Babylon

martine1312

29-03-2012 11:29

Ik heb last van Babylon…..als ik op lege pagina sta/stond.
Nu zie ik babylon alleen als ik zoek zonder google in opdrachtregel…
Kunnen julie me helpen???
Hier mijn logjes:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:13, on 29-03-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\conime.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\aetcrss1.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Nicoline\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://login.notaris.nl/notarisnet
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.nl
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://login.notaris.nl/notarisnet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer wordt aangeboden door Almeer Notaris
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: aetcrss1.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: “C:\Users\Nicoline\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-19\..\Run: rundll32.exe oobefldr.dll,ShowWelcomeCenter (User ‘LOCAL SERVICE’)
O4 - HKUS\S-1-5-20\..\Run: %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User ‘NETWORK SERVICE’)
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren Invullen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\Software\..\Telephony: DomainName = AN.Lokaal
O17 - HKLM\System\CCS\Services\Tcpip\..\{70066616-218E-4B10-A5B8-19A9140C6123}: NameServer = 10.13.28.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AN.Lokaal
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceOMC - Unknown owner - C:\windows\system32\ServiceOMC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
–
End of file - 10169 bytes
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org
Databaseversie: v2012.03.29.03
Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Nicoline :: CZC8155J5M
29-03-2012 10:31:09
mbam-log-2012-03-29 (10-31-09).txt
Scantype: Snelle scan
Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
Uitgeschakelde scanopties: P2P
Objecten gescand: 305327
Verstreken tijd: 4 minuut/minuten, 52 seconde(n)
Geheugenprocessen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Geheugenmodulen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registersleutels gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerwaarden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Registerdata gedetecteerd: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer|NoSMHelp (PUM.Hijack.Help) -> Slecht: (1) Goed: (0) -> Succesvol in quarantaine geplaatst en gerepareerd.
Mappen gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
Bestanden gedetecteerd: 0
(Geen kwaadaardige objecten gedetecteerd)
(einde)
fazantje

29-03-2012 13:52

Hoi Martine,
Start HijackThis, klik op scan en vink de volgende regel aan:
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
Sluit alle vensters, behalve HijackThis en klik op fix checked.
Verwijder indien nog aanwezig de volgende vet gedrukte map: C:\Program Files\DealPly\ <—– Deze map.
Download combofix hier, en plaats het op jou bureaublad.
Indien je Combofix al eerder hebt gebruikt, gelieve die versie te verwijderen en Combofix opnieuw te downloaden via bovenstaande link,
want Combofix wordt dagelijks geupdate.
OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner,
schakel dan deze scanner uit en download Combofix opnieuw.
Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!
Dubbelklik op Combofix.exe
Volg de instructies, aanvaard de disclaimer.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.
Het kan enige tijd duren voordat het logje van combofix komt, dus denk niet van hij is op tilt.
Wanneer de fix voltooid is en na herstart, zal de log combofix.txt openen.
Denk niet van combo is op tilt, want het kan soms enige tijd duren, dus wacht geduldig af.
Plaats het combofix logje samen met een nieuw HijackThis logje in jou volgende post.
Succes,
Huib;)
martine1312

30-03-2012 09:34

ik ga nu aan de gang…
sorry kon niet eerder.
fazantje

30-03-2012 09:35

Hoi Martine,
Neem gerust je tijd.
Succes,
Huib;)
martine1312

30-03-2012 10:19

De logjes…..
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:17:22, on 30-03-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\windows\system32\conime.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\aetcrss1.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Nicoline\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\windows\System32\mobsync.exe
C:\windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://notarisnet.notaris.nl/cms/showpage.aspx?id=75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: aetcrss1.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: “C:\Users\Nicoline\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren Invullen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\Software\..\Telephony: DomainName = AN.Lokaal
O17 - HKLM\System\CCS\Services\Tcpip\..\{70066616-218E-4B10-A5B8-19A9140C6123}: NameServer = 10.13.28.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AN.Lokaal
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceOMC - Unknown owner - C:\windows\system32\ServiceOMC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
–
End of file - 9155 bytes
ComboFix 12-03-30.02 - Nicoline 30-03-2012 9:44.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.2038.1116
Gestart vanuit: c:\users\Nicoline\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OI19UIG\ComboFix.exe
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\threed32.ocx
D:\Autorun.inf
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-30 ))))))))))))))))))))))))))))))
.
.
2012-03-30 07:55 . 2012-03-30 07:55 63115 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-03-30 07:55 . 2012-03-30 07:55 4599 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-03-30 07:55 . 2012-03-30 07:55 9310 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-03-30 07:55 . 2012-03-30 07:55 8646 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-03-30 07:55 . 2012-03-30 07:55 8613 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-03-30 07:55 . 2012-03-30 07:55 6910 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-03-30 07:55 . 2012-03-30 07:55 6429 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-03-30 07:55 . 2012-03-30 07:55 5927 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-03-30 07:55 . 2012-03-30 07:55 1651 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-03-30 07:55 . 2012-03-30 07:55 18541 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-03-30 07:55 . 2012-03-30 07:55 8288 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-03-30 07:55 . 2012-03-30 07:55 6208 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-03-30 07:54 . 2012-03-30 07:54 51852 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-03-30 07:54 . 2012-03-30 07:54 20719 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-03-30 07:54 . 2012-03-30 07:54 23327 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-03-30 07:54 . 2012-03-30 07:54 8782 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-03-30 07:54 . 2012-03-30 07:54 7271 —-a-w- c:\programdata\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-03-30 07:50 . 2012-03-30 07:59 ——– d—–w- c:\users\Nicoline\AppData\Local\temp
2012-03-30 07:50 . 2012-03-30 07:50 ——– d—–w- c:\users\Teddy\AppData\Local\temp
2012-03-30 07:50 . 2012-03-30 07:50 ——– d—–w- c:\users\sjabloon1\AppData\Local\temp
2012-03-30 07:50 . 2012-03-30 07:50 ——– d—–w- c:\users\model2\AppData\Local\temp
2012-03-30 07:50 . 2012-03-30 07:50 ——– d—–w- c:\users\model1\AppData\Local\temp
2012-03-30 07:50 . 2012-03-30 07:50 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-03-29 09:21 . 2012-03-29 09:21 388096 —-a-r- c:\users\Nicoline\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-29 09:21 . 2012-03-29 09:21 ——– d—–w- c:\program files\Trend Micro
2012-03-28 10:33 . 2012-03-28 10:33 ——– d—–w- c:\users\Nicoline\AppData\Roaming\SUPERAntiSpyware.com
2012-03-28 10:32 . 2012-03-28 10:33 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-03-28 10:32 . 2012-03-28 10:32 ——– d—–w- c:\programdata\SUPERAntiSpyware.com
2012-03-28 07:50 . 2012-03-28 07:50 237 —-a-w- C:\user.js
2012-03-28 07:50 . 2007-08-21 11:32 98304 —-a-w- c:\windows\system32\redmonnt.dll
2012-03-28 07:50 . 2012-03-28 07:50 ——– d—–w- c:\program files\PDFConverter
2012-03-14 05:51 . 2012-02-02 15:16 2044416 —-a-w- c:\windows\system32\win32k.sys
2012-03-14 05:51 . 2012-01-09 15:54 613376 —-a-w- c:\windows\system32\rdpencom.dll
2012-03-14 05:51 . 2012-01-09 13:58 180736 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:51 . 2012-02-14 15:45 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 05:51 . 2012-02-14 15:45 160768 —-a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 05:51 . 2012-02-13 14:12 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 05:51 . 2012-02-13 13:47 683008 —-a-w- c:\windows\system32\d2d1.dll
2012-03-14 05:51 . 2012-02-13 13:44 1068544 —-a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:50 . 2012-01-31 10:59 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-09 10:43 . 2012-03-09 10:43 ——– d—–w- c:\program files\iPod
2012-03-09 10:42 . 2012-03-09 10:44 ——– d—–w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 07:59 . 2011-05-26 11:44 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 12:09 . 2012-01-13 12:08 124976 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-13 12:06 . 2012-01-13 12:06 161792 —-a-w- c:\windows\system32\msls31.dll
2012-01-13 12:06 . 2012-01-13 12:06 86528 —-a-w- c:\windows\system32\iesysprep.dll
2012-01-13 12:06 . 2012-01-13 12:06 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-13 12:06 . 2012-01-13 12:06 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-13 12:06 . 2012-01-13 12:06 48640 —-a-w- c:\windows\system32\mshtmler.dll
2012-01-13 12:06 . 2012-01-13 12:06 63488 —-a-w- c:\windows\system32\tdc.ocx
2012-01-13 12:06 . 2012-01-13 12:06 367104 —-a-w- c:\windows\system32\html.iec
2012-01-13 12:06 . 2012-01-13 12:06 74752 —-a-w- c:\windows\system32\iesetup.dll
2012-01-13 12:06 . 2012-01-13 12:06 23552 —-a-w- c:\windows\system32\licmgr10.dll
2012-01-13 12:06 . 2012-01-13 12:06 152064 —-a-w- c:\windows\system32\wextract.exe
2012-01-13 12:06 . 2012-01-13 12:06 150528 —-a-w- c:\windows\system32\iexpress.exe
2012-01-13 12:06 . 2012-01-13 12:06 420864 —-a-w- c:\windows\system32\vbscript.dll
2012-01-13 12:06 . 2012-01-13 12:06 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2012-01-13 12:06 . 2012-01-13 12:06 11776 —-a-w- c:\windows\system32\mshta.exe
2012-01-13 12:06 . 2012-01-13 12:06 101888 —-a-w- c:\windows\system32\admparse.dll
2012-01-13 12:06 . 2012-01-13 12:06 35840 —-a-w- c:\windows\system32\imgutil.dll
2012-01-13 12:06 . 2012-01-13 12:06 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-09-29 07:28 . 2011-10-13 08:01 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RoboForm”=“c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
“Spotify”=“c:\users\Nicoline\AppData\Roaming\Spotify\Spotify.exe”
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
.
“SetRefresh”=“c:\program files\HP\SetRefresh\SetRefresh.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“CertificateRegistration”=“aetcrss1.exe”
“Windows Mobile-based device management”=“c:\windows\WindowsMobile\wmdSync.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
.
“ST Recovery Launcher”=“c:\windows\SMINST\launcher.exe”
.
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
“HideLogonScripts”= 0 (0x0)
.
“HideLogonScripts”= 0 (0x0)
.
“NoWelcomeScreen”= 1 (0x1)
.
“NoNetConnectDisconnect”= 1 (0x1)
“NoNetworkConnections”= 1 (0x1)
“NoStartMenuMyMusic”= 1 (0x1)
“NoStartMenuNetworkPlaces”= 1 (0x1)
“ForceStartMenuLogOff”= 1 (0x1)
“NoSimpleStartMenu”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“DisablePersonalDirChange”= 1 (0x1)
.
“NoNetConnectDisconnect”= 1 (0x1)
“NoNetworkConnections”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
“NoStartMenuMyMusic”= 1 (0x1)
“NoStartMenuNetworkPlaces”= 1 (0x1)
“ForceStartMenuLogOff”= 1 (0x1)
“NoSimpleStartMenu”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“DisablePersonalDirChange”= 1 (0x1)
.
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”
.
2011-05-04 17:54 551296 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
@=“”
.
@=“Service”
.
@=“Service”
.
@=“Service”
.
“DisableMonitoring”=dword:00000001
.
“EnableNotificationsRef”=dword:00000001
.
“EnableNotificationsRef”=dword:00000004
.
“EnableNotificationsRef”=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
.
.
— Andere Services/Drivers In Geheugen —
.
*NewlyCreated* - WS2IFSL
.
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
2006-10-31 13:30 73728 —-a-w- c:\windows\System32\aetsprov.dll
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = https://notarisnet.notaris.nl/cms/showpage.aspx?id=75
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Formulieren Invullen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: Interfaces\{70066616-218E-4B10-A5B8-19A9140C6123}: NameServer = 10.13.28.1
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Nicoline\AppData\Roaming\Mozilla\Firefox\Profiles\e39i3bts.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=119998&tt=270312_bext_fix&babsrc=HP_ss&mntrId=6dba203b000000000000001e0ba80c2a
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=119998&tt=270312_bext_fix&babsrc=adbartrp&mntrId=6dba203b000000000000001e0ba80c2a&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 6dba203b000000000000001e0ba80c2a
FF - user.js: extensions.BabylonToolbar_i.hardId - 6dba203b000000000000001e0ba80c2a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15427
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119998
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS VERWIJDERD - - - -
.
SafeBoot-Symantec Antvirus
AddRemove-ST6UNST #1 - c:\windows\st6unst.exe -n \\andc\kaartenbak\ST6UNST.004
AddRemove-PDF Converter - c:\program files\PDFConverter\Uninstall\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 10:00
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘lsass.exe’(664)
c:\windows\system32\aetsprov.dll
.
———————— Andere Aktieve Processen ————————
.
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conime.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\SMINST\scheduler.exe
c:\windows\System32\aetcrss1.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Voltooingstijd: 2012-03-30 10:05:35 - machine werd herstart
ComboFix-quarantined-files.txt 2012-03-30 08:05
.
Pre-Run: 171.096.248.320 bytes beschikbaar
Post-Run: 174.079.979.520 bytes beschikbaar
.
- - End Of File - - 53E1402DC18E88863ABCA5D206C3B539
fazantje

30-03-2012 10:31
Hoi Martine,
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
Firefox::
FF - ProfilePath - c:\users\Nicoline\AppData\Roaming\Mozilla\Firefox\Profiles\e39i3bts.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?AF=119998&tt=270312_bext_fix&babsrc=HP_ss&mntrId=6dba203b000000000000001e0ba80c2a
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?AF=119998&tt=270312_bext_fix&babsrc=adbartrp&mntrId=6dba203b000000000000001e0ba80c2a&q=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.id - 6dba203b000000000000001e0ba80c2a
FF - user.js: extensions.BabylonToolbar_i.hardId - 6dba203b000000000000001e0ba80c2a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15427
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=119998
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje en vertel gelijk hoe het met jou probleem is.
Succes,
Huib;)
martine1312

30-03-2012 12:06

Nieuwe logje:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:51, on 30-03-2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\windows\system32\taskeng.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\system32\conime.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Windows\SMINST\scheduler.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\aetcrss1.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Users\Nicoline\AppData\Roaming\Spotify\spotify.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://notarisnet.notaris.nl/cms/showpage.aspx?id=75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: C:\Program Files\HP\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: aetcrss1.exe
O4 - HKLM\..\Run: %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
O4 - HKLM\..\Run: “C:\Program Files\QuickTime\QTTask.exe” -atboottime
O4 - HKLM\..\Run: “C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Symantec Shared\ccApp.exe”
O4 - HKLM\..\Run: “C:\Program Files\iTunes\iTunesHelper.exe”
O4 - HKLM\..\RunOnce: %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: “C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
O4 - HKCU\..\Run: “C:\Users\Nicoline\AppData\Roaming\Spotify\Spotify.exe” /uri spotify:autostart
O4 - HKCU\..\Run: C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Formulieren Invullen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Formulieren opslaan - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Menu aanpassen - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RoboForm Werkbalk - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Formulier Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra ‘Tools’ menuitem: Formulieren Invullen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra ‘Tools’ menuitem: Formulieren opslaan - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra ‘Tools’ menuitem: RoboForm Werkbalk - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra ‘Tools’ menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O11 - Options group: Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\Software\..\Telephony: DomainName = AN.Lokaal
O17 - HKLM\System\CCS\Services\Tcpip\..\{70066616-218E-4B10-A5B8-19A9140C6123}: NameServer = 10.13.28.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AN.Lokaal
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AN.Lokaal
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceOMC - Unknown owner - C:\windows\system32\ServiceOMC.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
O23 - Service: Symantec Endpoint Protection (Symantec AntiVirus) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
–
End of file - 9066 bytes
ComboFix 12-03-30.02 - Nicoline 30-03-2012 11:31:04.3.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.31.1043.18.2038.1052
Gestart vanuit: c:\users\Nicoline\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\Nicoline\Desktop\CFScript.txt
AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-02-28 to 2012-03-30 ))))))))))))))))))))))))))))))
.
.
2012-03-30 09:38 . 2012-03-30 09:38 ——– d—–w- c:\users\Teddy\AppData\Local\temp
2012-03-30 09:38 . 2012-03-30 09:38 ——– d—–w- c:\users\sjabloon1\AppData\Local\temp
2012-03-30 09:38 . 2012-03-30 09:38 ——– d—–w- c:\users\model2\AppData\Local\temp
2012-03-30 09:38 . 2012-03-30 09:38 ——– d—–w- c:\users\model1\AppData\Local\temp
2012-03-30 09:38 . 2012-03-30 09:38 ——– d—–w- c:\users\Default\AppData\Local\temp
2012-03-30 09:38 . 2012-03-30 09:38 ——– d—–w- c:\users\Auke\AppData\Local\temp
2012-03-30 09:38 . 2012-03-30 09:38 ——– d—–w- c:\users\Administrator\AppData\Local\temp
2012-03-30 07:50 . 2012-03-30 09:38 ——– d—–w- c:\users\Nicoline\AppData\Local\temp
2012-03-29 09:21 . 2012-03-29 09:21 388096 —-a-r- c:\users\Nicoline\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-03-29 09:21 . 2012-03-29 09:21 ——– d—–w- c:\program files\Trend Micro
2012-03-28 10:33 . 2012-03-28 10:33 ——– d—–w- c:\users\Nicoline\AppData\Roaming\SUPERAntiSpyware.com
2012-03-28 10:32 . 2012-03-28 10:33 ——– d—–w- c:\program files\SUPERAntiSpyware
2012-03-28 10:32 . 2012-03-28 10:32 ——– d—–w- c:\programdata\SUPERAntiSpyware.com
2012-03-28 07:50 . 2012-03-28 07:50 237 —-a-w- C:\user.js
2012-03-28 07:50 . 2007-08-21 11:32 98304 —-a-w- c:\windows\system32\redmonnt.dll
2012-03-28 07:50 . 2012-03-28 07:50 ——– d—–w- c:\program files\PDFConverter
2012-03-14 05:51 . 2012-02-02 15:16 2044416 —-a-w- c:\windows\system32\win32k.sys
2012-03-14 05:51 . 2012-01-09 15:54 613376 —-a-w- c:\windows\system32\rdpencom.dll
2012-03-14 05:51 . 2012-01-09 13:58 180736 —-a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 05:51 . 2012-02-14 15:45 219648 —-a-w- c:\windows\system32\d3d10_1core.dll
2012-03-14 05:51 . 2012-02-14 15:45 160768 —-a-w- c:\windows\system32\d3d10_1.dll
2012-03-14 05:51 . 2012-02-13 14:12 1172480 —-a-w- c:\windows\system32\d3d10warp.dll
2012-03-14 05:51 . 2012-02-13 13:47 683008 —-a-w- c:\windows\system32\d2d1.dll
2012-03-14 05:51 . 2012-02-13 13:44 1068544 —-a-w- c:\windows\system32\DWrite.dll
2012-03-14 05:50 . 2012-01-31 10:59 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2012-03-09 10:43 . 2012-03-09 10:43 ——– d—–w- c:\program files\iPod
2012-03-09 10:42 . 2012-03-09 10:44 ——– d—–w- c:\program files\iTunes
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-01 07:59 . 2011-05-26 11:44 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-13 12:09 . 2012-01-13 12:08 124976 —-a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-01-13 12:06 . 2012-01-13 12:06 161792 —-a-w- c:\windows\system32\msls31.dll
2012-01-13 12:06 . 2012-01-13 12:06 86528 —-a-w- c:\windows\system32\iesysprep.dll
2012-01-13 12:06 . 2012-01-13 12:06 76800 —-a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-01-13 12:06 . 2012-01-13 12:06 74752 —-a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-01-13 12:06 . 2012-01-13 12:06 48640 —-a-w- c:\windows\system32\mshtmler.dll
2012-01-13 12:06 . 2012-01-13 12:06 63488 —-a-w- c:\windows\system32\tdc.ocx
2012-01-13 12:06 . 2012-01-13 12:06 367104 —-a-w- c:\windows\system32\html.iec
2012-01-13 12:06 . 2012-01-13 12:06 74752 —-a-w- c:\windows\system32\iesetup.dll
2012-01-13 12:06 . 2012-01-13 12:06 23552 —-a-w- c:\windows\system32\licmgr10.dll
2012-01-13 12:06 . 2012-01-13 12:06 152064 —-a-w- c:\windows\system32\wextract.exe
2012-01-13 12:06 . 2012-01-13 12:06 150528 —-a-w- c:\windows\system32\iexpress.exe
2012-01-13 12:06 . 2012-01-13 12:06 420864 —-a-w- c:\windows\system32\vbscript.dll
2012-01-13 12:06 . 2012-01-13 12:06 142848 —-a-w- c:\windows\system32\ieUnatt.exe
2012-01-13 12:06 . 2012-01-13 12:06 11776 —-a-w- c:\windows\system32\mshta.exe
2012-01-13 12:06 . 2012-01-13 12:06 101888 —-a-w- c:\windows\system32\admparse.dll
2012-01-13 12:06 . 2012-01-13 12:06 35840 —-a-w- c:\windows\system32\imgutil.dll
2012-01-13 12:06 . 2012-01-13 12:06 110592 —-a-w- c:\windows\system32\IEAdvpack.dll
2011-09-29 07:28 . 2011-10-13 08:01 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
“RoboForm”=“c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe”
“Spotify”=“c:\users\Nicoline\AppData\Roaming\Spotify\Spotify.exe”
“SUPERAntiSpyware”=“c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe”
.
“SetRefresh”=“c:\program files\HP\SetRefresh\SetRefresh.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“CertificateRegistration”=“aetcrss1.exe”
“Windows Mobile-based device management”=“c:\windows\WindowsMobile\wmdSync.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
“APSDaemon”=“c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe”
“QuickTime Task”=“c:\program files\QuickTime\QTTask.exe”
“Adobe Reader Speed Launcher”=“c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe”
“Adobe ARM”=“c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe”
“ccApp”=“c:\program files\Common Files\Symantec Shared\ccApp.exe”
“iTunesHelper”=“c:\program files\iTunes\iTunesHelper.exe”
.
“ST Recovery Launcher”=“c:\windows\SMINST\launcher.exe”
.
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
.
“HideLogonScripts”= 0 (0x0)
.
“HideLogonScripts”= 0 (0x0)
.
“NoWelcomeScreen”= 1 (0x1)
.
“NoNetConnectDisconnect”= 1 (0x1)
“NoNetworkConnections”= 1 (0x1)
“NoStartMenuMyMusic”= 1 (0x1)
“NoStartMenuNetworkPlaces”= 1 (0x1)
“ForceStartMenuLogOff”= 1 (0x1)
“NoSimpleStartMenu”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“DisablePersonalDirChange”= 1 (0x1)
.
“NoNetConnectDisconnect”= 1 (0x1)
“NoNetworkConnections”= 1 (0x1)
“NoSMHelp”= 1 (0x1)
“NoStartMenuMyMusic”= 1 (0x1)
“NoStartMenuNetworkPlaces”= 1 (0x1)
“ForceStartMenuLogOff”= 1 (0x1)
“NoSimpleStartMenu”= 1 (0x1)
“NoSMBalloonTip”= 1 (0x1)
“DisablePersonalDirChange”= 1 (0x1)
.
“{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}”= “c:\program files\SUPERAntiSpyware\SASSEH.DLL”
.
2011-05-04 17:54 551296 —-a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
“Script”=Logoff.vbs
.
“Script”=Logon.vbs
.
@=“”
.
@=“Service”
.
@=“Service”
.
@=“Service”
.
“DisableMonitoring”=dword:00000001
.
“EnableNotificationsRef”=dword:00000001
.
“EnableNotificationsRef”=dword:00000004
.
“EnableNotificationsRef”=dword:00000001
.
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE
.
.
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
2006-10-31 13:30 73728 —-a-w- c:\windows\System32\aetsprov.dll
.
Inhoud van de ‘Gedeelde Taken’ map
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
2012-03-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe
.
.
——- Bijkomende Scan ——-
.
uStart Page = https://notarisnet.notaris.nl/cms/showpage.aspx?id=75
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=smb&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Formulieren Invullen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Formulieren opslaan - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Menu aanpassen - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RoboForm Werkbalk - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
TCP: Interfaces\{70066616-218E-4B10-A5B8-19A9140C6123}: NameServer = 10.13.28.1
DPF: Microsoft XML Parser for Java - file:///C:/windows/Java/classes/xmldso.cab
FF - ProfilePath - c:\users\Nicoline\AppData\Roaming\Mozilla\Firefox\Profiles\e39i3bts.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-30 11:38
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— DLLs Geladen Onder Lopende Processen ———————
.
- - - - - - - > ‘lsass.exe’(728)
c:\windows\system32\aetsprov.dll
.
Voltooingstijd: 2012-03-30 11:41:44
ComboFix-quarantined-files.txt 2012-03-30 09:41
ComboFix2.txt 2012-03-30 09:11
ComboFix3.txt 2012-03-30 08:05
.
Pre-Run: 173.903.323.136 bytes beschikbaar
Post-Run: 173.857.710.080 bytes beschikbaar
.
- - End Of File - - 763DFFA0ABBE15A130FD248F176B138E
Als ik zoek in opdrachtregel dan komt er toch wat van babylon boven…..
ieder nw tabblad is zelfde aan eerste tabblad dus niet leeg…
fazantje

30-03-2012 12:28

Hoi Martine,
Logjes zien er goed uit.
We gaan ff verder kijken.
Hij stond niet in: configuratiescherm - programma's en onderdelen heh.
Kijk het volgende eens na:
Klik op de "Firefox knop“ links boven in de hoek en kies ”Add-ons" of ga in het menu naar Extra > Add-ons.
Verwijder hier de volgende Add-ons indien aanwezig.
Babylon
Babylon Spelling and Proofreading
Babylon Translation Activation
Klik op het icoontje bij het zoekvenster en kies de optie “Zoekmachines beheren”
http://i1103.photobucket.com/albums/g476/pcwebplus/Babylon5.jpg
Verwijder hier Search the web (Babylon)
http://i1103.photobucket.com/albums/g476/pcwebplus/Babylon6.jpg
Klik op de "Firefox knop“ en kies ”Opties" of ga in het menu naar Extra > Opties en stel hier uw eigen startpagina in.
Succes,
Huib;)
martine1312

30-03-2012 13:46

weggehaald nog even 1 testje doen mbt opdrachtregel…
zoek machine in IE 9 is nog babylon….. even kijken of ik dat kan veranderen… wellicht tips?
Heb bij internet opties nu google in IE ( als standaard zoek machine. Was bing maat gaf Babylon aan rechte boeven hoek…..
Ben

30-03-2012 16:12

Hallo martine,
Download: zoek.exe
Plaats het op je bureaublad.
• Sluit nu eerst alle nog openstaande programmavensters!
o Windows 2000 en Windows XP: start de tool middels dubbelklik op “Zoek.exe van Smeenk”.
o Windows Vista en Windows 7: start de tool middels rechtsklik op “Zoek.exe van Smeenk” en dan kiezen voor Als Administrator uitvoeren.
Er start nu een zwart CMD/Opdrachtpromptvenster op.
• Typ nu in dat venster B gevolgd door Enter om “Custom search” te starten.
• Een kladblokdocument met de naam “input.txt” zal nu openen.
• Kopieer en plak de volgende blauwe tekst in het lege kladblokvenster
babylon;
Babylonsearch;
BabylonToolbar;
Search the web;
Babylon.exe;
BabylonToolbarsrv.exe;
rpcapd.exe;
• Wanneer je de tekst in het lege kladblokvenster geplakt hebt, mag je input.txt sluiten, laat de wijzigingen opslaan.
• Hierna begint de scan te lopen, wacht geduldig tot een log opent en post het resultaat in je volgende bericht.
Gr.Ben.
Antivirusprikbord

Dit topic is gesloten, er kunnen geen reacties meer worden geplaatst.

Babylon

martine1312

fazantje

martine1312

fazantje

martine1312

fazantje

martine1312

fazantje

martine1312

Ben