2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll

2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll

2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll

2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll

2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll

2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll

2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax

2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll

2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe

2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll

2011-12-23 19:58 . 2011-12-23 19:58 172032 ----a-w- c:\windows\system32\muzapp.exe

2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll

2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax

2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll

2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll

2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax

2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax

2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll

2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax

2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys

2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll

2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys

2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys

2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll

2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll

2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll

2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]

SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\WINDOWS\\system32\\muzapp.exe"=

"c:\\Documents and Settings\\Wim \Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=

"c:\\Program Files\\Soluto\\Soluto.exe"=

"c:\\Program Files\\Soluto\\SolutoService.exe"=

"c:\\Program Files\\Soluto\\SolutoConsole.exe"=

"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]

R2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [28/04/2011 12:58 140608]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]

R2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [25/01/2012 19:05 547872]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]

S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]

S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12:37 517096]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

Inhoud van de 'Gedeelde Taken' map

.

2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]

.

2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]

.

2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 195.130.130.3 195.130.131.3

FF - ProfilePath - c:\documents and settings\Wim Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=

FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888

FF - user.js: extensions.funmoods_i.instlDay - 15384

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - make

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888

FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe

AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe

AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe

AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe

AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe

AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe

AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe

AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe

AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe

AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe

AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe

AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe

AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe

AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe

AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe

AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe

AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe

AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe

AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe

AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-02-21 17:06

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'explorer.exe'(3384)

c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL

c:\program files\Panda Security\Panda Cloud Antivirus\PSNCGP.dll

c:\program files\Panda Security\Panda Cloud Antivirus\PSNCIPC.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\windows\System32\SCardSvr.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\BrytonBridge\BBDaemon.exe

c:\program files\TechSmith\SnagIt 7\TSCHelp.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2012-02-21 17:10:55 - machine werd herstart

ComboFix-quarantined-files.txt 2012-02-21 16:10

.

Pre-Run: 37.833.269.248 bytes beschikbaar

Post-Run: 39.080.947.712 bytes beschikbaar

.

- - End Of File - - 34E32C4E028DEEAD1485136334CF502A

kape · 21 februari 2012

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\program files\Funmoods

c:\program files\Ask.com

c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar

c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}

Firefox::

FF - ProfilePath - c:\documents and settings\Wim Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage –

FF - prefs.js: keyword.URL -

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=

FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888

FF - user.js: extensions.funmoods_i.instlDay - 15384

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - make

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888

FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp – none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef – sst

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

tessloo · 22 februari 2012

hopla

ComboFix 12-02-21.02 - Wim 22/02/2012 13:44:56.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.578 [GMT 1:00]

Gestart vanuit: c:\documents and settings\Wim \Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Wim \Bureaublad\CFScript.txt

AV: Panda Cloud Antivirus *Disabled/Updated* {5AD27692-540A-464E-B625-78275FA38393}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}

c:\documents and settings\All Users\Application Data\{B49A644A-1076-4A3D-B124-DAA7862F2318}\mia.lib

c:\documents and settings\Wim \Mijn documenten\Downloads\PowerPointViewer.exe

c:\program files\Ask.com

c:\program files\Ask.com\assets\oobe\b.png

c:\program files\Ask.com\assets\oobe\bl.png

c:\program files\Ask.com\assets\oobe\br.png

c:\program files\Ask.com\assets\oobe\l.png

c:\program files\Ask.com\assets\oobe\pointer.png

c:\program files\Ask.com\assets\oobe\r.png

c:\program files\Ask.com\assets\oobe\t.png

c:\program files\Ask.com\assets\oobe\tl.png

c:\program files\Ask.com\assets\oobe\tr.png

c:\program files\Ask.com\config.xml

c:\program files\Ask.com\mupcfg.xml

c:\program files\Ask.com\Updater\config.xml

c:\program files\Funmoods

c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsApp.dll

c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsEng.dll

c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsOEM.crx

c:\program files\Funmoods\funmoods\1.5.11.16\funmoodssrv.exe

c:\program files\Funmoods\funmoods\1.5.11.16\funmoodsTlbr.dll

c:\program files\Funmoods\funmoods\1.5.11.16\uninstall.exe

c:\windows\system32\muzapp.exe

c:\windows\system32\roboot.exe

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-01-22 to 2012-02-22 ))))))))))))))))))))))))))))))

.

.

2012-02-20 15:41 . 2012-02-20 15:41 -------- d-----w- c:\documents and settings\Wim \Application Data\Soluto

2012-02-20 15:29 . 2012-01-25 17:56 51144 ----a-w- c:\windows\system32\drivers\Soluto.sys

2012-02-20 15:28 . 2012-02-20 15:29 -------- d-----w- c:\program files\Soluto

2012-02-20 15:28 . 2012-02-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Soluto

2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\Wim \Application Data\Malwarebytes

2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-02-19 08:22 . 2012-02-19 08:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-02-19 08:22 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-19 08:16 . 2012-02-19 08:16 388096 ----a-r- c:\documents and settings\Wim \Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-02-19 08:16 . 2012-02-19 08:16 -------- d-----w- c:\program files\Trend Micro

2012-02-17 17:07 . 2012-02-17 17:07 -------- d-----w- c:\program files\FoxTabVideoConverter

2012-02-16 06:09 . 2012-02-16 06:09 -------- d-----w- c:\program files\MSECache

2012-02-15 10:47 . 2012-01-11 19:07 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll

2012-02-15 10:47 . 2012-01-11 19:07 3072 ------w- c:\windows\system32\iacenc.dll

2012-02-14 17:53 . 2006-08-01 13:01 438272 ----a-w- c:\windows\system32\SkinCrafter.dll

2012-02-14 17:53 . 2012-02-14 18:10 -------- d-----w- c:\program files\Extra FLV SWF Video Converter

2012-02-14 17:53 . 2007-03-09 08:35 208896 ----a-w- c:\windows\system32\VideoEdit.ocx

2012-02-14 17:53 . 2005-11-25 06:46 421888 ----a-w- c:\windows\system32\RealMediaSplitter.ax

2012-02-14 17:43 . 2012-02-14 17:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Freemake

2012-02-14 17:42 . 2012-02-14 17:43 -------- d-----w- c:\program files\Freemake

2012-02-14 17:30 . 2012-02-14 18:13 -------- d-----w- c:\documents and settings\Wim\Application Data\SoMud

2012-02-14 17:30 . 2012-02-19 08:21 -------- d-----w- c:\program files\Smart Suggestor

2012-02-14 17:30 . 2012-02-14 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\APSuggestor

2012-02-14 16:36 . 2004-02-22 09:11 719872 ----a-w- c:\windows\system32\devil.dll

2012-02-14 16:36 . 2009-09-27 08:39 369152 ----a-w- c:\windows\system32\avisynth.dll

2012-02-14 16:36 . 2005-07-14 11:31 32256 ----a-w- c:\windows\system32\AVSredirect.dll

2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll

2012-02-14 16:36 . 2004-01-24 23:00 70656 ----a-w- c:\windows\system32\i420vfw.dll

2012-02-14 16:36 . 2012-02-14 16:36 -------- d-----w- c:\program files\AviSynth 2.5

2012-02-14 16:35 . 2012-02-15 05:57 -------- d-----w- c:\documents and settings\Wim \Application Data\Systweak

2012-02-14 16:18 . 2012-02-14 16:18 -------- d-----w- C:\videooutput

2012-02-14 16:18 . 2008-12-04 20:46 180224 ----a-w- c:\windows\system32\xvidvfw.dll

2012-02-14 16:18 . 2008-10-08 09:16 139264 ----a-w- c:\windows\system32\xvid.ax

2012-02-14 15:47 . 2012-02-14 15:48 -------- d-----w- c:\program files\Save Flash

2012-02-13 17:27 . 2012-02-13 17:29 -------- d-----w- c:\program files\ConvertHelper

2012-02-13 17:14 . 2012-02-13 17:14 -------- d-----w- c:\windows\system32\wbem\Repository

2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\AskToolbar

2012-02-13 16:01 . 2012-02-13 16:01 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\APN

2012-02-13 16:00 . 2012-02-13 16:00 -------- d-----w- c:\program files\FreeTime

2012-02-13 15:41 . 2012-02-13 15:41 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\Ilivid Player

2012-02-13 15:39 . 2012-02-13 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\boost_interprocess

2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\program files\Complitly

2012-02-13 15:12 . 2012-02-13 17:12 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\FLVService

2012-02-13 07:28 . 2012-02-13 07:28 -------- d-----w- c:\documents and settings\Wim\Application Data\Xilisoft

2012-02-13 07:25 . 2012-02-13 07:25 -------- d-----w- c:\program files\Xilisoft

2012-02-06 14:58 . 2012-02-06 14:58 -------- d-----w- c:\program files\IrfanView

2012-02-06 12:51 . 2012-02-06 12:51 -------- d-----w- c:\documents and settings\Wim \Local Settings\Application Data\TechSmith

2012-02-06 12:17 . 2012-02-06 12:37 -------- d-----w- c:\program files\TechSmith

2012-02-06 12:17 . 2012-02-06 12:17 -------- d--h--w- c:\windows\PIF

2012-02-05 15:02 . 2012-02-05 15:02 -------- d-----w- c:\program files\music2pc

2012-02-04 14:04 . 2012-02-22 12:42 -------- d--h--r- c:\documents and settings\Wim \Onlangs geopend

2012-02-03 08:41 . 2012-02-03 08:41 -------- d-----w- c:\program files\CCleaner

2012-01-29 10:29 . 2012-01-29 10:32 -------- d-----w- c:\program files\ACSPMonitor

2012-01-26 13:07 . 2011-12-11 14:53 -------- d-----w- C:\john179

2012-01-26 11:23 . 2012-02-21 16:21 -------- d-----w- c:\program files\Cain

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-12 17:20 . 2004-08-04 12:00 1860096 ----a-w- c:\windows\system32\win32k.sys

2012-01-02 12:09 . 2011-11-05 09:57 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-12-23 19:58 . 2012-01-10 09:13 4659712 ----a-w- c:\windows\system32\Redemption.dll

2011-12-23 19:58 . 2011-12-23 19:58 974848 ----a-w- c:\windows\system32\cis-2.4.dll

2011-12-23 19:58 . 2011-12-23 19:58 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll

2011-12-23 19:58 . 2011-12-23 19:58 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll

2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll

2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\MK_Lyric.dll

2011-12-23 19:58 . 2011-12-23 19:58 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll

2011-12-23 19:58 . 2011-12-23 19:58 569344 ----a-w- c:\windows\system32\muzdecode.ax

2011-12-23 19:58 . 2011-12-23 19:58 491520 ----a-w- c:\windows\system32\muzapp.dll

2011-12-23 19:58 . 2011-12-23 19:58 49152 ----a-w- c:\windows\system32\MaJGUILib.dll

2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MaXMLProto.dll

2011-12-23 19:58 . 2011-12-23 19:58 45056 ----a-w- c:\windows\system32\MACXMLProto.dll

2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll

2011-12-23 19:58 . 2011-12-23 19:58 40960 ----a-w- c:\windows\system32\MAMACExtract.dll

2011-12-23 19:58 . 2011-12-23 19:58 352256 ----a-w- c:\windows\system32\MSLUR71.dll

2011-12-23 19:58 . 2011-12-23 19:58 258048 ----a-w- c:\windows\system32\muzoggsp.ax

2011-12-23 19:58 . 2011-12-23 19:58 245760 ----a-w- c:\windows\system32\MSCLib.dll

2011-12-23 19:58 . 2011-12-23 19:58 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe

2011-12-23 19:58 . 2011-12-23 19:58 200704 ----a-w- c:\windows\system32\muzwmts.dll

2011-12-23 19:58 . 2011-12-23 19:58 155648 ----a-w- c:\windows\system32\MSFLib.dll

2011-12-23 19:58 . 2011-12-23 19:58 143360 ----a-w- c:\windows\system32\3DAudio.ax

2011-12-23 19:58 . 2011-12-23 19:58 14336 ----a-w- c:\windows\system32\avrt.dll

2011-12-23 19:58 . 2011-12-23 19:58 135168 ----a-w- c:\windows\system32\muzaf1.dll

2011-12-23 19:58 . 2011-12-23 19:58 131072 ----a-w- c:\windows\system32\muzmpgsp.ax

2011-12-23 19:58 . 2011-12-23 19:58 122880 ----a-w- c:\windows\system32\muzeffect.ax

2011-12-23 19:58 . 2011-12-23 19:58 118784 ----a-w- c:\windows\system32\MaDRM.dll

2011-12-23 19:58 . 2011-12-23 19:58 110592 ----a-w- c:\windows\system32\muzmp4sp.ax

2011-12-20 14:38 . 2011-12-18 12:26 33536 ----a-w- c:\windows\system32\drivers\a38usb.sys

2011-12-20 14:38 . 2011-12-18 12:26 110592 ----a-w- c:\windows\system32\usbr38.dll

2011-12-17 19:42 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2011-12-17 19:42 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-12-17 19:42 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-12-16 12:23 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec

2011-12-08 04:22 . 2012-01-10 09:14 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys

2011-12-08 04:22 . 2012-01-10 09:14 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys

2011-12-08 04:22 . 2012-01-10 09:14 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys

2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys

2011-12-08 04:22 . 2012-01-10 09:14 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys

2011-12-08 04:22 . 2012-01-10 09:14 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys

2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll

2011-12-08 04:22 . 2012-01-10 09:14 1416680 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll

2011-12-08 04:22 . 2012-01-10 09:14 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys

2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys

2011-12-08 04:22 . 2012-01-10 09:14 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys

2011-11-25 21:57 . 2004-08-04 12:00 293888 ----a-w- c:\windows\system32\winsrv.dll

2012-02-17 17:18 . 2011-12-02 03:41 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2006-05-03 11:06 163328 --sha-w- c:\windows\system32\flvDX.dll

2007-02-21 12:47 31232 --sha-w- c:\windows\system32\msfDX.dll

2008-03-16 14:30 216064 --sha-w- c:\windows\system32\nbDX.dll

2010-01-06 23:00 107520 --sha-w- c:\windows\system32\TAKDSDecoder.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2011-05-09 10:45 288584 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]

"beid"="c:\program files\Belgium Identity Card\beid35gui.exe" [2011-07-06 2068480]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

brytondetector.lnk - c:\program files\BrytonBridge\BrytonDetector.exe [2011-12-20 81920]

Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2011-9-18 100864]

SnagIt 7.lnk - c:\program files\TechSmith\SnagIt 7\SnagIt32.exe [2012-2-6 3710976]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

@="Service"

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Documents and Settings\\Wim \\Mijn documenten\\Downloads\\solutoinstaller-g7W6Den2NH.exe"=

"c:\\Program Files\\Soluto\\Soluto.exe"=

"c:\\Program Files\\Soluto\\SolutoService.exe"=

"c:\\Program Files\\Soluto\\SolutoConsole.exe"=

"c:\\Program Files\\Soluto\\SolutoUpdateService.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R0 Soluto;Soluto;c:\windows\system32\drivers\Soluto.sys [20/02/2012 16:29 51144]

R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [28/04/2011 12:57 129992]

R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [28/04/2011 12:57 143432]

R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [28/04/2011 12:57 97096]

R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [28/04/2011 12:57 111688]

R2 PSINProt;PSINProt;c:\windows\system32\drivers\PSINProt.sys [28/04/2011 12:57 112456]

R3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]

S3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\drivers\a38usb.sys [18/12/2011 13:26 33536]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/01/2012 10:14 30312]

S3 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]

S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2010 14:04 136176]

S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [29/08/2010 15:13 27064]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/01/2012 10:14 121064]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/01/2012 10:14 12776]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/01/2012 10:14 136808]

S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/01/2012 10:14 114280]

.

Inhoud van de 'Gedeelde Taken' map

.

2010-08-28 c:\windows\Tasks\AdobeAAMUpdater-1.0-WIM-Wim .job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-08-28 01:44]

.

2012-02-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

2012-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]

.

2012-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-29 13:04]

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 195.130.130.3 195.130.131.3

FF - ProfilePath - c:\documents and settings\Wim \Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=110004&tt=090212_noffx&babsrc=adbartrp&mntrId=543d719b000000000000001485849888&q=

FF - user.js: extensions.funmoods_i.hmpg - true

FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make

FF - user.js: extensions.funmoods_i.dfltSrch - true

FF - user.js: extensions.funmoods_i.srchPrvdr - Search

FF - user.js: extensions.funmoods_i.dnsErr - true

FF - user.js: extensions.funmoods_i.newTab - true

FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make

FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=

FF - user.js: extensions.funmoods_i.id - 543d719b000000000000001485849888

FF - user.js: extensions.funmoods_i.instlDay - 15384

FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16

FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1618:43

FF - user.js: extensions.funmoods_i.prtnrId - funmoods

FF - user.js: extensions.funmoods_i.prdct - funmoods

FF - user.js: extensions.funmoods_i.aflt - make

FF - user.js: extensions.funmoods_i.smplGrp - none

FF - user.js: extensions.funmoods_i.tlbrId - base

FF - user.js: extensions.funmoods_i.instlRef -

FF - user.js: extensions.funmoods_i.dfltLng -

FF - user.js: extensions.funmoods_i.excTlbr - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - tt=090212_noffx

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 543d719b000000000000001485849888

FF - user.js: extensions.BabylonToolbar_i.hardId - 543d719b000000000000001485849888

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15387

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:07

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)

AddRemove-funmoods - c:\program files\Funmoods\funmoods\1.5.11.16\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-02-22 13:52

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Voltooingstijd: 2012-02-22 13:54:19

ComboFix-quarantined-files.txt 2012-02-22 12:54

ComboFix2.txt 2012-02-21 16:10

.

Pre-Run: 38.931.501.056 bytes beschikbaar

Post-Run: 38.922.973.184 bytes beschikbaar

.

- - End Of File - - 3BCC564BB0505E73DFB79E7757B222ED

kape · 22 februari 2012

Dit is slechts gedeeltelijk gelukt, even een deel opnieuw doen :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\documents and settings\Wim Application Data\Mozilla\Firefox\Profiles\j7zjz56a.default\

FF - prefs.js: browser.search.defaulturl -

FF - prefs.js: browser.startup.homepage -