• Hulpvragenden in dit forumonderdeel worden enkel geholpen door daartoe bevoegde teamleden.
    Dit is belangrijk, zodat de hulpvragende goed geholpen kan worden zonder (goedbedoelde) aanvullende berichten van andere leden.
    Reageren op andermans discussie is daarom uitgeschakeld.
  • De afgelopen dagen zijn er meerdere fora waarop bestaande accounts worden overgenomen door spammers. De gebruikersnamen en wachtwoorden zijn via een hack of een lek via andere sites buitgemaakt. Via have i been pwned? kan je controleren of jouw gegeven ook zijn buitgemaakt. Wijzig bij twijfel jouw wachtwoord of schakel de twee-staps-verificatie in.

Babylon Toolbar niet te verwijderen !

Status
Niet open voor verdere reacties.
alphe301

alphe301

Bekend gezicht
Lid geworden
13 jul 2009
Berichten
159
Waarderingsscore
0
Kan iemand mij helpen deze vervelende Toolbar te verwijderen (Babylon toolbar )
En misschien zit er nog meer vuiligheid tussen wat ook nog verwijderty kan worden Bij voorbaad dank.

---------- Bericht toegevoegd om 14:16 ---------- Vorige bericht geplaatst om 14:14 ----------

Vergeet een Hijack progje sorry.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:04:32, on 3-1-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Pc-beveiliging totaal\Anti-Virus\fsgk32st.exe
C:\Program Files\Pc-beveiliging totaal\Common\FSMA32.EXE
C:\Program Files\Pc-beveiliging totaal\Anti-Virus\FSGK32.EXE
C:\Program Files\Pc-beveiliging totaal\Common\FSHDLL32.EXE
C:\Program Files\Common Files\Iconix\IconixService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
I:\PSI\PSIA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Pc-beveiliging totaal\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
I:\Nuria\Nuria.exe
C:\Documents and Settings\Alphen\Local Settings\Application Data\PanelClix Software\PanelClix Software.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
I:\PSI\psi_tray.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Pc-beveiliging totaal\FWES\Program\fsdfwd.exe
C:\Program Files\Pc-beveiliging totaal\Anti-Virus\fssm32.exe
C:\Program Files\Pc-beveiliging totaal\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\dllhost.exe
I:\PSI\sua.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
C:\WINDOWS\system32\SearchProtocolHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://nl.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_ss&affID=101240&mntrId=8c65710100000000000000173140b95c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Pc-beveiliging totaal\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: WakoopaBHOClass Class - {FB4D29C1-82DE-4b80-8BB0-A7CDDDCD2773} - C:\Documents and Settings\Alphen\Local Settings\Application Data\Wakoopa Shared\WakoopaBHO.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Pc-beveiliging totaal\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pc-beveiliging totaal\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pc-beveiliging totaal\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [IconixOEAddOn] "C:\Program Files\Iconix\OEAddOn\OEdmn_6.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Nuria] I:\Nuria\Nuria.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Alphen\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PanelClix Software] C:\Documents and Settings\Alphen\Local Settings\Application Data\PanelClix Software\PanelClix Software.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Secunia PSI Tray.lnk = I:\PSI\psi_tray.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: In weblog opnemen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &In weblog opnemen met Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_46.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - http://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - http://www1.snapfish.nl/SnapfishActivia.cab
O16 - DPF: {426784E5-24B2-4708-820D-117342FAD009} - http://alphe301.hyves.nl/cab/outlookaddressbook.cab
O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} - http://cache.hyves-static.net/statics/Aurigma/ImageUploader4.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} - file:///D:/MEMDISC/ALBUM_A/VIEW/PLUGIN/HPODPCFC.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{51A992E1-9FD9-44FE-B19E-6CD05E064A65}: NameServer = 195.121.1.34,195.121.1.66
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorien - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Pc-beveiliging totaal\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pc-beveiliging totaal\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Pc-beveiliging totaal\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Pc-beveiliging totaal\ORSP Client\fsorsp.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iconix Update Service (IconixService) - Unknown owner - C:\Program Files\Common Files\Iconix\IconixService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Secunia PSI Agent - Secunia - I:\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - I:\PSI\sua.exe
O24 - Desktop Component 0: (no name) - http://www.ingbank.nl/cmn/img/ing130x39.gif
O24 - Desktop Component 1: (no name) - https://mijn.ing.nl/internetbankieren/gfx/ico_sluit.gif
O24 - Desktop Component 2: (no name) - file:///C:/DOCUME~1/Alphen/LOCALS~1/Temp/msohtml1/01/clip_image001.gif
O24 - Desktop Component 3: (no name) - http://www.yellowbrick.nl/images/system/yellowbrick-logo.gif
O24 - Desktop Component 5: (no name) - http://www.hyves.nl/

--
End of file - 13534 bytes
 
Hallo alphe301, Babylon is een kreng!

Je mag het volgende doen:

Welk programma: ComboFix
Waarvoor/waarom: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
Moeilijkheidsgraad: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
Downloadlokatie: Dit programma absoluut naar het bureaublad downloaden!
Download ComboFix via n van deze locaties:
Hier zie je hoe je ComboFix moet gebruiken.

Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
Hier en hier
 vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

Opmerkingen:
  • Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
  • Alle openstaande programma's en webpagina's dienen afgesloten te zijn.
ComboFix opstarten:
  • Windows 2000 en Windows XP: start ComboFix.exe middels dubbelklik op ComboFix.exe.
  • Windows Vista en Windows 7: start ComboFix.exe via rechtsklik op ComboFix.exe en kies dan voor "Als Administrator uitvoeren".
ComboFix is opgestart:
  • Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
  • Combofix sluit tijdens de scan de internet verbinding probeer deze tussentijds niet te herstellen!
  • Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
  • Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
  • Post de inhoud van dit logbestand via DDRMMR's kleurcodeerder in je volgende bericht.
  • Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt
Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Illegal operation attempted on a registery key that has been marked for deletion.
  • Start dan de computer opnieuw op.
 
Hallo Abraham
Kan je mij ook vertellen hoe ik mijn F-secure kan uit schakelen, volgens opgave in het program gaat dat niet lukken zo ging dat vroeger denk ik maar hoe dat op het ogenblik gaat kan ik niet vinden.
 
Hoi Alphe, volgens mij krijg jedie optie via het menu van F-Secure.
Alternatief kan je in de systeemtray (bij de klok) met rechts op het F-Secure icoon klikken en kijken of je dan in dat menu een optie tot de-aktiveren krijgt.
 
[hjt]
combofix 12-01-04.02 - alphen 04-01-2012 17:01:54.1.1 - x86
microsoft windows xp professional 5.1.2600.3.1252.31.1043.18.2014.1287 [gmt 1:00]
gestart vanuit: i:\combofix.exe
av: pc-beveiliging totaal 9.12 *enabled/updated* {e7512ed5-4245-4b4d-af3a-382d3f313f15}
fw: pc-beveiliging totaal 9.12 *disabled* {d4747503-0346-49eb-9262-997542f79bf4}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\all users\application data\temp
c:\documents and settings\alphen\local settings\application data\panelclix software\panelclix software.exe
c:\documents and settings\alphen\windows
c:\program files\internet explorer\set5.tmp
c:\program files\internet explorer\set6.tmp
c:\program files\internet explorer\set60.tmp
c:\program files\internet explorer\set61.tmp
c:\program files\internet explorer\set62.tmp
c:\program files\internet explorer\set7.tmp
c:\windows\isun0413.exe
c:\windows\kb913800.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\set10.tmp
c:\windows\system32\set11.tmp
c:\windows\system32\set12.tmp
c:\windows\system32\set13.tmp
c:\windows\system32\set14.tmp
c:\windows\system32\set15.tmp
c:\windows\system32\set17.tmp
c:\windows\system32\set18.tmp
c:\windows\system32\set19.tmp
c:\windows\system32\set1a.tmp
c:\windows\system32\set1b.tmp
c:\windows\system32\set1c.tmp
c:\windows\system32\set1e.tmp
c:\windows\system32\set1f.tmp
c:\windows\system32\set20.tmp
c:\windows\system32\set21.tmp
c:\windows\system32\set22.tmp
c:\windows\system32\set23.tmp
c:\windows\system32\set24.tmp
c:\windows\system32\set25.tmp
c:\windows\system32\set26.tmp
c:\windows\system32\set27.tmp
c:\windows\system32\set28.tmp
c:\windows\system32\set29.tmp
c:\windows\system32\set2a.tmp
c:\windows\system32\set2b.tmp
c:\windows\system32\set2c.tmp
c:\windows\system32\set2d.tmp
c:\windows\system32\set2e.tmp
c:\windows\system32\set2f.tmp
c:\windows\system32\set30.tmp
c:\windows\system32\set31.tmp
c:\windows\system32\set32.tmp
c:\windows\system32\set33.tmp
c:\windows\system32\set34.tmp
c:\windows\system32\set35.tmp
c:\windows\system32\set36.tmp
c:\windows\system32\set37.tmp
c:\windows\system32\set65.tmp
c:\windows\system32\set66.tmp
c:\windows\system32\set67.tmp
c:\windows\system32\set68.tmp
c:\windows\system32\set69.tmp
c:\windows\system32\set6a.tmp
c:\windows\system32\set6b.tmp
c:\windows\system32\set6c.tmp
c:\windows\system32\set6d.tmp
c:\windows\system32\set6e.tmp
c:\windows\system32\set6f.tmp
c:\windows\system32\set70.tmp
c:\windows\system32\set72.tmp
c:\windows\system32\set73.tmp
c:\windows\system32\set74.tmp
c:\windows\system32\set75.tmp
c:\windows\system32\set76.tmp
c:\windows\system32\set77.tmp
c:\windows\system32\set79.tmp
c:\windows\system32\set7a.tmp
c:\windows\system32\set7b.tmp
c:\windows\system32\set7c.tmp
c:\windows\system32\set7d.tmp
c:\windows\system32\set7e.tmp
c:\windows\system32\set7f.tmp
c:\windows\system32\set80.tmp
c:\windows\system32\set81.tmp
c:\windows\system32\set82.tmp
c:\windows\system32\set83.tmp
c:\windows\system32\set84.tmp
c:\windows\system32\set85.tmp
c:\windows\system32\set86.tmp
c:\windows\system32\set87.tmp
c:\windows\system32\set88.tmp
c:\windows\system32\set89.tmp
c:\windows\system32\set8a.tmp
c:\windows\system32\set8b.tmp
c:\windows\system32\set8c.tmp
c:\windows\system32\set8d.tmp
c:\windows\system32\set8e.tmp
c:\windows\system32\set8f.tmp
c:\windows\system32\set90.tmp
c:\windows\system32\set91.tmp
c:\windows\system32\set92.tmp
c:\windows\system32\seta.tmp
c:\windows\system32\setb.tmp
c:\windows\system32\setc.tmp
c:\windows\system32\setd.tmp
c:\windows\system32\sete.tmp
c:\windows\system32\setf.tmp
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-12-04 to 2012-01-04 ))))))))))))))))))))))))))))))
.
.
2012-01-02 17:00 . 2012-01-02 17:00 -------- d-----w- c:\documents and settings\alphen\application data\ariane software
2011-12-22 17:00 . 2011-12-22 17:00 237 -c--a-w- c:\user.js
2011-12-22 16:59 . 2011-12-22 16:59 -------- d-----w- c:\documents and settings\alphen\appdata
2011-12-22 16:59 . 2012-01-02 23:39 -------- d-----w- c:\program files\browsercompanion
2011-12-22 16:59 . 2011-12-22 16:59 -------- d-----w- c:\documents and settings\alphen\local settings\application data\babylon
2011-12-22 16:59 . 2011-12-22 16:59 -------- dc----w- c:\documents and settings\all users\application data\babylon
2011-12-22 16:59 . 2011-12-22 16:59 -------- d-----w- c:\documents and settings\alphen\application data\babylon
2011-12-18 12:37 . 2012-01-03 16:54 -------- d--h--r- c:\documents and settings\alphen\onlangs geopend
2011-12-17 15:14 . 2011-12-17 15:14 -------- d-----w- c:\documents and settings\alphen\application data\wakoopa
2011-12-17 15:13 . 2011-12-17 15:13 -------- d-----w- c:\documents and settings\alphen\local settings\application data\wakoopa shared
2011-12-17 15:13 . 2012-01-04 16:11 -------- d-----w- c:\documents and settings\alphen\local settings\application data\panelclix software
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 17:51 . 2011-11-14 17:27 417440 ----a-w- c:\windows\system32\flashplayerapp.exe
2011-12-21 17:51 . 2011-03-21 09:31 70304 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-12-10 14:24 . 2009-09-30 15:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 14:40 . 2006-04-10 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 16:29 . 2011-05-17 15:53 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-14 16:29 . 2010-04-15 10:49 544656 ----a-w- c:\windows\system32\deployjava1.dll
2011-11-04 19:13 . 2006-04-10 12:00 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2006-04-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2006-04-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2006-04-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-04-10 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2006-04-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2006-04-10 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-04 00:58 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-14 16:38 . 2006-04-10 12:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-01-01 21:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"nuria"=i:\nuria\nuria.exe [2011-08-24 1706496]
"swg"=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe [2007-03-30 68856]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"soundmaxpnp"=c:\program files\analog devices\core\smax4pnp.exe [2005-05-20 925696]
"hp software update"=c:\program files\hewlett-packard\hp software update\hpwuschd.exe [2003-08-04 49152]
"high definition audio property page shortcut"="hdashcut.exe" [2004-10-27 61952]
"google desktop search"=c:\program files\google\google desktop search\googledesktop.exe [2011-11-14 30192]
"ehtray"=c:\windows\ehome\ehtray.exe [2005-08-17 64512]
"f-secure manager"=c:\program files\pc-beveiliging totaal\common\fsm32.exe [2011-12-22 201128]
"f-secure tnb"=c:\program files\pc-beveiliging totaal\fsgui\tnbutil.exe [2011-08-23 1655464]
"adobe reader speed launcher"=c:\program files\adobe\reader 10.0\reader\reader_sl.exe [2011-09-05 35736]
"adobe arm"=c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-06-06 937920]
"nvmediacenter"=c:\windows\system32\nvmctray.dll [2011-01-07 111208]
"nvcpldaemon"=c:\windows\system32\nvcpl.dll [2011-01-07 13880424]
"nwiz"=c:\program files\nvidia corporation\nview\nwiz.exe [2010-11-04 1753192]
"intellipoint"=c:\program files\microsoft intellipoint\ipoint.exe [2010-07-21 1797008]
"itype"=c:\program files\microsoft intellitype pro\itype.exe [2010-07-21 1778064]
"iconixoeaddon"=c:\program files\iconix\oeaddon\oedmn_6.exe [2011-10-02 343392]
"malwarebytes' anti-malware"=i:\malwarebytes' anti-malware\mbamgui.exe [2011-12-24 460872]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
c:\documents and settings\all users\menu start\programma's\opstarten\
acrobat assistant.lnk - c:\program files\adobe\acrobat 5.0\distillr\acrotray.exe [2011-5-18 82026]
adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [2011-5-18 110592]
secunia psi tray.lnk - i:\psi\psi_tray.exe [2011-4-19 291896]
windows search.lnk - c:\program files\windows desktop search\windowssearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56f9679e-7826-4c84-81f3-532071a8bcc5}"= c:\program files\windows desktop search\msnlnamespacemgr.dll [2009-05-24 304128]
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
2010-08-09 12:47 248832 ----a-w- i:\filehippo.com\updatechecker.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\garmin lifetime updater]
2011-10-03 08:14 1409384 ----a-w- i:\backup (i)\garminlifetime.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\malwarebytes' anti-malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\malwarebytes' anti-malware\mbamgui.exe
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
c:\\windows\\system32\\dpvsetup.exe=
c:\\program files\\hewlett-packard\\digital imaging\\unload\\hpqphunl.exe=
c:\\windows\\system32\\sessmgr.exe=
c:\\windows\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqtra08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqste08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpofxm08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hposfx08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hposid01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqscnvw.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqkygrp.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqcopy.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpfccopy.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpzwiz01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpoews01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqnrs08.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
%windir%\\system32\\sessmgr.exe=
c:\\program files\\messenger\\msmsgs.exe=
c:\\program files\\windows live\\messenger\\wlcsdk.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
.
r0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [26-4-2009 12:50 42672]
r0 fsfw;f-secure firewall driver;c:\windows\system32\drivers\fsdfw.sys [6-5-2009 17:02 81864]
r1 f-secure hips;f-secure hips driver;c:\program files\pc-beveiliging totaal\hips\drivers\fshs.sys [6-5-2009 17:01 69928]
r2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5-9-2011 17:34 21992]
r2 iconixservice;iconix update service;c:\program files\common files\iconix\iconixservice.exe [9-11-2011 17:54 284512]
r2 mbamservice;mbamservice;c:\program files\malwarebytes' anti-malware\mbamservice.exe [30-9-2009 16:29 366152]
r2 secunia psi agent;secunia psi agent;i:\psi\psia.exe --start-service --> i:\psi\psia.exe --start-service [?]
r2 secunia update agent;secunia update agent;i:\psi\sua.exe --start-service --> i:\psi\sua.exe --start-service [?]
r3 dc3d;ms hardware device detection driver (usb);c:\windows\system32\drivers\dc3d.sys [20-3-2011 15:11 44432]
r3 f-secure gatekeeper;f-secure gatekeeper;c:\program files\pc-beveiliging totaal\anti-virus\minifilter\fsgk.sys [6-5-2009 17:01 148632]
r3 fsorspclient;f-secure orsp client;c:\program files\pc-beveiliging totaal\orsp client\fsorsp.exe [6-5-2009 17:01 61088]
r3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [30-9-2009 16:29 20464]
r3 psi;psi;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 9:30 15544]
s0 bazjx;bazjx;c:\windows\system32\drivers\meup.sys --> c:\windows\system32\drivers\meup.sys [?]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
s2 gupdate;google update service (gupdate);c:\program files\google\update\googleupdate.exe [15-3-2010 14:45 135664]
s3 adobeflashplayerupdatesvc;adobe flash player update service;c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [14-11-2011 18:27 253600]
s3 googledesktopmanager-051210-111108;google desktop manager 5.9.1005.12335;c:\program files\google\google desktop search\googledesktop.exe [13-2-2007 18:47 30192]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [15-3-2010 14:45 135664]
s3 hitmanpro3;hitman pro 3 support driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
s3 wpffontcache_v0400;windows presentation foundation font cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe [18-3-2010 13:16 753504]
.
inhoud van de 'gedeelde taken' map
.
2012-01-04 c:\windows\tasks\adobe flash player updater.job
- c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [2011-11-14 17:51]
.
2012-01-04 c:\windows\tasks\glaryinitialize.job
- i:\glary utilities\initialize.exe [2009-11-09 15:24]
.
2012-01-04 c:\windows\tasks\google software updater.job
- c:\program files\google\common\google updater\googleupdaterservice.exe [2007-02-13 16:09]
.
2012-01-04 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2010-03-15 13:45]
.
2012-01-04 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2010-03-15 13:45]
.
2012-01-03 c:\windows\tasks\googleupdatetaskusers-1-5-21-1220945662-1757981266-725345543-1003core.job
- c:\documents and settings\alphen\local settings\application data\google\update\googleupdate.exe [2011-12-12 16:14]
.
2012-01-04 c:\windows\tasks\googleupdatetaskusers-1-5-21-1220945662-1757981266-725345543-1003ua.job
- c:\documents and settings\alphen\local settings\application data\google\update\googleupdate.exe [2011-12-12 16:14]
.
2011-12-26 c:\windows\tasks\syncback sincback 3.job
- c:\program files\2brightsparks\syncback\syncback.exe [2009-07-27 14:42]
.
2011-12-01 c:\windows\tasks\syncback sincback 4.job
- c:\program files\2brightsparks\syncback\syncback.exe [2009-07-27 14:42]
.
.
------- bijkomende scan -------
.
usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8
ustart page = hxxp://search.babylon.com/?babsrc=hp_ss&affid=101240&mntrid=8c65710100000000000000173140b95c
udefault_search_url = hxxp://www.google.com/ie
usearchassistant = hxxp://www.google.com/ie
usearchurl,(default) = hxxp://www.google.com/search?q=%s
ie: add to google photos screensa&ver - c:\windows\system32\gphotos.scr/200
tcp: dhcpnameserver = 192.168.1.254 195.241.77.55 195.241.77.58
tcp: interfaces\{51a992e1-9fd9-44fe-b19e-6cd05e064a65}: nameserver = 195.121.1.34,195.121.1.66
dpf: garmin communicator plug-in - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/garminaxcontrol.cab
dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
.
- - - - orphans verwijderd - - - -
.
webbrowser-{d4027c7f-154a-4066-a1ad-4243d8127440} - (no file)
hkcu-run-panelclix software - c:\documents and settings\alphen\local settings\application data\panelclix software\panelclix software.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2012-01-04 17:19
windows 5.1.2600 service pack 3 ntfs
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\||9~*]
"3140211900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
--------------------- dlls geladen onder lopende processen ---------------------
.
- - - - - - - > 'winlogon.exe'(652)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(724)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
- - - - - - - > 'explorer.exe'(344)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\spam control\fsscoepl.dll
c:\program files\iconix\oeaddon\oeldr_7.dll
c:\windows\system32\msi.dll
c:\windows\system32\msls31.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
- - - - - - - > 'csrss.exe'(628)
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
------------------------ andere aktieve processen ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehsched.exe
c:\program files\pc-beveiliging totaal\anti-virus\fsgk32st.exe
c:\program files\pc-beveiliging totaal\common\fsma32.exe
c:\program files\pc-beveiliging totaal\anti-virus\fsgk32.exe
c:\program files\pc-beveiliging totaal\common\fshdll32.exe
c:\program files\java\jre7\bin\jqs.exe
c:\windows\system32\hpzipm12.exe
i:\psi\psia.exe
c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
c:\windows\system32\searchindexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\common files\microsoft shared\windows live\wlidsvcm.exe
c:\program files\pc-beveiliging totaal\fwes\program\fsdfwd.exe
c:\program files\pc-beveiliging totaal\anti-virus\fssm32.exe
c:\windows\system32\wscntfy.exe
c:\program files\pc-beveiliging totaal\anti-virus\fsav32.exe
i:\psi\sua.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
voltooingstijd: 2012-01-04 17:31:51 - machine werd herstart
combofix-quarantined-files.txt 2012-01-04 16:31
.
pre-run: 16.010.592.256 bytes beschikbaar
post-run: 16.130.174.976 bytes beschikbaar
.
windowsxp-kb310994-sp2-pro-bootdisk-nld.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\windows
[operating systems]
c:\cmdcons\bootsect.dat="microsoft windows recovery console" /cmdcons
unsupporteddebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\windows="windows xp media center edition" /noexecute=optin /fastdetect
.
- - end of file - - a4337a4a2add288232790515571df09e

[/hjt]

---------- Bericht toegevoegd om 17:40 ---------- Vorige bericht geplaatst om 17:35 ----------

Hallo Abraham het is mij toch gelukt de F-secure is inderdaad met rechtsklik en daarna alle net verkeer toestaan klikken en dan verschijnt de rode schild.
Ik zie wel wat de volgende stap is , bij voorbaat dank.

Ad van Alphen
 
Hallo Ad, je had dus een vieze worm in jouw Windows.

Daarom wil ik graag dat jij nu het volgende doet: doe de ESET online scan (Klik).
  • Klik op de knop ESET Online Scanner
  • Zet een vinkje bij YES, I accept the Terms of Use
  • Klik op Start
  • Sta het ActiveX control toe om te installeren.
  • Zet een vinkje bij de volgende opties:
    • Remove found threats
    • Scan archives
  • Klik vervolgens op "Advanced Settings"
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Klik op Start
  • De computer wordt nu gescand. Dit kan best lang duren, heb dus geduld.
  • is de scan klaar, klik dan op > List of found threats
  • Klik vervolgens op > Export to text file....
  • Als opslaglokatie Bureaublad en geef het kladblokbestand een duidelijke titel.
  • Daarna mag jij het venster sluiten omdat de scan klaar is.
  • Open vervolgens het log dat op je bureaublad staat.
  • En kopieer en plak dan de inhoud van dit log in je volgende bericht.
N.B.: deaktiveer tijdelijk je eigen antivirus tijdens de scan, dan is de onlinescan sneller!
 
Hallo Abraham het heeft inderdaad wat tijd gekost , en ik hoop dat ik een eind opstreek ben , dit had ik niet verwacht met zo'n Babylon Toolbar om dan meteen nog meer te vinden.
Kan dat ook komen door de oude bestandjes van Adobe, ik durf deze niet te verwijderen omdat ze misschien nodig zijn voor de updates van de nieuwe,nou ik hoor het graag van je.


C:\Documents and Settings\Alphen\Mijn documenten\Downloads\DriverReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
C:\Documents and Settings\Alphen\Mijn documenten\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
C:\Program Files\Uniblue\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
C:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP648\A0248875.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP648\A0248876.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP648\A0248877.dll a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP648\A0248878.dll Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP648\A0248880.exe probably a variant of Win32/Toolbar.Babylon application cleaned by deleting - quarantined
C:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP649\A0249263.exe Win32/RegistryBooster application cleaned by deleting - quarantined
I:\installer_emsisoft_emergency_kit.exe Win32/Toggle application deleted - quarantined
I:\RegistryReviverSetup.exe a variant of Win32/RegistryReviver application deleted - quarantined
I:\Mijn documenten\hitmanpro30.exe Win32/Packed.Autoit.B.Gen application deleted - quarantined
I:\Mijn documenten\slow-pcfighter_Web.exe probably a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
I:\Mijn documenten\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP278\A0129932.exe Win32/Packed.Autoit.B.Gen application deleted - quarantined
I:\Mijn documenten\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP278\A0130179.exe probably a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
I:\RegistryBooster\registrybooster.exe Win32/RegistryBooster application cleaned by deleting - quarantined
J:\hitmanpro30.exe Win32/Packed.Autoit.B.Gen application deleted - quarantined
J:\slow-pcfighter_Web.exe probably a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
J:\Downloads\chromeinstall-rv.exe a variant of Win32/RegistryBooster application deleted - quarantined
J:\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
J:\Downloads\RegistryReviverInstall (1).exe Win32/RegistryReviver application deleted - quarantined
J:\Downloads\RegistryReviverInstall.exe Win32/RegistryReviver application deleted - quarantined
J:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP649\A0249271.exe Win32/Packed.Autoit.B.Gen application deleted - quarantined
J:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP649\A0249272.exe probably a variant of Win32/SlowPCfighter application cleaned by deleting - quarantined
J:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP649\A0249273.exe a variant of Win32/RegistryBooster application deleted - quarantined
J:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP649\A0249274.exe Win32/RegistryBooster application deleted - quarantined
J:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP649\A0249275.exe Win32/RegistryReviver application deleted - quarantined
J:\System Volume Information\_restore{02BF5DB0-F2A9-49B5-9799-63DCD29935C9}\RP649\A0249276.exe Win32/RegistryReviver application deleted - quarantined

---------- Bericht toegevoegd om 18:07 ---------- Vorige bericht geplaatst om 17:21 ----------

[hjt]
c:\documents and settings\alphen\mijn documenten\downloads\driverreviversetup.exe a variant of win32/registryreviver application deleted - quarantined
c:\documents and settings\alphen\mijn documenten\downloads\registrybooster.exe win32/registrybooster application deleted - quarantined
c:\program files\uniblue\registrybooster\registrybooster.exe win32/registrybooster application cleaned by deleting - quarantined
c:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp648\a0248875.dll win32/toolbar.babylon application cleaned by deleting - quarantined
c:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp648\a0248876.dll win32/toolbar.babylon application cleaned by deleting - quarantined
c:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp648\a0248877.dll a variant of win32/toolbar.babylon application cleaned by deleting - quarantined
c:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp648\a0248878.dll win32/toolbar.babylon application cleaned by deleting - quarantined
c:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp648\a0248880.exe probably a variant of win32/toolbar.babylon application cleaned by deleting - quarantined
c:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp649\a0249263.exe win32/registrybooster application cleaned by deleting - quarantined
i:\installer_emsisoft_emergency_kit.exe win32/toggle application deleted - quarantined
i:\registryreviversetup.exe a variant of win32/registryreviver application deleted - quarantined
i:\mijn documenten\hitmanpro30.exe win32/packed.autoit.b.gen application deleted - quarantined
i:\mijn documenten\slow-pcfighter_web.exe probably a variant of win32/slowpcfighter application cleaned by deleting - quarantined
i:\mijn documenten\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp278\a0129932.exe win32/packed.autoit.b.gen application deleted - quarantined
i:\mijn documenten\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp278\a0130179.exe probably a variant of win32/slowpcfighter application cleaned by deleting - quarantined
i:\registrybooster\registrybooster.exe win32/registrybooster application cleaned by deleting - quarantined
j:\hitmanpro30.exe win32/packed.autoit.b.gen application deleted - quarantined
j:\slow-pcfighter_web.exe probably a variant of win32/slowpcfighter application cleaned by deleting - quarantined
j:\downloads\chromeinstall-rv.exe a variant of win32/registrybooster application deleted - quarantined
j:\downloads\registrybooster.exe win32/registrybooster application deleted - quarantined
j:\downloads\registryreviverinstall (1).exe win32/registryreviver application deleted - quarantined
j:\downloads\registryreviverinstall.exe win32/registryreviver application deleted - quarantined
j:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp649\a0249271.exe win32/packed.autoit.b.gen application deleted - quarantined
j:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp649\a0249272.exe probably a variant of win32/slowpcfighter application cleaned by deleting - quarantined
j:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp649\a0249273.exe a variant of win32/registrybooster application deleted - quarantined
j:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp649\a0249274.exe win32/registrybooster application deleted - quarantined
j:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp649\a0249275.exe win32/registryreviver application deleted - quarantined
j:\system volume information\_restore{02bf5db0-f2a9-49b5-9799-63dcd29935c9}\rp649\a0249276.exe win32/registryreviver application deleted - quarantined

[/hjt]
 
Hallo Alphe, driver update programma's, register opschoners niet meer gebruiken.
De kans dat dit soort tools Windows compleet vernaggelen is zeer groot.

De systeemherstelpunten zijn niet meer te vertrouwen, dus die gaan we flushen!
Systeemherstelpunten opschonen
Klik met rechts op Deze computer en klik op Eigenschappen.
  • In het venster Systeemeigenschappen klik je op de tab Systeemherstel
  • Zet nu een vinkje bij Systeemherstel op alle statons uitschakelen
  • Klik vervolgens op de knoppen Toepassen en OK
  • Herstart nu je computer, daardoor worden alle herstelpunten, dus ook de vervuilde, gewist.
  • Na de herstart van jouw PC ga je via dezelfde weg Systeemherstel weer inschakelen.


Laat hierna ComboFix een nieuw scan doen.

Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

- of ComboFix wil geupdated worden;
- of ComboFix wil opnieuw gedownload worden.

Krijg je dus zo'n melding, dan dit ook uitvoeren.

Post de inhoud van het log wederom via de kleurcodeerder.
 
[hjt]
combofix 12-01-05.04 - alphen 06-01-2012 15:17:55.2.1 - x86
microsoft windows xp professional 5.1.2600.3.1252.31.1043.18.2014.1338 [gmt 1:00]
gestart vanuit: i:\combofix.exe
av: pc-beveiliging totaal 9.12 *enabled/updated* {e7512ed5-4245-4b4d-af3a-382d3f313f15}
fw: pc-beveiliging totaal 9.12 *disabled* {d4747503-0346-49eb-9262-997542f79bf4}
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-12-06 to 2012-01-06 ))))))))))))))))))))))))))))))
.
.
2012-01-05 12:59 . 2012-01-05 12:59 -------- d-----w- c:\program files\eset
2012-01-02 17:00 . 2012-01-02 17:00 -------- d-----w- c:\documents and settings\alphen\application data\ariane software
2011-12-22 17:00 . 2011-12-22 17:00 237 -c--a-w- c:\user.js
2011-12-22 16:59 . 2011-12-22 16:59 -------- d-----w- c:\documents and settings\alphen\appdata
2011-12-22 16:59 . 2012-01-02 23:39 -------- d-----w- c:\program files\browsercompanion
2011-12-22 16:59 . 2011-12-22 16:59 -------- d-----w- c:\documents and settings\alphen\local settings\application data\babylon
2011-12-22 16:59 . 2011-12-22 16:59 -------- dc----w- c:\documents and settings\all users\application data\babylon
2011-12-22 16:59 . 2011-12-22 16:59 -------- d-----w- c:\documents and settings\alphen\application data\babylon
2011-12-18 12:37 . 2012-01-05 17:11 -------- d--h--r- c:\documents and settings\alphen\onlangs geopend
2011-12-17 15:14 . 2011-12-17 15:14 -------- d-----w- c:\documents and settings\alphen\application data\wakoopa
2011-12-17 15:13 . 2011-12-17 15:13 -------- d-----w- c:\documents and settings\alphen\local settings\application data\wakoopa shared
2011-12-17 15:13 . 2012-01-04 16:11 -------- d-----w- c:\documents and settings\alphen\local settings\application data\panelclix software
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 17:51 . 2011-11-14 17:27 417440 ----a-w- c:\windows\system32\flashplayerapp.exe
2011-12-21 17:51 . 2011-03-21 09:31 70304 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-12-10 14:24 . 2009-09-30 15:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 14:40 . 2006-04-10 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 16:29 . 2011-05-17 15:53 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-14 16:29 . 2010-04-15 10:49 544656 ----a-w- c:\windows\system32\deployjava1.dll
2011-11-04 19:13 . 2006-04-10 12:00 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2006-04-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2006-04-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2006-04-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-04-10 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2006-04-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2006-04-10 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-04 00:58 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-14 16:38 . 2006-04-10 12:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-01-01 21:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( snapshot@2012-01-04_16.19.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-06 14:09 . 2012-01-06 14:09 16384 c:\windows\temp\perflib_perfdata_774.dat
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"nuria"=i:\nuria\nuria.exe [2011-08-24 1706496]
"swg"=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe [2007-03-30 68856]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"soundmaxpnp"=c:\program files\analog devices\core\smax4pnp.exe [2005-05-20 925696]
"hp software update"=c:\program files\hewlett-packard\hp software update\hpwuschd.exe [2003-08-04 49152]
"high definition audio property page shortcut"="hdashcut.exe" [2004-10-27 61952]
"google desktop search"=c:\program files\google\google desktop search\googledesktop.exe [2011-11-14 30192]
"ehtray"=c:\windows\ehome\ehtray.exe [2005-08-17 64512]
"f-secure manager"=c:\program files\pc-beveiliging totaal\common\fsm32.exe [2011-12-22 201128]
"f-secure tnb"=c:\program files\pc-beveiliging totaal\fsgui\tnbutil.exe [2011-08-23 1655464]
"adobe reader speed launcher"=c:\program files\adobe\reader 10.0\reader\reader_sl.exe [2011-09-05 35736]
"adobe arm"=c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-06-06 937920]
"nvmediacenter"=c:\windows\system32\nvmctray.dll [2011-01-07 111208]
"nvcpldaemon"=c:\windows\system32\nvcpl.dll [2011-01-07 13880424]
"nwiz"=c:\program files\nvidia corporation\nview\nwiz.exe [2010-11-04 1753192]
"intellipoint"=c:\program files\microsoft intellipoint\ipoint.exe [2010-07-21 1797008]
"itype"=c:\program files\microsoft intellitype pro\itype.exe [2010-07-21 1778064]
"iconixoeaddon"=c:\program files\iconix\oeaddon\oedmn_6.exe [2011-10-02 343392]
"malwarebytes' anti-malware"=i:\malwarebytes' anti-malware\mbamgui.exe [2011-12-24 460872]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
c:\documents and settings\all users\menu start\programma's\opstarten\
acrobat assistant.lnk - c:\program files\adobe\acrobat 5.0\distillr\acrotray.exe [2011-5-18 82026]
adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [2011-5-18 110592]
secunia psi tray.lnk - i:\psi\psi_tray.exe [2011-4-19 291896]
windows search.lnk - c:\program files\windows desktop search\windowssearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56f9679e-7826-4c84-81f3-532071a8bcc5}"= c:\program files\windows desktop search\msnlnamespacemgr.dll [2009-05-24 304128]
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
2010-08-09 12:47 248832 ----a-w- i:\filehippo.com\updatechecker.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\garmin lifetime updater]
2011-10-03 08:14 1409384 ----a-w- i:\backup (i)\garminlifetime.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\malwarebytes' anti-malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\malwarebytes' anti-malware\mbamgui.exe
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
c:\\windows\\system32\\dpvsetup.exe=
c:\\program files\\hewlett-packard\\digital imaging\\unload\\hpqphunl.exe=
c:\\windows\\system32\\sessmgr.exe=
c:\\windows\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqtra08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqste08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpofxm08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hposfx08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hposid01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqscnvw.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqkygrp.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqcopy.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpfccopy.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpzwiz01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpoews01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqnrs08.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
%windir%\\system32\\sessmgr.exe=
c:\\program files\\messenger\\msmsgs.exe=
c:\\program files\\windows live\\messenger\\wlcsdk.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
.
r0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [26-4-2009 12:50 42672]
r0 fsfw;f-secure firewall driver;c:\windows\system32\drivers\fsdfw.sys [6-5-2009 17:02 81864]
r1 f-secure hips;f-secure hips driver;c:\program files\pc-beveiliging totaal\hips\drivers\fshs.sys [6-5-2009 17:01 69928]
r2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5-9-2011 17:34 21992]
r2 iconixservice;iconix update service;c:\program files\common files\iconix\iconixservice.exe [9-11-2011 17:54 284512]
r2 mbamservice;mbamservice;c:\program files\malwarebytes' anti-malware\mbamservice.exe [30-9-2009 16:29 366152]
r2 secunia psi agent;secunia psi agent;i:\psi\psia.exe --start-service --> i:\psi\psia.exe --start-service [?]
r2 secunia update agent;secunia update agent;i:\psi\sua.exe --start-service --> i:\psi\sua.exe --start-service [?]
r3 dc3d;ms hardware device detection driver (usb);c:\windows\system32\drivers\dc3d.sys [20-3-2011 15:11 44432]
r3 f-secure gatekeeper;f-secure gatekeeper;c:\program files\pc-beveiliging totaal\anti-virus\minifilter\fsgk.sys [6-5-2009 17:01 148632]
r3 fsorspclient;f-secure orsp client;c:\program files\pc-beveiliging totaal\orsp client\fsorsp.exe [6-5-2009 17:01 61088]
r3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [30-9-2009 16:29 20464]
r3 psi;psi;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 9:30 15544]
s0 bazjx;bazjx;c:\windows\system32\drivers\meup.sys --> c:\windows\system32\drivers\meup.sys [?]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
s2 gupdate;google update service (gupdate);c:\program files\google\update\googleupdate.exe [15-3-2010 14:45 135664]
s3 adobeflashplayerupdatesvc;adobe flash player update service;c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [14-11-2011 18:27 253600]
s3 googledesktopmanager-051210-111108;google desktop manager 5.9.1005.12335;c:\program files\google\google desktop search\googledesktop.exe [13-2-2007 18:47 30192]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [15-3-2010 14:45 135664]
s3 hitmanpro3;hitman pro 3 support driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
s3 wpffontcache_v0400;windows presentation foundation font cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe [18-3-2010 13:16 753504]
.
inhoud van de 'gedeelde taken' map
.
2012-01-05 c:\windows\tasks\adobe flash player updater.job
- c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [2011-11-14 17:51]
.
2012-01-06 c:\windows\tasks\glaryinitialize.job
- i:\glary utilities\initialize.exe [2009-11-09 15:24]
.
2012-01-04 c:\windows\tasks\google software updater.job
- c:\program files\google\common\google updater\googleupdaterservice.exe [2007-02-13 16:09]
.
2012-01-06 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2010-03-15 13:45]
.
2012-01-05 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2010-03-15 13:45]
.
2012-01-05 c:\windows\tasks\googleupdatetaskusers-1-5-21-1220945662-1757981266-725345543-1003core.job
- c:\documents and settings\alphen\local settings\application data\google\update\googleupdate.exe [2011-12-12 16:14]
.
2012-01-06 c:\windows\tasks\googleupdatetaskusers-1-5-21-1220945662-1757981266-725345543-1003ua.job
- c:\documents and settings\alphen\local settings\application data\google\update\googleupdate.exe [2011-12-12 16:14]
.
2011-12-26 c:\windows\tasks\syncback sincback 3.job
- c:\program files\2brightsparks\syncback\syncback.exe [2009-07-27 14:42]
.
2011-12-01 c:\windows\tasks\syncback sincback 4.job
- c:\program files\2brightsparks\syncback\syncback.exe [2009-07-27 14:42]
.
.
------- bijkomende scan -------
.
usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8
ustart page = hxxp://search.babylon.com/?babsrc=hp_ss&affid=101240&mntrid=8c65710100000000000000173140b95c
udefault_search_url = hxxp://www.google.com/ie
usearchassistant = hxxp://www.google.com/ie
usearchurl,(default) = hxxp://www.google.com/search?q=%s
ie: add to google photos screensa&ver - c:\windows\system32\gphotos.scr/200
tcp: dhcpnameserver = 192.168.1.254 195.241.77.55 195.241.77.58
tcp: interfaces\{51a992e1-9fd9-44fe-b19e-6cd05e064a65}: nameserver = 195.121.1.34,195.121.1.66
dpf: garmin communicator plug-in - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/garminaxcontrol.cab
dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2012-01-06 15:29
windows 5.1.2600 service pack 3 ntfs
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\||9~*]
"3140211900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
--------------------- dlls geladen onder lopende processen ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(720)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
- - - - - - - > 'explorer.exe'(2764)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\spam control\fsscoepl.dll
c:\program files\iconix\oeaddon\oeldr_7.dll
c:\windows\system32\msls31.dll
c:\windows\system32\msi.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
- - - - - - - > 'csrss.exe'(624)
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
voltooingstijd: 2012-01-06 15:34:35
combofix-quarantined-files.txt 2012-01-06 14:34
combofix2.txt 2012-01-04 16:31
.
pre-run: 19.363.946.496 bytes beschikbaar
post-run: 19.355.369.472 bytes beschikbaar
.
- - end of file - - 044e732e383975f439be25e96ec36699

[/hjt]

---------- Bericht toegevoegd om 15:43 ---------- Vorige bericht geplaatst om 15:38 ----------

Hallo Abraham, sorry het duurt even ben met een verhuizing ook nog bezig.
Ter Info : Ik heb Google Chrome en Internet Explorer op mijn PC , en op Internet Explorer zit nog steeds Babylon Saerch wat kan ik hier tegen doen of komt er nog een Progje waar ik dingen mee moet verwijderen, ik hoor het wel weer vast bedankt voor je hulp.
 
Doe maar het volgende:
  • klik in IE op de knop Extra en kies Internetopties.
    • Of ga via het Configuratiescherm naar Internetopties
  • Klik dan op de tab Geavanceerd en daar klik je op de knop Opnieuw instellen.
  • Er volgt eerst en waarschuwing en een overzicht van de gevolgen door de actie!
  • Daarbij wordt een uitgebreide schoonmaakactie uitgevoerd.
  • Ook worden ook invoegtoepassingen (zoals bijv. extra zoekbalken van derden) uitgeschakeld.
  • De favorieten blijven behouden.
  • Bevestig dan ook de waarschuwing door nogmaals op de knop Opnieuw instellente klikken.
Na deze actie is Internet Explorer bijna weer als nieuw.

Je hebt dus even flink druk en ik moet er nu ook vandoor;
je log zal ik nog nader bekijken, je hoort van me.
 
Hallo Abraham , ik probeer het nu nog even jullie waren met de Webside niet te bereiken de hele dag en ik dacht eerst dat het bij mij lag.
Maar alle handelingen die ik deed werden netjes gedaan dus waren jullie van het Web , kan dat ?
Maar ik heb je advies opgevolgd ivm IE , ik heb nu MSN erop staan maar als ik rechtsboven op de side het driehoekje aan klik voor meer Brouwsers, staat prominent boven aan de lijst .
Search the Web ( Babylon ) (Standaard )

Groet Ad van Alphen.
 
Hallo Ad, het forum heeft vadaag lange tijd feitelijk platgelegen.
Dus dat lag niet aan je browsers.

We gaan dat Babylon probleem nu oplossen!

Zorg ervoor dat alle openstaande webbrowservensters gesloten zijn.
Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\Kladblok (of Notepad)". .

Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


Code: 
[B][color=#0000FF]ClearJavaCache::

Folder::
c:\documents and settings\alphen\local settings\application data\babylon
c:\documents and settings\all users\application data\babylon
c:\documents and settings\alphen\application data\babylon

DDS::
ustart page = hxxp://search.babylon.com/?babsrc=hp_ss&affid=101240&mntrid=8c65710100000000 000000173140b95c
[/COLOR][/B]


Sla dit kladblokbestand op je bureaublad op als [B]CFScript.txt[/B].

[B][color=#FF0000]Nu eerst de antivirus deaktiveren![/COLOR][/B]


Sleep CFScript.txt in ComboFix.exe


CFScript.gif


Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.


Post het Combofix-log dat na het opnieuw starten wordt getoond via de kleurcodeerder!
Ingeval Combofix je computer opnieuw heeft opgestart (of jij dat hebt gedaan), vindt je het log ook in C:\Combofix.txt

Belangrijke opmerking:
  • Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:
  • Illegal operation attempted on a registery key that has been marked for deletion.
  • Start dan de computer opnieuw op.
 
Nou hier is hij dan het duurde even maar voor een onervaren iemand als ik lukt het mij toch weer, ik word er bloed nerveus van als er iets niet gaat zoals omschreven, daarom doe ik deze dingen niet voor ik naar bed ga want dan gaat het de hele nacht mis, hoop in ieder geval dat alles erop staat zoals het zou moeten.

[hjt]
combofix 12-01-07.03 - alphen 08-01-2012 13:13:39.3.1 - x86
microsoft windows xp professional 5.1.2600.3.1252.31.1043.18.2014.1289 [gmt 1:00]
gestart vanuit: i:\combofix.exe
gebruikte opdracht switches :: c:\documents and settings\alphen\bureaublad\cfscript.txt
av: pc-beveiliging totaal 9.12 *enabled/updated* {e7512ed5-4245-4b4d-af3a-382d3f313f15}
fw: pc-beveiliging totaal 9.12 *disabled* {d4747503-0346-49eb-9262-997542f79bf4}
.
.
(((((((((((((((((((((((((((((((((( andere verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\all users\application data\babylon
c:\documents and settings\alphen\application data\babylon
c:\documents and settings\alphen\application data\babylon\log_file.txt
c:\documents and settings\alphen\local settings\application data\babylon
c:\documents and settings\alphen\local settings\application data\babylon\setup\bab033.tbinst.dat
c:\documents and settings\alphen\local settings\application data\babylon\setup\bab091.norecovericon.dat
c:\documents and settings\alphen\local settings\application data\babylon\setup\babylon.dat
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\common.js
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\eula.html
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\page2.css
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\page2.html
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\page2.js
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\page2lrg.css
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\page9.html
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\pbar.gif
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\title2.png
c:\documents and settings\alphen\local settings\application data\babylon\setup\htmlscreens\toolbar.jpg
c:\documents and settings\alphen\local settings\application data\babylon\setup\setup-tbmntr903-9.0.3.19.zpb
c:\documents and settings\alphen\local settings\application data\babylon\setup\setup.exe
c:\documents and settings\alphen\local settings\application data\babylon\setup\setupstrings.dat
c:\documents and settings\alphen\local settings\application data\babylon\setup\sqlite3.dll
c:\program files\internet explorer\set10.tmp
c:\program files\internet explorer\set61.tmp
c:\program files\internet explorer\set62.tmp
c:\program files\internet explorer\set63.tmp
c:\program files\internet explorer\setb.tmp
c:\program files\internet explorer\setc.tmp
c:\program files\internet explorer\setd.tmp
c:\program files\internet explorer\setd6.tmp
c:\program files\internet explorer\setd7.tmp
c:\program files\internet explorer\setd8.tmp
c:\program files\internet explorer\sete.tmp
c:\program files\internet explorer\setf.tmp
c:\windows\system32\set10.tmp
c:\windows\system32\set100.tmp
c:\windows\system32\set101.tmp
c:\windows\system32\set102.tmp
c:\windows\system32\set103.tmp
c:\windows\system32\set104.tmp
c:\windows\system32\set105.tmp
c:\windows\system32\set106.tmp
c:\windows\system32\set107.tmp
c:\windows\system32\set108.tmp
c:\windows\system32\set11.tmp
c:\windows\system32\set12.tmp
c:\windows\system32\set13.tmp
c:\windows\system32\set14.tmp
c:\windows\system32\set15.tmp
c:\windows\system32\set16.tmp
c:\windows\system32\set17.tmp
c:\windows\system32\set18.tmp
c:\windows\system32\set19.tmp
c:\windows\system32\set1a.tmp
c:\windows\system32\set1b.tmp
c:\windows\system32\set1c.tmp
c:\windows\system32\set1e.tmp
c:\windows\system32\set1f.tmp
c:\windows\system32\set20.tmp
c:\windows\system32\set21.tmp
c:\windows\system32\set22.tmp
c:\windows\system32\set23.tmp
c:\windows\system32\set25.tmp
c:\windows\system32\set26.tmp
c:\windows\system32\set27.tmp
c:\windows\system32\set28.tmp
c:\windows\system32\set29.tmp
c:\windows\system32\set2a.tmp
c:\windows\system32\set2b.tmp
c:\windows\system32\set2c.tmp
c:\windows\system32\set2d.tmp
c:\windows\system32\set2e.tmp
c:\windows\system32\set2f.tmp
c:\windows\system32\set30.tmp
c:\windows\system32\set31.tmp
c:\windows\system32\set32.tmp
c:\windows\system32\set33.tmp
c:\windows\system32\set34.tmp
c:\windows\system32\set35.tmp
c:\windows\system32\set36.tmp
c:\windows\system32\set37.tmp
c:\windows\system32\set38.tmp
c:\windows\system32\set39.tmp
c:\windows\system32\set3a.tmp
c:\windows\system32\set3b.tmp
c:\windows\system32\set3c.tmp
c:\windows\system32\set3d.tmp
c:\windows\system32\set3e.tmp
c:\windows\system32\set3f.tmp
c:\windows\system32\set40.tmp
c:\windows\system32\set41.tmp
c:\windows\system32\set42.tmp
c:\windows\system32\set43.tmp
c:\windows\system32\set44.tmp
c:\windows\system32\set45.tmp
c:\windows\system32\set46.tmp
c:\windows\system32\set47.tmp
c:\windows\system32\set48.tmp
c:\windows\system32\set49.tmp
c:\windows\system32\set4b.tmp
c:\windows\system32\set4c.tmp
c:\windows\system32\set4d.tmp
c:\windows\system32\set4e.tmp
c:\windows\system32\set4f.tmp
c:\windows\system32\set50.tmp
c:\windows\system32\set52.tmp
c:\windows\system32\set53.tmp
c:\windows\system32\set54.tmp
c:\windows\system32\set55.tmp
c:\windows\system32\set56.tmp
c:\windows\system32\set57.tmp
c:\windows\system32\set58.tmp
c:\windows\system32\set59.tmp
c:\windows\system32\set5a.tmp
c:\windows\system32\set5b.tmp
c:\windows\system32\set5c.tmp
c:\windows\system32\set5d.tmp
c:\windows\system32\set5e.tmp
c:\windows\system32\set5f.tmp
c:\windows\system32\set60.tmp
c:\windows\system32\set61.tmp
c:\windows\system32\set62.tmp
c:\windows\system32\set63.tmp
c:\windows\system32\set64.tmp
c:\windows\system32\set65.tmp
c:\windows\system32\set66.tmp
c:\windows\system32\set67.tmp
c:\windows\system32\set68.tmp
c:\windows\system32\set69.tmp
c:\windows\system32\set6a.tmp
c:\windows\system32\set6b.tmp
c:\windows\system32\set6c.tmp
c:\windows\system32\set6d.tmp
c:\windows\system32\set6e.tmp
c:\windows\system32\set6f.tmp
c:\windows\system32\set70.tmp
c:\windows\system32\set71.tmp
c:\windows\system32\set72.tmp
c:\windows\system32\set73.tmp
c:\windows\system32\set74.tmp
c:\windows\system32\set75.tmp
c:\windows\system32\set76.tmp
c:\windows\system32\set77.tmp
c:\windows\system32\set79.tmp
c:\windows\system32\set7b.tmp
c:\windows\system32\set7c.tmp
c:\windows\system32\set7d.tmp
c:\windows\system32\set7e.tmp
c:\windows\system32\set7f.tmp
c:\windows\system32\set80.tmp
c:\windows\system32\set81.tmp
c:\windows\system32\set82.tmp
c:\windows\system32\set83.tmp
c:\windows\system32\set84.tmp
c:\windows\system32\set85.tmp
c:\windows\system32\set86.tmp
c:\windows\system32\set87.tmp
c:\windows\system32\set88.tmp
c:\windows\system32\set89.tmp
c:\windows\system32\set8a.tmp
c:\windows\system32\set8b.tmp
c:\windows\system32\set8c.tmp
c:\windows\system32\set8d.tmp
c:\windows\system32\set8e.tmp
c:\windows\system32\set8f.tmp
c:\windows\system32\set90.tmp
c:\windows\system32\set91.tmp
c:\windows\system32\set92.tmp
c:\windows\system32\set93.tmp
c:\windows\system32\set94.tmp
c:\windows\system32\set95.tmp
c:\windows\system32\set96.tmp
c:\windows\system32\set97.tmp
c:\windows\system32\set98.tmp
c:\windows\system32\set99.tmp
c:\windows\system32\setdb.tmp
c:\windows\system32\setdc.tmp
c:\windows\system32\setdd.tmp
c:\windows\system32\setde.tmp
c:\windows\system32\setdf.tmp
c:\windows\system32\sete0.tmp
c:\windows\system32\sete1.tmp
c:\windows\system32\sete2.tmp
c:\windows\system32\sete3.tmp
c:\windows\system32\sete4.tmp
c:\windows\system32\sete5.tmp
c:\windows\system32\sete6.tmp
c:\windows\system32\sete8.tmp
c:\windows\system32\sete9.tmp
c:\windows\system32\setea.tmp
c:\windows\system32\seteb.tmp
c:\windows\system32\setec.tmp
c:\windows\system32\seted.tmp
c:\windows\system32\setef.tmp
c:\windows\system32\setf0.tmp
c:\windows\system32\setf1.tmp
c:\windows\system32\setf2.tmp
c:\windows\system32\setf3.tmp
c:\windows\system32\setf4.tmp
c:\windows\system32\setf5.tmp
c:\windows\system32\setf6.tmp
c:\windows\system32\setf7.tmp
c:\windows\system32\setf8.tmp
c:\windows\system32\setf9.tmp
c:\windows\system32\setfa.tmp
c:\windows\system32\setfb.tmp
c:\windows\system32\setfc.tmp
c:\windows\system32\setfd.tmp
c:\windows\system32\setfe.tmp
c:\windows\system32\setff.tmp
.
.
(((((((((((((((((((( bestanden gemaakt van 2011-12-08 to 2012-01-08 ))))))))))))))))))))))))))))))
.
.
2012-01-07 15:38 . 2012-01-07 15:38 -------- dc----w- c:\documents and settings\all users\application data\{83c3b2fd-37ea-4c06-a228-e9b5e32ff0b1}
2012-01-07 10:31 . 2012-01-08 10:52 -------- d-----w- c:\windows\system32\ntmsdata
2012-01-05 12:59 . 2012-01-05 12:59 -------- d-----w- c:\program files\eset
2012-01-02 17:00 . 2012-01-02 17:00 -------- d-----w- c:\documents and settings\alphen\application data\ariane software
2011-12-22 17:00 . 2011-12-22 17:00 237 -c--a-w- c:\user.js
2011-12-22 16:59 . 2011-12-22 16:59 -------- d-----w- c:\documents and settings\alphen\appdata
2011-12-22 16:59 . 2012-01-02 23:39 -------- d-----w- c:\program files\browsercompanion
2011-12-18 12:37 . 2012-01-08 12:04 -------- d--h--r- c:\documents and settings\alphen\onlangs geopend
2011-12-17 15:14 . 2011-12-17 15:14 -------- d-----w- c:\documents and settings\alphen\application data\wakoopa
2011-12-17 15:13 . 2011-12-17 15:13 -------- d-----w- c:\documents and settings\alphen\local settings\application data\wakoopa shared
2011-12-17 15:13 . 2012-01-04 16:11 -------- d-----w- c:\documents and settings\alphen\local settings\application data\panelclix software
.
.
.
((((((((((((((((((((((((((((((((((((((( find3m rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-21 17:51 . 2011-11-14 17:27 417440 ----a-w- c:\windows\system32\flashplayerapp.exe
2011-12-21 17:51 . 2011-03-21 09:31 70304 ----a-w- c:\windows\system32\flashplayercplapp.cpl
2011-12-10 14:24 . 2009-09-30 15:29 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-23 14:40 . 2006-04-10 12:00 1859712 ----a-w- c:\windows\system32\win32k.sys
2011-11-14 16:29 . 2011-05-17 15:53 128000 ----a-w- c:\windows\system32\javacpl.cpl
2011-11-14 16:29 . 2010-04-15 10:49 544656 ----a-w- c:\windows\system32\deployjava1.dll
2011-11-04 19:13 . 2006-04-10 12:00 916992 ------w- c:\windows\system32\wininet.dll
2011-11-04 19:13 . 2006-04-10 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 2006-04-10 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-11-04 11:25 . 2006-04-10 12:00 385024 ----a-w- c:\windows\system32\html.iec
2011-11-01 16:07 . 2006-04-10 12:00 1288192 ----a-w- c:\windows\system32\ole32.dll
2011-10-28 05:32 . 2006-04-10 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2011-10-26 10:50 . 2006-04-10 12:00 2197120 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-10-26 10:50 . 2004-08-04 00:58 2073728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-10-14 16:38 . 2006-04-10 12:00 456192 ----a-w- c:\windows\system32\encdec.dll
2011-10-10 14:22 . 2006-01-01 21:42 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((( snapshot@2012-01-04_16.19.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-01-08 10:52 . 2012-01-08 10:53 16384 c:\windows\temp\perflib_perfdata_764.dat
+ 2006-01-01 22:26 . 2012-01-07 10:31 172280 c:\windows\system32\fntcache.dat
- 2006-01-01 22:26 . 2011-12-15 08:12 172280 c:\windows\system32\fntcache.dat
.
((((((((((((((((((((((((((((((((((((( reg opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
regedit4
.
[hkey_current_user\software\microsoft\windows\currentversion\run]
"nuria"=i:\nuria\nuria.exe [2011-08-24 1706496]
"swg"=c:\program files\google\googletoolbarnotifier\googletoolbarnotifier.exe [2007-03-30 68856]
.
[hkey_local_machine\software\microsoft\windows\currentversion\run]
"soundmaxpnp"=c:\program files\analog devices\core\smax4pnp.exe [2005-05-20 925696]
"hp software update"=c:\program files\hewlett-packard\hp software update\hpwuschd.exe [2003-08-04 49152]
"high definition audio property page shortcut"="hdashcut.exe" [2004-10-27 61952]
"google desktop search"=c:\program files\google\google desktop search\googledesktop.exe [2011-11-14 30192]
"ehtray"=c:\windows\ehome\ehtray.exe [2005-08-17 64512]
"f-secure manager"=c:\program files\pc-beveiliging totaal\common\fsm32.exe [2011-12-22 201128]
"f-secure tnb"=c:\program files\pc-beveiliging totaal\fsgui\tnbutil.exe [2011-08-23 1655464]
"adobe reader speed launcher"=c:\program files\adobe\reader 10.0\reader\reader_sl.exe [2011-09-05 35736]
"adobe arm"=c:\program files\common files\adobe\arm\1.0\adobearm.exe [2011-06-06 937920]
"nvmediacenter"=c:\windows\system32\nvmctray.dll [2011-01-07 111208]
"nvcpldaemon"=c:\windows\system32\nvcpl.dll [2011-01-07 13880424]
"nwiz"=c:\program files\nvidia corporation\nview\nwiz.exe [2010-11-04 1753192]
"intellipoint"=c:\program files\microsoft intellipoint\ipoint.exe [2010-07-21 1797008]
"itype"=c:\program files\microsoft intellitype pro\itype.exe [2010-07-21 1778064]
"iconixoeaddon"=c:\program files\iconix\oeaddon\oedmn_6.exe [2011-10-02 343392]
"malwarebytes' anti-malware"=i:\malwarebytes' anti-malware\mbamgui.exe [2011-12-24 460872]
.
[hkey_users\.default\software\microsoft\windows\currentversion\run]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe [2008-04-14 15360]
.
c:\documents and settings\all users\menu start\programma's\opstarten\
acrobat assistant.lnk - c:\program files\adobe\acrobat 5.0\distillr\acrotray.exe [2011-5-18 82026]
adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\adobe gamma loader.exe [2011-5-18 110592]
secunia psi tray.lnk - i:\psi\psi_tray.exe [2011-4-19 291896]
windows search.lnk - c:\program files\windows desktop search\windowssearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56f9679e-7826-4c84-81f3-532071a8bcc5}"= c:\program files\windows desktop search\msnlnamespacemgr.dll [2009-05-24 304128]
.
[hkey_local_machine\system\currentcontrolset\control\safeboot\minimal\wdf01000.sys]
@="driver"
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\filehippo.com]
2010-08-09 12:47 248832 ----a-w- i:\filehippo.com\updatechecker.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\garmin lifetime updater]
2011-10-03 08:14 1409384 ----a-w- i:\backup (i)\garminlifetime.exe
.
[hkey_local_machine\software\microsoft\shared tools\msconfig\startupreg\malwarebytes' anti-malware]
2011-08-31 15:00 449608 ----a-w- c:\program files\malwarebytes' anti-malware\mbamgui.exe
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"enablefirewall"= 0 (0x0)
.
[hklm\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
c:\\windows\\system32\\dpvsetup.exe=
c:\\program files\\hewlett-packard\\digital imaging\\unload\\hpqphunl.exe=
c:\\windows\\system32\\sessmgr.exe=
c:\\windows\\network diagnostic\\xpnetdiag.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqtra08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqste08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpofxm08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hposfx08.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hposid01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqscnvw.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqkygrp.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqcopy.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpfccopy.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpzwiz01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpoews01.exe=
c:\\program files\\hewlett-packard\\digital imaging\\bin\\hpqnrs08.exe=
%windir%\\network diagnostic\\xpnetdiag.exe=
%windir%\\system32\\sessmgr.exe=
c:\\program files\\messenger\\msmsgs.exe=
c:\\program files\\windows live\\messenger\\wlcsdk.exe=
c:\\program files\\windows live\\messenger\\msnmsgr.exe=
c:\\program files\\windows live\\sync\\windowslivesync.exe=
.
r0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [26-4-2009 12:50 42672]
r0 fsfw;f-secure firewall driver;c:\windows\system32\drivers\fsdfw.sys [6-5-2009 17:02 81864]
r1 f-secure hips;f-secure hips driver;c:\program files\pc-beveiliging totaal\hips\drivers\fshs.sys [6-5-2009 17:01 69928]
r2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [5-9-2011 17:34 21992]
r2 iconixservice;iconix update service;c:\program files\common files\iconix\iconixservice.exe [9-11-2011 17:54 284512]
r2 mbamservice;mbamservice;c:\program files\malwarebytes' anti-malware\mbamservice.exe [30-9-2009 16:29 366152]
r2 secunia psi agent;secunia psi agent;i:\psi\psia.exe --start-service --> i:\psi\psia.exe --start-service [?]
r2 secunia update agent;secunia update agent;i:\psi\sua.exe --start-service --> i:\psi\sua.exe --start-service [?]
r3 dc3d;ms hardware device detection driver (usb);c:\windows\system32\drivers\dc3d.sys [20-3-2011 15:11 44432]
r3 f-secure gatekeeper;f-secure gatekeeper;c:\program files\pc-beveiliging totaal\anti-virus\minifilter\fsgk.sys [6-5-2009 17:01 148632]
r3 fsorspclient;f-secure orsp client;c:\program files\pc-beveiliging totaal\orsp client\fsorsp.exe [6-5-2009 17:01 61088]
r3 mbamprotector;mbamprotector;c:\windows\system32\drivers\mbam.sys [30-9-2009 16:29 20464]
r3 psi;psi;c:\windows\system32\drivers\psi_mf.sys [1-9-2010 9:30 15544]
s0 bazjx;bazjx;c:\windows\system32\drivers\meup.sys --> c:\windows\system32\drivers\meup.sys [?]
s2 clr_optimization_v4.0.30319_32;microsoft .net framework ngen v4.0.30319_x86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
s2 gupdate;google update service (gupdate);c:\program files\google\update\googleupdate.exe [15-3-2010 14:45 135664]
s3 adobeflashplayerupdatesvc;adobe flash player update service;c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [14-11-2011 18:27 253600]
s3 googledesktopmanager-051210-111108;google desktop manager 5.9.1005.12335;c:\program files\google\google desktop search\googledesktop.exe [13-2-2007 18:47 30192]
s3 gupdatem;google update-service (gupdatem);c:\program files\google\update\googleupdate.exe [15-3-2010 14:45 135664]
s3 hitmanpro3;hitman pro 3 support driver;\??\c:\windows\system32\drivers\hitmanpro3.sys --> c:\windows\system32\drivers\hitmanpro3.sys [?]
s3 wpffontcache_v0400;windows presentation foundation font cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe [18-3-2010 13:16 753504]
.
inhoud van de 'gedeelde taken' map
.
2012-01-08 c:\windows\tasks\adobe flash player updater.job
- c:\windows\system32\macromed\flash\flashplayerupdateservice.exe [2011-11-14 17:51]
.
2012-01-08 c:\windows\tasks\glaryinitialize.job
- i:\glary utilities\initialize.exe [2009-11-09 15:24]
.
2012-01-08 c:\windows\tasks\google software updater.job
- c:\program files\google\common\google updater\googleupdaterservice.exe [2007-02-13 16:09]
.
2012-01-08 c:\windows\tasks\googleupdatetaskmachinecore.job
- c:\program files\google\update\googleupdate.exe [2010-03-15 13:45]
.
2012-01-08 c:\windows\tasks\googleupdatetaskmachineua.job
- c:\program files\google\update\googleupdate.exe [2010-03-15 13:45]
.
2012-01-05 c:\windows\tasks\googleupdatetaskusers-1-5-21-1220945662-1757981266-725345543-1003core.job
- c:\documents and settings\alphen\local settings\application data\google\update\googleupdate.exe [2011-12-12 16:14]
.
2012-01-08 c:\windows\tasks\googleupdatetaskusers-1-5-21-1220945662-1757981266-725345543-1003ua.job
- c:\documents and settings\alphen\local settings\application data\google\update\googleupdate.exe [2011-12-12 16:14]
.
2011-12-26 c:\windows\tasks\syncback sincback 3.job
- c:\program files\2brightsparks\syncback\syncback.exe [2009-07-27 14:42]
.
2011-12-01 c:\windows\tasks\syncback sincback 4.job
- c:\program files\2brightsparks\syncback\syncback.exe [2009-07-27 14:42]
.
2012-01-08 c:\windows\tasks\user_feed_synchronization-{6ac7ebed-2e70-4c9b-ab93-6fbcb8a75ebf}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- bijkomende scan -------
.
usearchmigrateddefaulturl = hxxp://www.google.com/search?q={searchterms}&sourceid=ie7&rls=com.microsoft:en-us&ie=utf8&oe=utf8
usearchassistant = hxxp://www.google.com/ie
usearchurl,(default) = hxxp://www.google.com/search?q=%s
tcp: dhcpnameserver = 192.168.1.254 195.241.77.55 195.241.77.58
tcp: interfaces\{51a992e1-9fd9-44fe-b19e-6cd05e064a65}: nameserver = 195.121.1.34,195.121.1.66
dpf: garmin communicator plug-in - hxxps://static.garmincdn.com/gcp/ie/2.9.3.0/garminaxcontrol.cab
dpf: {34dc6011-88b5-4ea9-ba7a-dc7b4f4437fe} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
.
- - - - orphans verwijderd - - - -
.
toolbar-locked - (no file)
addremove-{09ff4db8-7de9-4d47-b7db-915db7d9a8ca} - c:\documents and settings\all users\application data\{83c3b2fd-37ea-4c06-a228-e9b5e32ff0b1}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 w2k/xp/vista - rootkit/stealth malware detector by gmer, [noparse]http://www.gmer.net[/noparse]
rootkit scan 2012-01-08 13:31
windows 5.1.2600 service pack 3 ntfs
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- vergrendelde register sleutels ---------------------
.
[hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\localsystem\components\||9~*]
"3140211900063d11c8ef10054038389c"="c?\\windows\\system32\\fm20enu.dll"
.
--------------------- dlls geladen onder lopende processen ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(720)
c:\program files\pc-beveiliging totaal\hips\fshook32.dll
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
- - - - - - - > 'csrss.exe'(624)
c:\program files\pc-beveiliging totaal\fwes\program\fsdc32.dll
.
voltooingstijd: 2012-01-08 13:36:42
combofix-quarantined-files.txt 2012-01-08 12:36
combofix2.txt 2012-01-06 14:34
combofix3.txt 2012-01-04 16:31
.
pre-run: 18.932.379.648 bytes beschikbaar
post-run: 18.957.144.064 bytes beschikbaar
.
- - end of file - - d603422eee326c940bad7d9abc8cf336

[/hjt]
 
Hoi Ad en hoe gaat nu het internetten en MSN'en?
Nog last van Babylon of het spook nu verdwenen?
 
Hoi Abraham , nou het is grappig maar bij Explorer zit hij nog op de zelfde plaats bij het driehoekje rechtsboven waar dus meerdere Brouwsers staan, maar volgens mij doet hij niets meer je kan hem aanklikken maar er gebeurt niets.
Ik weet niet of je nog iets verontrustend hebt gevonden, maar anders wilde ik je nog vragen of de oude programma's van Adobe weg kunnen of horen ze nog ergens bij , er staan programma's met de Tekst End off Live bij Secunia PSI.
Kun je daar wat mee, voor de rest werkt bij mij alles prima.
Ik hoor graag van je .

Groeten Ad
 
Jij gebruikt nog steeds IE8 is het niet?

Ik advisser je om als standaard browser Firefox, of Opera of Chrome te gaan gebruiken.
Want is IE8 vergeleken met de vermelde browsers inmiddels antiek en onveilig.

Wat betreft die volgens jouw oude programma's, dat komt nog aan de beurt!
 
Ja ik heb deze erop laten staan IE8 omdat er een paar jaar geleden de Postbank alleen met deze Brouwser werkte en op Google Chroom werkte het niet dus ik kan hem er denk ik zo afgooien , alles wat op IE staat zit ook op Google Chroom.
 
Ik mag toch aannemen dat ING nu ook met Chrome werkt?
 
Ja met de ING is er een hoop verbeterd maar ze hebben ook hun foutjes maar we zijn allemaal mens toch.
 
alphe301 zei:
Ja met de ING is er een hoop verbeterd maar ze hebben ook hun foutjes maar we zijn allemaal mens toch.
Klik om te vergroten...

Zo is het ook, daarom vindt ik het ook onzin dat mensen en organisaties zich verstoppen achter de computer, als er iets fout is gegaan.
 
Status
Niet open voor verdere reacties.
Steun Ons

Nieuwste berichten

Terug
Bovenaan