The Lis 100

Heren,

Naar ik denk is door kortsluiting elders in huis is de stroom er een aantal keren uitgeklapt.

Sindsdien kan ik mijn bestanden op mijn Iomega ix2-200 storcenter niet meer benaderen.

Deze stond ingesteld op mirror.

In meldingsmails die ik van het storcenter krijg, worden fouten 109 en 101 aangegeven.

Op het dashboard geeft hij aan dat er een nieuwe disk (weet niet of hij 1 of 2 bedoeld) in zit. Dit is niet zo, het zijn gewoon de disks van voor dit probleem.

Hoe kom ik hier langs? Want het enige wat je kan kiezen is mijn inziens of je de (eigenlijke niet) nieuwe disk wil deleten. Dit wil ik natuurlijk niet.

Hoe kan ik eventueel de andere schijf benaderen om daar bij de ge'mirror'de gegevens te komen?

Mijn computers hangen via wifi aan een router, waaraan ook het storcenter hangt.

Kan iemand mij helpen?

Overigens afgelopen zaterdag onderstaande meldingsmail ontvangen. Is daardoor mogelijk een verschil tussen disk 1 en 2 ontstaan.

The Iomega StorCenter device has completed data protection reconstruction. Device Information: 192.168.0.102, 2.1.25.229, Iomega StorCenter ix2-200, 00D0B80CC279

Hoi Kurtt,

Ik had dat al gedaan voor ik bericht 9 (gisteren) plaatste, maar daar stond alleen Bing.

Zojuist nog eens gecheckt, zowel bij toolbars/extentions (alleen gerenomeerder namen als google, adobe en apple, symantec, oracle) als search providers (weer alleen Bing) geen Babylon.

Als ik nu net check of ik babylon tegenkom bij invullen van de Adresbox met een zoekterm, Gaat het goed bij Chrome en IE9. Maar binnen Firefox steekt Babylon toch de kop nog op.

Terwijl Firefox toch eigenlijk wel 95%van de tijd gebruikt wordt.

Dus blijft mijn vraag: wat nu?

Kape,

Ik weet dat Search the Web Babylon is, maar dat ter zijde.

Maar is het "simpel" verwijderen uit de lijst van zoekmachines genoeg?

Kurtt, Kape,

Add ons IE9 en Firefox 13 niks.

Extenties Chrome >> Bij instellingen staat bij ZOEKEN via de OMNIBOX: Search the web: Babylon Search.

Wat moet ik hier aan doen? Alleen maar niet meer selecteren lijkt me niet genoeg.Ik hoor/zie het graag.

Hoi Kape,

Eerst even een snelle reactie op je laatste vraag: Als je als standaard Firefox aanhoudt en dat ik daarnaast weleens Chrome gebruik heb ik bij beide een vergelijkbaar probleem.

---------- Post toegevoegd om 00:22 ---------- Vorige post was om 00:14 ----------

Met regedit kom ik nergens 'babylon' tegen!

Heren, Kape,

Hierbij mijn ComboFix-log:

ComboFix 12-07-01.03 - Delicious 01-07-2012 20:47:07.7.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4087.3076 [GMT 2:00]

Gestart vanuit: c:\users\Delicious\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Nieuw herstelpunt werd aangemaakt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-06-01 to 2012-07-01 ))))))))))))))))))))))))))))))

.

.

2012-07-01 18:51 . 2012-07-01 18:51 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-07-01 18:51 . 2012-07-01 18:51 -------- d-----w- c:\users\Public\AppData\Local\temp

2012-07-01 18:51 . 2012-07-01 18:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-23 07:43 . 2012-06-23 07:43 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-23 07:43 . 2012-06-23 07:43 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-06-23 04:36 . 2012-06-23 04:36 -------- d-----w- c:\users\Delicious\AppData\Local\Macromedia

2012-06-19 16:01 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-19 16:01 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-19 16:01 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-19 16:01 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-19 16:01 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-19 16:01 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-19 16:01 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-19 16:00 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-19 16:00 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-14 17:03 . 2012-06-14 17:03 -------- d-----w- c:\programdata\AVS4YOU

2012-06-14 17:03 . 2012-06-14 17:03 -------- d-----w- c:\users\Delicious\AppData\Roaming\AVS4YOU

2012-06-14 17:02 . 2011-09-16 16:00 11137024 ----a-w- c:\windows\SysWow64\libmfxsw32.dll

2012-06-14 17:02 . 2012-06-14 17:03 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia

2012-06-14 17:02 . 2012-06-14 17:03 -------- d-----w- c:\program files (x86)\AVS4YOU

2012-06-14 17:02 . 2011-06-23 11:25 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll

2012-06-05 18:32 . 2012-06-05 18:33 -------- d-----w- c:\users\Delicious\Dropbox Delicious

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-23 04:34 . 2012-04-24 21:34 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-06-23 04:34 . 2011-12-17 06:56 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-25 12:54 . 2011-06-17 17:11 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2012-05-11 22:16 . 2012-05-11 22:16 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-29 22:13 . 2012-04-29 22:13 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll

2012-04-29 22:12 . 2012-04-29 22:12 856712 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll

2012-04-05 21:21 . 2012-04-05 21:21 637848 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-04-05 21:21 . 2010-06-09 20:13 567696 ----a-w- c:\windows\SysWow64\deployJava1.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2012-06-30_20.13.23 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-01 14:09 . 2012-07-01 17:41 58278 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10 . 2012-06-30 19:38 39674 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-07-01 17:41 39674 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-06-09 16:18 . 2012-07-01 17:41 19300 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3833334105-211611375-3819974610-1001_UserData.bin

- 2012-06-30 20:12 . 2012-06-30 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-07-01 18:52 . 2012-07-01 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-06-30 20:12 . 2012-06-30 20:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-01 18:52 . 2012-07-01 18:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-06-09 19:43 . 2012-07-01 18:42 302898 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2010-06-09 19:43 . 2012-06-29 17:16 302898 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

- 2009-07-14 05:01 . 2012-06-30 20:12 376424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-07-01 18:51 376424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-12-17 21:58 . 2012-07-01 18:51 29592188 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3833334105-211611375-3819974610-1001-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Delicious\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Delicious\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Delicious\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Device Detection"="c:\program files (x86)\HEMA Fotoservice\dd.exe" [2012-04-04 789104]

"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Delicious\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Delicious\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\WLANUtil.exe [2011-3-25 1626112]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 136176]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 136176]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 23152]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-23 113120]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1255736]

R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys [2012-06-19 1161376]

S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120629.001\IDSvia64.sys [2012-06-29 509088]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Sitecom\Common\RaRegistry64.exe [2009-12-15 212256]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-04-20 92592]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2010-07-27 1241952]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-01-28 86120]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 04:34]

.

2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

2012-07-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Delicious\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Delicious\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Delicious\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Delicious\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Delicious\AppData\Roaming\Mozilla\Firefox\Profiles\poycyt9o.default\

.

.

------- Bestandsassociaties -------

.

.txt=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,cb,e2,b7,f2,9b,95,48,8d,4b,1d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,cb,e2,b7,f2,9b,95,48,8d,4b,1d,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Sitecom\Common\RaRegistry.exe

.

**************************************************************************

.

Voltooingstijd: 2012-07-01 20:56:28 - machine werd herstart

ComboFix-quarantined-files.txt 2012-07-01 18:56

ComboFix2.txt 2012-06-30 20:17

ComboFix3.txt 2012-06-29 22:56

ComboFix4.txt 2012-03-25 12:40

.

Pre-Run: 909.143.363.584 bytes beschikbaar

Post-Run: 908.915.974.144 bytes beschikbaar

.

- - End Of File - - DF324DC75DC184D69E89EF713B480DD8

had een paar maanden terug al last van Babylon als zoek machine. Jullie konden toen niet alles vinden (een hoop wel trouwens). Maar ik wil toch jullie toch nog eens laten kijken.

Probleem: Als ik in de adresbalk (dus niet de zoekmachinebalk rechtsboven) alleen een paar zoektermen zet komt, verschijnt Babylon met zoekresultaten. Terwijl er dan "vroeger" toch echt google zoekresultaten kwamen. Gebruik ik de de zoekmachinebalk rechtsboven komen er wel gewoon google resultaten. Ditlaatste geldt ook voor als ik gewoon een google-startpagina gebruik.

Ik heb ook Chrome geïnstalleerd staan die ook heel gauw met Babylon zoekresultaten komt.

Als eerste dus maar eens een HJT-logje.

Als er meer ndgi is hoor ik het wel.

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 19:36:53, on 28-6-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16446)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

C:\Program Files (x86)\HEMA Fotoservice\dd.exe

C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

C:\Users\Delicious\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Delicious\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Device Detection] C:\Program Files (x86)\HEMA Fotoservice\dd.exe

O4 - HKCU\..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\Users\DELICI~1\AppData\Local\Temp\E_SCED8.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - HKUS\S-1-5-21-3833334105-211611375-3819974610-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3833334105-211611375-3819974610-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Dropbox.lnk = Delicious\AppData\Roaming\Dropbox\bin\Dropbox.exe

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10342 bytes

Hoi Kape,

Java conform bovenstaande geinstalleerd.

Naar aanleiding van je laatste opmerking nog eens naar register gekeken. Bij het zoeken had ik tot nu toe met 'hele tekenreeks' aangevinkt gekeken. Vinkje uitgezet en nog eens gezocht. Kom ik nog 3x Babylon tegen. Blijkbaar was me register dus toch niet helemaal schoon. Ik had je onbedoeld dus verkeerde info gegeven.

Overigens blijft na het verwijderen van e.e.a. en afsluiten van register toch nog zoekresultaten van Babylon. Nog een idee voor beter doorzoeken van evt. register? Heb gezocht op babylon, baby en bab. Krijg wel wat zoekresultaten in regedit op bab, maar durf ook niet zomaar alles daarvan weg te gooien. Het kan ook een toevallige combinatie van letter zijn.

Aan deze twijfel ik bv. nog:

computer\HKEY_CLASSES_ROOT\AppID\{c2a71820-3463-498f-bab7-4798795a4ff6

vanwege de 'bab7'

Nee, dit zijn gewoon screenshots van Firefox. Als je in het menu Beeld kies en dan bij werkbalken de menubalk uitzet ziet Firefox er zo uit met het oranje Firefox tabje linksboven. Als je deze aankilkt zitten daar de verschillende menukeuzes. Alleen iets anders gerubriceerd dan de menubalk. Maar gewoon standaard Firefox volgens mij. Dat de achtergrond van de rand van Firefox verschilt komt omdat er persona's rouleren.

Bij de Plugins ook niets dat op Babylon wijst (zie onderstaand screenshot, ook Firefox, maar even volledige schermmodus zodat alles op één screenshot past).

[ATTACH=CONFIG]17653[/ATTACH]

Bijgaand 2 screenshots.

zoekterm 'barendrecht' in adresbalk getikt,

resulteren in zoekresultaten voor 'barendrecht' van Babylon. Dit was altijd van Google.

Als ik overigens het rechterbalkje (waar je ook de keuze voor de zoekmachines doet) gebruik, krijg ik wel google-zoekresultaten.

Geen Add-Ons met iets babylon-achtigs.

Ik denk overigens dat babylon mee gekomen is met een download van PDFcreator bij Sourceforge.

Ja die staan er nog: google, wiki, bol, marktplaats, bing zijn de keuzes.

Nu ik net na een paar uurtjes (slaapstand) weer zoekwoorden in de adresbalk tik, komt babylon weer het zoekresultaten.

Sh*t! Wat is toch de lol van de makers van dit soort meuk.

Terug On Topic: wat nu??

Ik heb regedit uitgevoerd en 'babylon' overal uit mijn register gehaald. Ook met zoekwoorden in de adresbalk krijg ik ook geen babylon-zoekresultaten meer.

Trouwens sowieso geen zoekresultaten. hij komt alleen met een hint van moet het geen www. zoekwoord .nl of .com zijn.

Nog ergens iets instellen??

Beste Kape,

Combofix & directory c:\Qoobox zijn verwijderd. CCleaner gedraaid zonder problemen.

ALs aangegeven in bericht #13 hierboven "Als ik een nieuw browservenster start krijg ik geen Babylon meer, bij de zoekmachines staat Babylon ook niet, maar als ik in de adresbalk zoektermen intik, komen er Babylon zoekresultaten en geen Google zoekresultaten.". Dit is dus nog niet veranderd.

1. Verwijderen ComboFix: Norton was me al voor. Uninstallen lukt dan niet meer. Maakt dit uit?

2. Directory c:\Qoobox verwijderen lukt niet (moet als administrator en die weet ik niet te zitten als deze niet onder de rechte muisknop zit). Tips welkom.

3. CCleaner nog even niet gedraaid.

Hoi Kape,

Je hebt gelijk. Er zit nog meer Babylon-rotzooi op mijn computer. Ik heb wat te snel gereageerd. Als ik een nieuw browservenster start krijg ik geen Babylon meer, bij de zoekmachines staat Babylon ook niet, maar als ik in de adresbalk zoektermen intik, komen er Babylon zoekresultaten en geen Google zoekresultaten.

Toch nog steeds de door jou hierboven aangegeven acties ondernemen? Of zit het dieper? Ik wacht even een signaal van jullie af.

Hierbij inhoud van Combfix.txt na herstart als hierboven aangegeven.

Ik zie niks meer van Babylon, niet bij het opstarten van Firefox, niet bij de zoekmachines.

Bedankt!

ComboFix 12-03-22.01 - Delicious 25-03-2012 14:29:06.5.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4087.2010 [GMT 2:00]

Gestart vanuit: c:\users\Delicious\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Delicious\Desktop\CFScript.txt

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"C:\user.js"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Babylon

C:\user.js

c:\users\Delicious\AppData\Local\Babylon

c:\users\Delicious\AppData\Local\Babylon\Setup\bab033.tbinst.dat

c:\users\Delicious\AppData\Local\Babylon\Setup\bab091.norecovericon.dat

c:\users\Delicious\AppData\Local\Babylon\Setup\Babylon.dat

c:\users\Delicious\AppData\Local\Babylon\Setup\BExternal.dll

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\eula.html

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\globe.png

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\options.js

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\page0.html

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\page2.css

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\page2.html

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\page3.css

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\page3.html

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\progress.png

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\setup.js

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\title.png

c:\users\Delicious\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg

c:\users\Delicious\AppData\Local\Babylon\Setup\IECookieLow.dll

c:\users\Delicious\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb

c:\users\Delicious\AppData\Local\Babylon\Setup\Setup.exe

c:\users\Delicious\AppData\Local\Babylon\Setup\SetupStrings.dat

c:\users\Delicious\AppData\Local\Babylon\Setup\sqlite3.dll

c:\users\Delicious\AppData\Roaming\Babylon

c:\users\Delicious\AppData\Roaming\Babylon\log_file.txt

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-25 to 2012-03-25 ))))))))))))))))))))))))))))))

.

.

2012-03-25 12:35 . 2012-03-25 12:35 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-03-25 12:35 . 2012-03-25 12:35 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-03-25 11:14 . 2012-03-25 11:14 -------- d-----w- c:\program files\Microsoft Silverlight

2012-03-25 11:14 . 2012-03-25 11:14 -------- d-----w- c:\program files (x86)\Microsoft Silverlight

2012-03-24 15:58 . 2012-03-24 15:58 -------- d-----w- c:\users\Delicious\AppData\Roaming\Malwarebytes

2012-03-24 15:58 . 2012-03-24 15:58 -------- d-----w- c:\programdata\Malwarebytes

2012-03-24 15:58 . 2012-03-24 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-24 15:58 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-22 19:14 . 2012-03-22 19:14 -------- d-----w- c:\program files (x86)\hpmon

2012-03-22 19:14 . 2012-03-22 19:14 -------- d-----w- c:\users\Delicious\AppData\Roaming\pdfforge

2012-03-22 19:13 . 2012-03-14 16:23 65024 ----a-w- c:\windows\system32\pdfcmon.dll

2012-03-22 19:13 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX

2012-03-22 19:13 . 2012-03-22 19:14 -------- d-----w- c:\program files (x86)\PDFCreator

2012-03-22 19:13 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL

2012-03-18 18:55 . 2012-03-18 18:55 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 18:55 . 2012-03-18 18:55 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 22:14 . 2012-03-15 22:37 -------- d-----w- c:\users\Delicious\AppData\Roaming\FileZilla

2012-03-15 22:14 . 2012-03-15 22:14 -------- d-----w- c:\program files (x86)\FileZilla FTP Client

2012-03-15 21:59 . 2012-03-15 21:59 -------- d-----w- c:\users\Delicious\joomla253

2012-03-14 11:14 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 11:14 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 11:14 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 11:05 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 11:05 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 11:05 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-13 17:48 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 17:48 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 17:48 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 17:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 17:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-13 17:48 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 17:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-09 23:20 . 2005-09-23 16:02 887296 ----a-w- c:\windows\SysWow64\KsDHTMLEDLib.ocx

2012-03-09 23:20 . 2012-03-09 23:30 -------- d-----w- c:\program files (x86)\Evrsoft First Page 2006

2012-03-09 19:01 . 1998-12-18 13:17 164112 ----a-w- c:\windows\SysWow64\temp.005

2012-03-09 19:01 . 1998-12-18 12:27 598288 ----a-w- c:\windows\SysWow64\temp.004

2012-03-09 19:01 . 1998-05-26 16:22 402481 ----a-w- c:\windows\SysWow64\temp.006

2012-03-09 19:01 . 1998-05-06 23:00 174352 ----a-w- c:\windows\SysWow64\temp.007

2012-03-09 19:01 . 2012-03-09 19:04 -------- d-----w- c:\program files (x86)\PageBreeze

2012-03-09 19:01 . 1999-07-04 14:55 266293 ----a-w- c:\windows\SysWow64\temp.001

2012-03-09 19:01 . 1998-12-18 12:27 147728 ----a-w- c:\windows\SysWow64\temp.000

2012-03-09 19:01 . 1998-12-18 12:27 17920 ----a-w- c:\windows\SysWow64\temp.002

2012-03-09 19:01 . 1998-09-24 23:00 1409024 ----a-w- c:\windows\SysWow64\temp.003

2012-03-09 18:28 . 2012-03-09 18:28 -------- d-----w- c:\users\Delicious\AppData\Roaming\Disruptive Innovations SARL

2012-03-09 18:28 . 2012-03-09 18:28 -------- d-----w- c:\users\Delicious\AppData\Local\Disruptive Innovations SARL

2012-03-09 18:09 . 2012-03-09 18:10 -------- d-----w- c:\users\Delicious\Adobe Dreamweaver CS5.5

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-04 10:44 . 2012-02-15 10:24 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 10:24 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-15 10:23 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-15 10:23 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-15 10:23 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((( SnapShot@2012-03-25_10.56.05 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-02-01 14:09 . 2012-03-25 11:07 51694 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-03-25 11:07 39140 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-06-09 16:18 . 2012-03-25 11:07 15742 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3833334105-211611375-3819974610-1001_UserData.bin

+ 2011-11-18 11:04 . 2011-11-18 11:04 39936 c:\windows\Installer\86b40.msi

+ 2012-03-25 12:36 . 2012-03-25 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-03-25 10:55 . 2012-03-25 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-03-25 12:36 . 2012-03-25 12:36 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-03-25 10:55 . 2012-03-25 10:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 09:16 . 2012-03-25 10:48 701548 c:\windows\system32\perfh013.dat

+ 2009-07-14 09:16 . 2012-03-25 11:09 701548 c:\windows\system32\perfh013.dat

- 2009-07-14 02:36 . 2012-03-25 10:48 616032 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-03-25 11:09 616032 c:\windows\system32\perfh009.dat

+ 2009-07-14 09:16 . 2012-03-25 11:09 133580 c:\windows\system32\perfc013.dat

- 2009-07-14 09:16 . 2012-03-25 10:48 133580 c:\windows\system32\perfc013.dat

+ 2009-07-14 02:36 . 2012-03-25 11:09 106412 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-03-25 10:48 106412 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-03-25 12:35 367128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-03-25 10:54 367128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2010-12-17 21:58 . 2012-03-25 12:35 63956048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3833334105-211611375-3819974610-1001-8192.dat

+ 2012-03-25 11:14 . 2012-03-25 11:14 52920320 c:\windows\Installer\86b47.msp

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Device Detection"="c:\program files (x86)\HEMA Fotoservice\dd.exe" [2012-01-25 786680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Delicious\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\WLANUtil.exe [2011-3-25 1626112]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 136176]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-06 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Sitecom\Common\RaRegistry64.exe [2009-12-15 212256]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Delicious\AppData\Roaming\Mozilla\Firefox\Profiles\poycyt9o.default\

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,cb,e2,b7,f2,9b,95,48,8d,4b,1d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,cb,e2,b7,f2,9b,95,48,8d,4b,1d,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Sitecom\Common\RaRegistry.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-25 14:40:13 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-25 12:40

ComboFix2.txt 2012-03-25 10:59

.

Pre-Run: 917.571.158.016 bytes beschikbaar

Post-Run: 917.269.663.744 bytes beschikbaar

.

- - End Of File - - BC1D5A6CE5C33C1E95E3DE13F32041E9

Heren,

Bijgaand Combofix-logbestand:

ComboFix 12-03-22.01 - Delicious 25-03-2012 12:48:50.4.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4087.2339 [GMT 2:00]

Gestart vanuit: c:\users\Delicious\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-02-25 to 2012-03-25 ))))))))))))))))))))))))))))))

.

.

2012-03-24 15:58 . 2012-03-24 15:58 -------- d-----w- c:\users\Delicious\AppData\Roaming\Malwarebytes

2012-03-24 15:58 . 2012-03-24 15:58 -------- d-----w- c:\programdata\Malwarebytes

2012-03-24 15:58 . 2012-03-24 15:58 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-03-24 15:58 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-22 19:14 . 2012-03-22 19:14 -------- d-----w- c:\program files (x86)\hpmon

2012-03-22 19:14 . 2012-03-22 19:14 237 ----a-w- C:\user.js

2012-03-22 19:14 . 2012-03-22 19:14 -------- d-----w- c:\users\Delicious\AppData\Local\Babylon

2012-03-22 19:14 . 2012-03-22 19:14 -------- d-----w- c:\users\Delicious\AppData\Roaming\Babylon

2012-03-22 19:14 . 2012-03-22 19:14 -------- d-----w- c:\programdata\Babylon

2012-03-22 19:14 . 2012-03-22 19:14 -------- d-----w- c:\users\Delicious\AppData\Roaming\pdfforge

2012-03-22 19:13 . 2012-03-14 16:23 65024 ----a-w- c:\windows\system32\pdfcmon.dll

2012-03-22 19:13 . 1998-06-23 23:00 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX

2012-03-22 19:13 . 2012-03-22 19:14 -------- d-----w- c:\program files (x86)\PDFCreator

2012-03-22 19:13 . 1998-07-05 23:00 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL

2012-03-18 18:55 . 2012-03-18 18:55 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-18 18:55 . 2012-03-18 18:55 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-03-15 22:14 . 2012-03-15 22:37 -------- d-----w- c:\users\Delicious\AppData\Roaming\FileZilla

2012-03-15 22:14 . 2012-03-15 22:14 -------- d-----w- c:\program files (x86)\FileZilla FTP Client

2012-03-15 21:59 . 2012-03-15 21:59 -------- d-----w- c:\users\Delicious\joomla253

2012-03-14 11:14 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-14 11:14 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-14 11:14 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-14 11:05 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-03-14 11:05 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-03-14 11:05 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-03-13 17:48 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-03-13 17:48 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-03-13 17:48 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-03-13 17:48 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-03-13 17:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-03-13 17:48 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-03-13 17:48 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-03-09 23:20 . 2005-09-23 16:02 887296 ----a-w- c:\windows\SysWow64\KsDHTMLEDLib.ocx

2012-03-09 23:20 . 2012-03-09 23:30 -------- d-----w- c:\program files (x86)\Evrsoft First Page 2006

2012-03-09 19:01 . 1998-12-18 13:17 164112 ----a-w- c:\windows\SysWow64\temp.005

2012-03-09 19:01 . 1998-12-18 12:27 598288 ----a-w- c:\windows\SysWow64\temp.004

2012-03-09 19:01 . 1998-05-26 16:22 402481 ----a-w- c:\windows\SysWow64\temp.006

2012-03-09 19:01 . 1998-05-06 23:00 174352 ----a-w- c:\windows\SysWow64\temp.007

2012-03-09 19:01 . 2012-03-09 19:04 -------- d-----w- c:\program files (x86)\PageBreeze

2012-03-09 19:01 . 1999-07-04 14:55 266293 ----a-w- c:\windows\SysWow64\temp.001

2012-03-09 19:01 . 1998-12-18 12:27 147728 ----a-w- c:\windows\SysWow64\temp.000

2012-03-09 19:01 . 1998-12-18 12:27 17920 ----a-w- c:\windows\SysWow64\temp.002

2012-03-09 19:01 . 1998-09-24 23:00 1409024 ----a-w- c:\windows\SysWow64\temp.003

2012-03-09 18:28 . 2012-03-09 18:28 -------- d-----w- c:\users\Delicious\AppData\Roaming\Disruptive Innovations SARL

2012-03-09 18:28 . 2012-03-09 18:28 -------- d-----w- c:\users\Delicious\AppData\Local\Disruptive Innovations SARL

2012-03-09 18:09 . 2012-03-09 18:10 -------- d-----w- c:\users\Delicious\Adobe Dreamweaver CS5.5

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-01-04 10:44 . 2012-02-15 10:24 509952 ----a-w- c:\windows\system32\ntshrui.dll

2012-01-04 08:58 . 2012-02-15 10:24 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll

2011-12-30 06:26 . 2012-02-15 10:23 515584 ----a-w- c:\windows\system32\timedate.cpl

2011-12-30 05:27 . 2012-02-15 10:23 478720 ----a-w- c:\windows\SysWow64\timedate.cpl

2011-12-28 03:59 . 2012-02-15 10:23 498688 ----a-w- c:\windows\system32\drivers\afd.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"Device Detection"="c:\program files (x86)\HEMA Fotoservice\dd.exe" [2012-01-25 786680]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]

"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]

.

c:\users\Delicious\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Sitecom Wireless Utility.lnk - c:\program files (x86)\Sitecom\Common\WLANUtil.exe [2011-3-25 1626112]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Updateservice (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 136176]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 136176]

R3 Prot6Flt;Prot6Flt;c:\windows\system32\DRIVERS\Prot6Flt.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-06 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]

S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]

S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Sitecom\Common\RaRegistry64.exe [2009-12-15 212256]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 138360]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

Inhoud van de 'Gedeelde Taken' map

.

2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

2012-03-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 15:04]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\Delicious\AppData\Roaming\Mozilla\Firefox\Profiles\poycyt9o.default\

FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=111304&babsrc=HP_ss&mntrId=3e3389b9000000000000000cf6a8a8e1

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=111304&babsrc=KW_ss&mntrId=3e3389b9000000000000000cf6a8a8e1&q=

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - 3e3389b9000000000000000cf6a8a8e1

FF - user.js: extensions.BabylonToolbar_i.hardId - 3e3389b9000000000000000cf6a8a8e1

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15421

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1720:14

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

------- Bestandsassociaties -------

.

.txt=

.

- - - - ORPHANS VERWIJDERD - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,cb,e2,b7,f2,9b,95,48,8d,4b,1d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,be,cb,e2,b7,f2,9b,95,48,8d,4b,1d,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\program files (x86)\Sitecom\Common\RaRegistry.exe

.

**************************************************************************

.

Voltooingstijd: 2012-03-25 12:59:19 - machine werd herstart

ComboFix-quarantined-files.txt 2012-03-25 10:59

.

Pre-Run: 917.123.153.920 bytes beschikbaar

Post-Run: 917.478.383.616 bytes beschikbaar

.

- - End Of File - - 49919BE37D7F3BA13CC04367EF2B5F57

Kape,

Hij staat er nu niet meer (bij de zoekmachines), maar ik heb inmiddels een nieuw venster inFirefox geopend en daar stond Babylon dus weer als pagina.

Hoi Kape,

Ik kom hem nog tegen in Firefox, mijn browser, als keuze bij de zoekmachines.

Heren,

bovenstaande uitgevoerd. Hieronder de gegenereerde logfiles.

1e logfile MBAM:

Malwarebytes Anti-Malware (-evaluatieversie-) 1.60.1.1000

Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Databaseversie: v2012.03.24.01

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Delicious :: XXXXXXXXXX [administrator]

Realtime bescherming: Ingeschakeld

24-3-2012 17:01:38

mbam-log-2012-03-24 (17-01-38).txt

Scantype: Snelle scan

Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM

Uitgeschakelde scanopties: P2P

Objecten gescand: 222297

Verstreken tijd: 6 minuut/minuten, 23 seconde(n)

Geheugenprocessen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Registerdata gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Mappen gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

Bestanden gedetecteerd: 0

(Geen kwaadaardige objecten gedetecteerd)

(einde)

2e logfile MBAM

2012/03/24 17:00:14 +0100 XXXXXXXXXX Delicious MESSAGE Starting protection

2012/03/24 17:00:16 +0100 XXXXXXXXXX Delicious MESSAGE Protection started successfully

2012/03/24 17:00:19 +0100 XXXXXXXXXX Delicious MESSAGE Starting IP protection

2012/03/24 17:00:19 +0100 XXXXXXXXXX Delicious MESSAGE IP Protection started successfully

2012/03/24 17:09:16 +0100 XXXXXXXXXX Delicious MESSAGE Executing scheduled update: Daily

2012/03/24 17:09:17 +0100 XXXXXXXXXX Delicious MESSAGE Database already up-to-date

HJT-logfile

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:17:14, on 24-3-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\HEMA Fotoservice\dd.exe

C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\Delicious\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\SMINST\Launcher.exe

O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Device Detection] C:\Program Files (x86)\HEMA Fotoservice\dd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3833334105-211611375-3819974610-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3833334105-211611375-3819974610-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10319 bytes

Met downloaden ben ik weer eens besmet met Babylon.

Willen de specialisten aangeven wat ik verder moet doen. Al wel vast HJT-log gemaakt.

Hierbij mijn HJT-logje:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:40:22, on 23-3-2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\HEMA Fotoservice\dd.exe

C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\firefox.exe

C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 8\plugin-container.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Users\Delicious\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Babylon Search

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL

O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\SMINST\Launcher.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Device Detection] C:\Program Files (x86)\HEMA Fotoservice\dd.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-21-3833334105-211611375-3819974610-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3833334105-211611375-3819974610-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: Sitecom Wireless Utility.lnk = C:\Program Files (x86)\Sitecom\Common\WLANUtil.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry.exe

O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Sitecom\Common\RaRegistry64.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 10135 bytes