babylon verwijderen

Hi

Ook ik zit met dat vreselijke babylon, ik kan het niet verwijderen.

Omdat ik gelezen heb dat een Hijack log nodig is stuur ik dat vast mee.[ATTACH]16127[/ATTACH]

Vast bedankt voor de moeite.

Marito

hijackthis.log

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw HijackThis log.

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {87775fdb-6972-41f9-ae51-8326e38cb206} - (no file)

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht, samen met een nieuw HijackThis log.

Hi

Hier zijn de logs:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:44:52, on 25-1-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Users\Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Search

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe

O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - Startup: Dropbox.lnk = Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe

O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

--

End of file - 4444 bytes

--------------------------------------------------------------------------------------

ComboFix 12-01-23.02 - Mario 25-01-2012 15:26:06.1.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3037.1483 [GMT 1:00]

Gestart vanuit: c:\users\Mario\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\config.Bin

c:\programdata\Windows

c:\programdata\windows\dumd.dat

c:\programdata\Windows\xdor.dat

C:\romano.bin

c:\users\Mario\AppData\Roaming\19ridof.log

c:\users\Mario\AppData\Roaming\Adobe\plugs

c:\users\Mario\AppData\Roaming\Adobe\shed

c:\users\Mario\AppData\Roaming\inst.exe

c:\users\Mario\AppData\Roaming\Microsoft\Windows\WTlUiETM0rmPBs.dat

c:\users\Mario\AppData\Roaming\Microsoft\Windows\WTlUiETM0rmPBs.xtr

c:\users\Mario\AppData\Roaming\Skype\wmplayer.exe

c:\users\Mario\AppData\Roaming\vso_ts_preview.xml

c:\windows\system32\drivers\etc\hosts.ics

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-25 to 2012-01-25 ))))))))))))))))))))))))))))))

.

.

2012-01-25 14:32 . 2012-01-25 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-25 14:21 . 2012-01-25 14:21 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\MpKsle596c4da.sys

2012-01-25 11:48 . 2012-01-25 11:48 388096 ----a-r- c:\users\Mario\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-25 10:44 . 2012-01-25 10:44 -------- d-----w- c:\program files\Trend Micro

2012-01-25 08:02 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\mpengine.dll

2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\users\Mario\AppData\Local\PCStreams3

2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\programdata\PCStreams

2012-01-23 11:51 . 2012-01-23 11:51 -------- d-----w- c:\program files\PCStreams

2012-01-23 11:48 . 2012-01-23 11:48 -------- d-----w- c:\users\Mario\AppData\Roaming\Downloaded Installations

2012-01-17 22:53 . 2012-01-19 08:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Obc

2012-01-17 22:53 . 2012-01-18 23:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Abe

2012-01-11 16:44 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 16:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-01-11 16:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 16:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-01-09 21:48 . 2012-01-12 22:16 -------- d-----w- c:\users\Mario\AppData\Local\sabnzbd

2012-01-08 22:03 . 2012-01-08 22:03 -------- d-----w- C:\TRIAL___RETRIBUTION_SEIZOEN_16_D

2012-01-03 21:29 . 2012-01-03 21:29 -------- d-----w- c:\users\Mario\AppData\Local\THWIT

2012-01-03 20:38 . 2012-01-03 20:38 -------- d-----w- c:\program files\Spotplanet Viewer

2012-01-03 20:06 . 2012-01-04 17:57 -------- d-----w- c:\program files\vShare.tv plugin

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2012-01-01 20:41 . 2012-01-01 20:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-01 20:41 . 2012-01-01 20:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-01 20:41 . 2012-01-01 20:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-01 20:41 . 2012-01-01 20:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2011-12-27 00:33 . 2011-12-27 00:33 -------- d-----w- c:\users\Mario\AppData\Local\LogMeIn

2011-12-27 00:33 . 2011-12-07 17:22 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-12-27 00:33 . 2011-12-07 17:22 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-12-27 00:33 . 2011-12-07 17:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-27 00:33 . 2011-09-16 13:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-12-27 00:33 . 2011-12-07 17:21 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-12-27 00:33 . 2012-01-25 07:55 -------- d-----w- c:\programdata\LogMeIn

2011-12-27 00:32 . 2011-12-27 00:36 -------- d-----w- c:\program files\LogMeIn

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-06 04:19 . 2010-08-28 07:51 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-05 10:10 . 2011-05-27 09:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-24 04:25 . 2011-12-15 14:48 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 04:26 . 2011-12-15 15:07 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47 . 2011-12-16 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40 . 2011-12-16 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39 . 2011-12-16 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31 . 2011-12-16 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-01-01 20:41 . 2011-10-25 20:47 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-10-21 08:58 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 netw5v32;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-09 47360]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1343400]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-29 232512]

S1 MpKsle596c4da;MpKsle596c4da;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\MpKsle596c4da.sys [2012-01-25 29904]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-12-07 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-29 5120]

S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

S3 NETw5s32;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - MPKSLE596C4DA

.

Inhoud van de 'Gedeelde Taken' map

.

.

------- Bijkomende Scan -------

.

mStart Page = hxxp://startsear.ch/?aff=1&cf=eacb4182-2116-11e1-9df5-00235afdcd8d

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

TCP: Interfaces\{9D808EDE-6D30-45EE-8302-27858964840D}: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\pcj9uwrs.default\

FF - prefs.js: browser.search.selectedEngine - Web Search

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2cef8dd400000000000000235afdcd8d&tlver=1.4.35.10&affID=100474

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 28091

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - ORPHANS VERWIJDERD - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe

MSConfigStartUp-BlazeServoTool - c:\program files\BlazeVideo\BlazeDTV 2.5a\MediaDetector.exe

MSConfigStartUp-Software - c:\program files\Software.com\Download Center\Download.exe

MSConfigStartUp-SpotnetMonitor - c:\program files\RB\Spotnet Watchdog\SpotnetMonitor.exe

AddRemove-Convert PDF To Image_is1 - c:\program files\Softinterface

.

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-01-25 15:34:58

ComboFix-quarantined-files.txt 2012-01-25 14:34

.

Pre-Run: 117.907.947.520 bytes beschikbaar

Post-Run: 118.020.128.768 bytes beschikbaar

.

- - End Of File - - 1649D406E6728F50CB6472550CCE93E5

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

DDS::

mStart Page = hxxp://startsear.ch/?aff=1&cf=eacb4182-2116-11e1-9df5-00235afdcd8d

Firefox::

FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\pcj9uwrs.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

DDS::

mStart Page = hxxp://startsear.ch/?aff=1&cf=eacb4182-2116-11e1-9df5-00235afdcd8d

Firefox::

FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\pcj9uwrs.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

------------------------------------------------------------------------------------------------------

Hi

Het eerste heb ik gedaan, maar het opslaan als CFScript begrijp ik niet, moet ik het kladbokbestand hernoemen ?

En hoe kan ik het CFscript.txt in Combofix.exe slepen ?

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

------------------------------------------------------------------------------------------

Hi

Het eerste heb ik gedaan, maar het opslaan als CFScript begrijp ik niet, moet ik het kladbokbestand hernoemen ?

En hoe kan ik het CFscript.txt in Combofix.exe slepen ?

Je geeft het kladblokbestand inderdaad de naam CFScript en slaat dit zo op op je bureaublad. Om de aanpassingen uit te voeren sleep je dit bestandje IN de rode snelkoppeling van Combofix. En dan zou alles in gang moeten gaan !

Hi

Sorry, ik was te vroeg met mijn vraag, ik heb het gedaan en dit is het log:

ComboFix 12-01-23.02 - Mario 25-01-2012 20:46:00.2.2 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3037.1658 [GMT 1:00]

Gestart vanuit: c:\users\Mario\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Mario\Desktop\CFScript.txt.txt

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}

SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\system32\drivers\etc\hosts.ics

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-12-25 to 2012-01-25 ))))))))))))))))))))))))))))))

.

.

2012-01-25 19:52 . 2012-01-25 19:52 -------- d-----w- c:\users\Mario\AppData\Local\temp

2012-01-25 19:52 . 2012-01-25 19:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-01-25 14:41 . 2012-01-25 14:41 388096 ----a-r- c:\users\Mario\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-01-25 10:44 . 2012-01-25 10:44 -------- d-----w- c:\program files\Trend Micro

2012-01-25 08:02 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3B2F88D1-4EC0-4FA6-B8B5-AEF6A39A431A}\mpengine.dll

2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\users\Mario\AppData\Local\PCStreams3

2012-01-23 14:45 . 2012-01-23 14:45 -------- d-----w- c:\programdata\PCStreams

2012-01-23 11:51 . 2012-01-23 11:51 -------- d-----w- c:\program files\PCStreams

2012-01-23 11:48 . 2012-01-23 11:48 -------- d-----w- c:\users\Mario\AppData\Roaming\Downloaded Installations

2012-01-17 22:53 . 2012-01-19 08:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Obc

2012-01-17 22:53 . 2012-01-18 23:05 -------- d-----w- c:\users\Mario\AppData\Roaming\Abe

2012-01-11 16:44 . 2011-11-17 05:38 1288472 ----a-w- c:\windows\system32\ntdll.dll

2012-01-11 16:43 . 2011-11-19 14:01 67072 ----a-w- c:\windows\system32\packager.dll

2012-01-11 16:43 . 2011-10-26 04:32 514560 ----a-w- c:\windows\system32\qdvd.dll

2012-01-11 16:43 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\system32\quartz.dll

2012-01-09 21:48 . 2012-01-12 22:16 -------- d-----w- c:\users\Mario\AppData\Local\sabnzbd

2012-01-08 22:03 . 2012-01-08 22:03 -------- d-----w- C:\TRIAL___RETRIBUTION_SEIZOEN_16_D

2012-01-03 21:29 . 2012-01-03 21:29 -------- d-----w- c:\users\Mario\AppData\Local\THWIT

2012-01-03 20:38 . 2012-01-03 20:38 -------- d-----w- c:\program files\Spotplanet Viewer

2012-01-03 20:06 . 2012-01-04 17:57 -------- d-----w- c:\program files\vShare.tv plugin

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll

2012-01-03 13:10 . 2012-01-03 13:10 182672 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll

2012-01-01 20:41 . 2012-01-01 20:41 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll

2012-01-01 20:41 . 2012-01-01 20:41 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll

2012-01-01 20:41 . 2012-01-01 20:41 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll

2012-01-01 20:41 . 2012-01-01 20:41 43992 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll

2011-12-27 00:33 . 2011-12-27 00:33 -------- d-----w- c:\users\Mario\AppData\Local\LogMeIn

2011-12-27 00:33 . 2011-12-07 17:22 52096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll

2011-12-27 00:33 . 2011-12-07 17:22 30592 ----a-w- c:\windows\system32\LMIport.dll

2011-12-27 00:33 . 2011-12-07 17:22 83360 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2011-12-27 00:33 . 2011-09-16 13:10 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys

2011-12-27 00:33 . 2011-12-07 17:21 87424 ----a-w- c:\windows\system32\LMIinit.dll

2011-12-27 00:33 . 2012-01-25 07:55 -------- d-----w- c:\programdata\LogMeIn

2011-12-27 00:32 . 2011-12-27 00:36 -------- d-----w- c:\program files\LogMeIn

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-06 04:19 . 2010-08-28 07:51 6557240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-01-05 10:10 . 2011-05-27 09:47 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-24 04:25 . 2011-12-15 14:48 2342912 ----a-w- c:\windows\system32\win32k.sys

2011-11-05 04:26 . 2011-12-15 15:07 2048 ----a-w- c:\windows\system32\tzres.dll

2011-11-03 22:47 . 2011-12-16 02:03 1798144 ----a-w- c:\windows\system32\jscript9.dll

2011-11-03 22:40 . 2011-12-16 02:03 1427456 ----a-w- c:\windows\system32\inetcpl.cpl

2011-11-03 22:39 . 2011-12-16 02:03 1127424 ----a-w- c:\windows\system32\wininet.dll

2011-11-03 22:31 . 2011-12-16 02:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-01-01 20:41 . 2011-10-25 20:47 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Mario\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-28 7625248]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-05 59240]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2011-09-16 63048]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

.

c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Mario\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux1"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKLM\~\startupfolder\C:^Users^Mario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Schermopname en Snel starten.lnk]

path=c:\users\Mario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Schermopname en Snel starten.lnk

backup=c:\windows\pss\OneNote 2007 Schermopname en Snel starten.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]

2011-10-05 23:52 59240 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]

2011-08-17 07:29 4527424 ----a-w- c:\program files\DAEMON Tools Pro\DTAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 09:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2011-12-08 00:36 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 13:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2011-10-21 08:58 641400 ----a-w- c:\program files\uTorrent\uTorrent.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]

R3 netw5v32;Stuurprogramma voor Intel® Wireless WiFi Link 5000 Series-adapter 32-bits Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2010-11-09 47360]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1343400]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-29 232512]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [2011-12-07 374152]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [2011-09-16 12856]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-07-29 5120]

S3 NETw5s32;Intel® Wireless WiFi Link adapter stuurprogramma onder Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-08 33616]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = <local>;*.local

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.254

TCP: Interfaces\{9D808EDE-6D30-45EE-8302-27858964840D}: DhcpNameServer = 192.168.2.254

FF - ProfilePath - c:\users\Mario\AppData\Roaming\Mozilla\Firefox\Profiles\pcj9uwrs.default\

FF - prefs.js: browser.startup.homepage - google.com

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 28091

FF - prefs.js: network.proxy.type - 0

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-01-25 20:53:38

ComboFix-quarantined-files.txt 2012-01-25 19:53

ComboFix2.txt 2012-01-25 14:34

.

Pre-Run: 115.246.452.736 bytes beschikbaar

Post-Run: 115.192.872.960 bytes beschikbaar

.

- - End Of File - - 0E328F7856E97AF9E85762A5D3036E3F

Dit ziet er prima uit. Heb je nu nog ergens meldingen van Babylon ?

Hi

Zo te zien niet meer, ik wil je hartelijk bedanken.

Groet,

Marito

Heb even je topic heropend, want er moeten nog wat tools en restjes verwijderd worden.

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit

• via Start -> Configuratiescherm -> Systeem -> Systeembeveiliging -> schakel nu systeemherstel uit door de gewenste schijf te selecteren en op "configureren" te klikken.

• Klik nu op "verwijderen" om alle herstelpunten te verwijderen.

• Klik op "Toepassen" en "OK".

• Herstart nu de PC.

Als dit alles probleemloos verlopen is, mag je hieronder definitief op "markeer als opgelost" tokkelen ;-)