Startpagina Babylon NIET te verwijderen

Op een of andere manier is Babylon bij mij als startpagina gekomen.

Via Configuratiescherm alles geprobeerd om de startpagina te verwijderen, doch helaas.

Daarom een vriendelijk verzoek via Uw Forum, help !

Hierna de logfile van HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:53:23, on 9-4-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Ask.com\Updater\Updater.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\SearchCore for Browsers\SearchCore for Browsers\datamngrUI.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\SweetIM\Messenger\SweetIM.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

E:\PrintScreen\PrintScreen.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Users\Jan Water\AppData\Local\MediaGet2\mediaget.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files\Ironsource\searchya\1.5.13.0\bh\searchya.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: PhotoPos Toolbar - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MSOFFI~1\Office14\URLREDIR.DLL

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: PhotoPos Toolbar - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MagicDVDCreator] "E:\Magic DVD Creator\mdc.exe" Hide

O4 - HKLM\..\Run: [sonneDVDCreator] E:\Magic DVD Creator\mdc.exe

O4 - HKLM\..\Run: [Family Tree Builder Update] E:\MyHeritage\Bin\FTBCheckUpdates.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen] E:\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [MediaGet2] C:\Users\Jan Water\AppData\Local\MediaGet2\mediaget.exe --minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html

O8 - Extra context menu item: Open de huidige pagina met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm

O8 - Extra context menu item: Open de huidige pagina met BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

O8 - Extra context menu item: Open doel met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm

O8 - Extra context menu item: Plaats de huidige pagina in de BID wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm

O8 - Extra context menu item: Plaats doel met BID in wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI3DFC~1\OFFICE11\REFIEBAR.DLL

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\photoshop\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Unknown owner - E:\Nieuwe map\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Quick PDF Tools Background Service (QuickPDFTCPService0719) - Debenu Pty Ltd - E:\Quick PDF Tools\QuickPDFTCP0719.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - E:\Stuffit\ArcNameService.exe

--

End of file - 11620 bytes

Hoi Jan Vrijland,

Heb je vraag verplaatst naar Bestrijding spyware, virussen.

Heb de experts (Kape & Kweezie Wabbit) verwittigd, zodra ze online komen analyseren ze je logje en helpen ze je verder. ;-)

Start Hijackthis op. Selecteer “Scan”. Selecteer alleen de items die hieronder zijn genoemd:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files\Ironsource\searchya\1.5.13.0\bh\searchya.dll

O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O2 - BHO: PhotoPos Toolbar - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll

O2 - BHO: Vuze Remote - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: Foxit PDF Creator Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll

O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuze.dll

O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll

O3 - Toolbar: PhotoPos Toolbar - {5D0EC45B-D2E4-4DD0-A5B2-69DDEFE852A8} - C:\Program Files\PhotoposComTbr\PhotoposComTbrLib.dll

O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

O3 - Toolbar: SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files\Ironsource\searchya\1.5.13.0\searchyaTlbr.dll

O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe"

O4 - HKLM\..\Run: [DATAMNGR] C:\PROGRA~1\SEARCH~1\SEARCH~1\DATAMN~1.EXE

O4 - HKLM\..\Run: [sweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe

O8 - Extra context menu item: Zoek op het web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O20 - AppInit_DLLs: C:\PROGRA~1\SEARCH~1\SEARCH~1\datamngr.dll C:\PROGRA~1\SEARCH~1\SEARCH~1\IEBHO.dll

Klik op 'Fix checked' om de items te verwijderen.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Verwijder Ask Toolbar of Ask.com via Software (indien aanwezig) of verwijder anders volgende vetgedrukte map : C:\Program Files\Ask.com

Download MBAM (Malwarebytes Anti-Malware)

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht, samen met een nieuw HijackThis log.

Beste Kape,

Bedankt voor je goede hulp, het systeem draait weer goed.

Ask.com de map verwijderd can C:\program files\

Hierbij de logs van mbam en hijackthis

groet, Jan

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Databaseversie: v2012.04.10.02

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Jan Vrijland-PC [administrator]

10-4-2012 9:31:35

mbam-log-2012-04-10 (09-31-35).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 211558

Verstreken tijd: 8 minuut/minuten, 26 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:29:40, on 10-4-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

E:\PrintScreen\PrintScreen.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Users\Jan Water\AppData\Local\MediaGet2\mediaget.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MSOFFI~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MagicDVDCreator] "E:\Magic DVD Creator\mdc.exe" Hide

O4 - HKLM\..\Run: [sonneDVDCreator] E:\Magic DVD Creator\mdc.exe

O4 - HKLM\..\Run: [Family Tree Builder Update] E:\MyHeritage\Bin\FTBCheckUpdates.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen] E:\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [MediaGet2] C:\Users\Jan Water\AppData\Local\MediaGet2\mediaget.exe --minimized

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html

O8 - Extra context menu item: Open de huidige pagina met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm

O8 - Extra context menu item: Open de huidige pagina met BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

O8 - Extra context menu item: Open doel met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm

O8 - Extra context menu item: Plaats de huidige pagina in de BID wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm

O8 - Extra context menu item: Plaats doel met BID in wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI3DFC~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\photoshop\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Unknown owner - E:\Nieuwe map\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Quick PDF Tools Background Service (QuickPDFTCPService0719) - Debenu Pty Ltd - E:\Quick PDF Tools\QuickPDFTCP0719.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - E:\Stuffit\ArcNameService.exe

--

End of file - 8802 bytes

Nog 2 lijntjes om te fixen.

Start Hijackthis op. Klik met de rechter muisknop op de icoon en kies dan voor “Run as administrator" of "Uitvoeren als administrator".

Selecteer “Do a system scan only”.

Vink alleen de items aan die hieronder zijn genoemd:

O2 - BHO: SearchCore for Browsers - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\PROGRA~1\SEARCH~1\SEARCH~1\BROWSE~1.DLL

O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll

Klik op 'Fix checked' om de items te verwijderen.

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht samen met een nieuw hijackthis logje.

Beste Kweezie Wabbit,

Jouw beschrijving uitgevoerd, zo te zien werkt het als vanouds, dank voor je hulp:

Hier volgen de logbestanden:

ComboFix 12-04-10.02 - Jan Water 11-04-2012 1:05:21.1.4 - x86

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.3071.1821 [GMT 2:00]

Gestart vanuit: C:\Users\Jan Water\Downloads\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

C:\config.bin

C:\config.Bin\15F89706C0892A8

C:\config.Bin\AA99E010C0892A8

C:\Images

C:\Program Files\Windows Searchqu Toolbar

C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe

C:\ProgramData\Tarma Installer

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setup.dll

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\_Setupx.dll

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.dat

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.exe

C:\ProgramData\Tarma Installer\{2E1037EA-038A-425F-86B9-6CD19B8497E9}\Setup.ico

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe

C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico

C:\ProgramData\windows

C:\ProgramData\Windows\dumd.dat

C:\ProgramData\Windows\xdor.dat

C:\Users\Jan Water\AppData\Roaming\Biiqp

C:\Users\Jan Water\AppData\Roaming\Biiqp\ymag.guf

C:\Users\Jan Water\AppData\Roaming\Biiqp\ymag.tmp

C:\Users\Jan Water\AppData\Roaming\Help\coredb\storage

C:\Users\Jan Water\AppData\Roaming\inst.exe

C:\Users\Jan Water\AppData\Roaming\Microsoft\~DFK51266e7.tmp

C:\Users\Jan Water\AppData\Roaming\Microsoft\1eaadjc.dll

C:\Users\Jan Water\AppData\Roaming\Microsoft\bass.dll

C:\Users\Jan Water\AppData\Roaming\Microsoft\kfgresk.dll

C:\Users\Jan Water\AppData\Roaming\Microsoft\mjcriu.dll

C:\Users\Jan Water\AppData\Roaming\Microsoft\peaadje.dll

C:\Users\Jan Water\AppData\Roaming\Microsoft\qwadjb.dll

C:\Users\Jan Water\AppData\Roaming\Microsoft\rsaadjd.dll

C:\Users\Jan Water\AppData\Roaming\PCFix

C:\Users\Jan Water\AppData\Roaming\PCFix\log.dat

C:\Users\Jan Water\AppData\Roaming\PCFix\unresolvederrors.dat

C:\Users\Jan Water\AppData\Roaming\vso_ts_preview.xml

C:\Users\Jan Water\HijackThis.exe

C:\Windows\IsUn0413.exe

C:\Windows\system32\office.exe

E:\Magic DVD Creator\mdc.exe

(((((((((((((((((((( Bestanden Gemaakt van 2012-03-10 to 2012-04-10 ))))))))))))))))))))))))))))))

2012-04-10 23:12:33 . 2012-04-10 23:12:33 -------- d-----w- C:\Users\Default\AppData\Local\temp

2012-04-10 23:10:54 . 2012-04-10 23:10:54 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3AFA553-0EAD-4EB4-B84C-7975FBCEADAE}\offreg.dll

2012-04-10 11:19:52 . 2012-04-10 11:20:03 -------- d-----w- C:\Program Files\MP3Gain

2012-04-09 14:48:44 . 2012-04-09 14:48:45 388096 ----a-r- C:\Users\Jan Water\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-04-09 14:48:44 . 2012-04-09 14:48:44 -------- d-----w- C:\Program Files\Trend Micro

2012-04-07 06:23:20 . 2012-03-14 02:15:38 6582328 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A3AFA553-0EAD-4EB4-B84C-7975FBCEADAE}\mpengine.dll

2012-04-04 23:00:35 . 2012-04-10 04:46:49 -------- d-----w- C:\Users\Jan Water\AppData\Roaming\IrfanView

2012-04-04 23:00:34 . 2012-04-04 23:00:35 -------- d-----w- C:\Program Files\IrfanView

2012-04-01 08:31:22 . 2012-04-03 08:09:44 -------- d-----w- C:\Users\Jan Water\Triggerfinger

2012-03-31 16:43:15 . 2012-03-31 16:43:15 -------- d-----w- C:\Users\Jan Water\Nieuwe map

2012-03-26 01:26:28 . 2012-04-05 22:48:33 -------- d-----w- C:\Users\Jan Water\AppData\Roaming\Media Finder

2012-03-13 23:38:43 . 2011-11-19 14:50:02 3968368 ----a-w- C:\Windows\system32\ntkrnlpa.exe

2012-03-13 23:38:42 . 2011-11-19 14:50:02 3913584 ----a-w- C:\Windows\system32\ntoskrnl.exe

2012-03-13 21:38:00 . 2012-02-03 03:54:27 2343424 ----a-w- C:\Windows\system32\win32k.sys

2012-03-13 21:37:59 . 2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\system32\DWrite.dll

2012-03-13 17:09:54 . 2012-01-25 05:27:51 8192 ----a-w- C:\Windows\system32\rdrmemptylst.exe

2012-03-13 17:09:53 . 2012-01-25 05:32:35 58880 ----a-w- C:\Windows\system32\rdpwsx.dll

2012-03-13 17:09:53 . 2012-01-25 05:32:34 129536 ----a-w- C:\Windows\system32\rdpcorekmts.dll

2012-03-13 17:09:51 . 2012-02-17 05:34:22 826880 ----a-w- C:\Windows\system32\rdpcore.dll

2012-03-13 17:09:51 . 2012-02-17 04:13:22 24576 ----a-w- C:\Windows\system32\drivers\tdtcp.sys

2012-03-13 17:09:50 . 2012-02-17 04:14:08 183808 ----a-w- C:\Windows\system32\drivers\rdpwd.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-04 13:56:40 . 2011-09-08 04:07:31 22344 ----a-w- C:\Windows\system32\drivers\mbam.sys

2012-03-08 14:55:19 . 2012-03-08 14:55:17 162037 ----a-w- C:\Windows\Animated GIF Converter and Booster Pack Uninstaller.exe

2012-02-23 16:23:26 . 2011-04-30 03:12:03 41184 ----a-w- C:\Windows\avastSS.scr

2012-02-23 16:23:21 . 2011-04-30 03:12:03 201352 ----a-w- C:\Windows\system32\aswBoot.exe

2012-02-23 16:12:28 . 2011-04-30 03:12:23 610648 ----a-w- C:\Windows\system32\drivers\aswSnx.sys

2012-02-23 16:12:16 . 2011-04-30 03:12:25 337112 ----a-w- C:\Windows\system32\drivers\aswSP.sys

2012-02-23 16:10:59 . 2012-02-25 06:31:01 44376 ----a-w- C:\Windows\system32\drivers\aswRdr2.sys

2012-02-23 16:10:39 . 2011-04-30 03:12:23 53848 ----a-w- C:\Windows\system32\drivers\aswTdi.sys

2012-02-23 16:10:34 . 2011-04-30 03:12:21 57688 ----a-w- C:\Windows\system32\drivers\aswMonFlt.sys

2012-02-23 16:10:16 . 2011-04-30 03:12:26 20696 ----a-w- C:\Windows\system32\drivers\aswFsBlk.sys

2012-02-23 08:18:36 . 2011-04-29 14:39:51 237072 ------w- C:\Windows\system32\MpSigStub.exe

2012-02-04 16:04:04 . 2012-02-04 15:52:44 47360 ----a-w- C:\Users\Jan Water\AppData\Roaming\pcouffin.sys

2012-02-04 15:52:44 . 2012-02-04 15:52:44 47360 ----a-w- C:\Windows\system32\drivers\pcouffin.sys

2012-01-15 17:43:34 . 2011-05-22 21:11:35 414368 ----a-w- C:\Windows\system32\FlashPlayerCPLApp.cpl

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

[-] 2011-08-02 16:47:15 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\System32\user32.dll

[7] 2010-11-20 21:29:20 . F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 . 811520 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] . . C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-02-23 16:23:13 123536 ----a-w- C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]

@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"

[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]

2010-07-07 17:57:55 153064 ----a-w- C:\Windows\System32\pfmshx_463.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 17:03:40 152872]

"Gadwin PrintScreen"="E:\PrintScreen\PrintScreen.exe" [2011-05-03 09:18:01 487424]

"MediaGet2"="C:\Users\Jan Water\AppData\Local\MediaGet2\mediaget.exe" [2012-03-14 01:30:45 8138472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-02-23 16:23:24 4031368]

"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 13:57:24 153136]

"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 10:59:52 254696]

"Family Tree Builder Update"="E:\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-06-21 21:18:18 225280]

"APSDaemon"="C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 05:22:28 59240]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2011-11-12 23:24:58 421736]

"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2009-11-09 03:17:50 180224]

"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 11:55:28 937920]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 11:16:28 130384]

R2 iPodDrv;iPodDrv;C:\Windows\system32\drivers\iPodDrv.sys [x]

R3 APL531;OVT Scanner;C:\Windows\system32\Drivers\ov550i.sys [2006-07-31 05:44:00 580992]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe [2010-12-28 08:00:34 1296728]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 10:10:02 3276800]

R3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2010-02-03 10:21:56 50704]

R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 20:37:50 4640000]

R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 21:29:24 52224]

R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 21:29:03 27264]

R3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe [2011-04-30 03:55:14 1343400]

R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 14:33:04 51040]

S0 hotcore3;hc3ServiceName;C:\Windows\system32\DRIVERS\hotcore3.sys [2011-05-17 17:53:24 57312]

S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [2011-05-07 02:26:35 691696]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 pfmfs_463;pfmfs_463;C:\Windows\system32\Drivers\pfmfs_463.sys [2010-07-07 17:58:31 191848]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 23:52:04 48128]

S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;E:\photoshop\PhotoshopElementsFileAgent.exe [2008-09-16 10:03:18 169312]

S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 11:55:28 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;C:\Windows\system32\drivers\aswMonFlt.sys [2012-02-23 16:10:34 57688]

S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 16:09:10 1253376]

S2 QuickPDFTCPService0719;Quick PDF Tools Background Service;E:\Quick PDF Tools\QuickPDFTCP0719.exe [2010-04-27 19:07:06 1899008]

S3 AtcL001;NDIS-minipoortstuurprogramma voor L1 Gigabit Ethernet-controller van Atheros;C:\Windows\system32\DRIVERS\l160x86.sys [2009-07-13 22:02:46 47104]

S3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwlhigh6.sys [2009-11-06 07:37:20 699896]

S3 pcouffin;VSO Software pcouffin;C:\Windows\system32\Drivers\pcouffin.sys [2012-02-04 15:52:44 47360]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 23:52:10 14336]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - WS2IFSL

------- Bijkomende Scan -------

uStart Page = hxxp://www.google.nl/

uInternet Settings,ProxyOverride = *.local

IE: Download with &Media Finder - C:\Program Files\Media Finder\hook.html

IE: Open de huidige pagina met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm

IE: Open de huidige pagina met BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

IE: Open doel met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm

IE: Plaats de huidige pagina in de BID wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm

IE: Plaats doel met BID in wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

TCP: DhcpNameServer = 213.46.228.196 62.179.104.196

- - - - ORPHANS VERWIJDERD - - - -

Toolbar-10 - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-MagicDVDCreator - E:\Magic DVD Creator\mdc.exe

HKLM-Run-SonneDVDCreator - E:\Magic DVD Creator\mdc.exe

AddRemove-EPSON Photo Print - C:\Windows\IsUn0413.exe

AddRemove-OVT Scanner - C:\Windows\omniuns.exe USB\Vid_05a9&PID_1550 OVT Scanner

AddRemove-Searchqu 421 MediaBar - C:\Program Files\Windows Searchqu Toolbar\Datamngr\ToolBar\uninstallTB.exe

AddRemove-{889DF117-14D1-44EE-9F31-C5FB5D47F68B} - C:\PROGRA~2\TARMAI~1\{889DF~1\Setup.exe

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:31:08, on 11-4-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

E:\PrintScreen\PrintScreen.exe

C:\Users\Jan Water\AppData\Local\MediaGet2\mediaget.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - E:\MSOFFI~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [MagicDVDCreator] "E:\Magic DVD Creator\mdc.exe" Hide

O4 - HKLM\..\Run: [sonneDVDCreator] E:\Magic DVD Creator\mdc.exe

O4 - HKLM\..\Run: [Family Tree Builder Update] E:\MyHeritage\Bin\FTBCheckUpdates.exe

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [Gadwin PrintScreen] E:\PrintScreen\PrintScreen.exe /nosplash

O4 - HKCU\..\Run: [MediaGet2] C:\Users\Jan Water\AppData\Local\MediaGet2\mediaget.exe --minimized

O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html

O8 - Extra context menu item: Open de huidige pagina met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebid.htm

O8 - Extra context menu item: Open de huidige pagina met BID Link Explorer - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

O8 - Extra context menu item: Open doel met BID - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlink.htm

O8 - Extra context menu item: Plaats de huidige pagina in de BID wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidqueue.htm

O8 - Extra context menu item: Plaats doel met BID in wachtrij - file://C:\Program Files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI3DFC~1\OFFICE11\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - E:\photoshop\PhotoshopElementsFileAgent.exe

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files\BitComet\tools\BitCometService.exe

O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe

O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: NBService - Unknown owner - E:\Nieuwe map\Nero 7\Nero BackItUp\NBService.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Quick PDF Tools Background Service (QuickPDFTCPService0719) - Debenu Pty Ltd - E:\Quick PDF Tools\QuickPDFTCP0719.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Stuffit Archive Name Service - Smith Micro Software, Inc. - E:\Stuffit\ArcNameService.exe

--

End of file - 8179 bytes

Probleem van de baan en dan gaan we opruimen.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner. (Als je het nog niet hebt)

Let op bij de installatie.

Haal beide vinkjes weg bij de vraag over de Chrome browser.

Installeer het en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Bevestigen met JA of OK

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, lees dan deze handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar kunnen besmette herstelpunten tussen zitten die je zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Configuratiescherm -> Systeem en Onderhoud -> Systeem -> tabblad "Systeembeveiliging" -> vinkje weghalen bij de schijf waarvan je de herstelpunten wil verwijderen -> klikken op "toepassen".

Dan krijg je de schermmelding “Weet u zeker dat u systeemherstel wil uitschakelen”. Klik hier op “Systeemherstel uitschakelen”. Dan zijn alle herstelpunten verwijderd op de aangeduide schijf.

Zet daarna opnieuw een vinkje bij de harde schijf. Maak meteen ook een nieuw herstelpunt, zodat je niet hoeft te wachten op een automatisch herstelpunt van het systeem.

En dan mag je dit onderwerp afsluiten door een klik op de knop +Markeer als opgelost.

Nog veel computerplezier