Hijack this log nakijken

[kweezie wabbit]

Je hebt het service pack 1 voor windows 7 nog niet geinstalleerd.

Is daar een speciale reden voor?

Doe je regelmatig de windows updates?

Je kan het Service Pack 1 downloaden op deze pagina.

Klik op doorgaan en volg de instructies.

Je moet het bestand windows6.1-KB976932-X86.exe nemen.

Na de download dubbelklikken op het bestand om de installatie te starten.

[Winterkoning]

Bye the way ik kwam er gisteren ook achter dat bijvoorbeeld mijn google chrome browser die ik bijna nooit gebruik ineens de Babylon zoekmachine als homepage had. Dit terwijl ik dacht Babylon compleet verwijderd te hebben.

Het resultaat van Combofix:

ComboFix 11-11-06.01 - Matthijs 06-11-2011 9:45.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1062 [GMT 1:00]

Running from: c:\users\Matthijs\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Setup.exe

c:\program files\WindowsInstaller-KB893803-v2-x86.exe

c:\users\Matthijs\AppData\Roaming\Desktopicon

.

.

((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))

.

.

2011-11-06 08:55 . 2011-11-06 08:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-06 06:54 . 2011-11-06 06:54 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll

2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro

2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai

2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\users\Matthijs\AppData\Local\Babylon

2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\users\Matthijs\AppData\Roaming\Babylon

2011-10-29 18:25 . 2011-10-29 18:25 -------- d-----w- c:\programdata\Babylon

2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll

2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi

2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether]

2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series]

2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]

R2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]

R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344]

R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job

- c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job

- c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - google.nl

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=19946&mntrId=107a041b000000000000020054746872&q=

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-06 10:04:10

ComboFix-quarantined-files.txt 2011-11-06 09:04

.

Pre-Run: 21.863.632.896 bytes free

Post-Run: 21.531.537.408 bytes free

.

- - End Of File - - 208ED635794EEEF514D687CE61FE29DD

Hoe ziet het er uit?

Weet jij wat voor functie de files hadden die dit programma nu gedelete heeft?

[kape]

Er zit nog wel degelijk wat van Babylon op de PC.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Folder::

c:\users\Matthijs\AppData\Local\Babylon

c:\users\Matthijs\AppData\Roaming\Babylon

c:\programdata\Babylon

Registry::

FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Winterkoning]

Hier het nieuwe log:

ComboFix 11-11-06.01 - Matthijs 06-11-2011 11:34:38.2.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1208 [GMT 1:00]

Running from: c:\users\Matthijs\Desktop\ComboFix.exe

Command switches used :: c:\users\Matthijs\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\Babylon

c:\users\Matthijs\AppData\Local\Babylon

c:\users\Matthijs\AppData\Local\Babylon\Setup\bab033.tbinst.dat

c:\users\Matthijs\AppData\Local\Babylon\Setup\Babylon.dat

c:\users\Matthijs\AppData\Local\Babylon\Setup\BabylonTBUpdater.dll

c:\users\Matthijs\AppData\Local\Babylon\Setup\BabylonTBUpdater.exe

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\common.js

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\eula.html

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.css

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.html

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2.js

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\page9.html

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\title2.png

c:\users\Matthijs\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg

c:\users\Matthijs\AppData\Local\Babylon\Setup\Setup-tbmntr-9.0.3.9.zpb

c:\users\Matthijs\AppData\Local\Babylon\Setup\Setup.exe

c:\users\Matthijs\AppData\Local\Babylon\Setup\SetupStrings.dat

c:\users\Matthijs\AppData\Local\Babylon\Setup\sqlite3.dll

c:\users\Matthijs\AppData\Roaming\Babylon

c:\users\Matthijs\AppData\Roaming\Babylon\log_file.txt

.

.

((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))

.

.

2011-11-06 10:42 . 2011-11-06 10:42 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-06 09:15 . 2011-11-06 09:15 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll

2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro

2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai

2011-10-29 18:25 . 2011-10-29 18:44 -------- d-----w- c:\programdata\BabylonUpdater

2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll

2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi

2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether]

2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series]

2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]

R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344]

R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job

- c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job

- c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\

FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)

FF - prefs.js: browser.startup.homepage - google.nl

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=19946&mntrId=107a041b000000000000020054746872&q=

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-06 11:45:03

ComboFix-quarantined-files.txt 2011-11-06 10:45

ComboFix2.txt 2011-11-06 09:04

.

Pre-Run: 21.348.065.280 bytes free

Post-Run: 21.296.971.776 bytes free

.

- - End Of File - - E622F8ECC3529BBFDCB5A2DD271645D3

[kape]

Oeps

Een deel is goed verlopen, maar voor het andere deel heb ik je een "foute" opdracht gegeven. Mijn excuses ! Nog even deze fout rechtzetten :

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Firefox::

FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\

FF - prefs.js: browser.search.selectedEngine -

FF - prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Winterkoning]

Hier het resultaat na het vernieuwde script:

ComboFix 11-11-06.01 - Matthijs 06-11-2011 14:59:54.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1124 [GMT 1:00]

Running from: c:\users\Matthijs\Desktop\ComboFix.exe

Command switches used :: c:\users\Matthijs\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-10-06 to 2011-11-06 )))))))))))))))))))))))))))))))

.

.

2011-11-06 14:08 . 2011-11-06 14:08 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-11-06 13:53 . 2011-11-06 13:53 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\offreg.dll

2011-11-05 09:25 . 2011-11-05 09:25 388096 ----a-r- c:\users\Matthijs\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-11-05 09:25 . 2011-11-05 09:25 -------- d-----w- c:\program files\Trend Micro

2011-11-02 09:22 . 2011-11-05 09:44 -------- d-----w- c:\users\Matthijs\AppData\Local\Akamai

2011-10-29 18:25 . 2011-10-29 18:44 -------- d-----w- c:\programdata\BabylonUpdater

2011-10-29 08:29 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72D730EA-95CC-4A3B-8ACE-D413836A9F7B}\mpengine.dll

2011-10-26 15:35 . 2011-10-26 15:35 -------- d-----w- c:\program files\Common Files\Java

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-25 07:24 . 2011-06-01 18:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2011-09-09 17:19 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-08-31 15:00 . 2010-11-29 22:12 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-28 14:06 . 2011-08-25 06:34 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-08-28 14:06 . 2011-08-25 06:34 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys

2011-08-10 19:04 . 2011-08-10 19:04 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2010-10-25 22:48 . 2011-09-25 07:56 8297472 ----a-w- c:\program files\AcroPro.msi

2011-09-30 22:49 . 2011-05-11 21:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2010-11-21 . 8626F0C30D4E3564FFDD25C90F4426F1 . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

[7] 2009-07-14 . 34B7E222E81FAFA885F0C5F2CFA56861 . 811520 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-01-22 91520]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-05-27 1721640]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]

"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]

.

c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

KillSkypeHome.lnk - c:\users\Public\Documents\KillSkypeHome.exe [2011-9-9 304252]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Users^Matthijs^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]

path=c:\users\Matthijs\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]

2010-09-16 13:04 497648 ----a-w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTether]

2010-12-18 23:25 48456 ----a-w- c:\program files\Mobile Stream\EasyTether\easytthr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hercules DJ Series]

2010-02-03 04:11 918824 ----a-w- c:\program files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]

2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware (reboot)]

2011-08-31 15:00 1047208 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

2008-08-21 01:18 443968 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-06-28 07:12 273544 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 HerculesDJControlMP3;Hercules DJ Control MP3;c:\program files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE [2007-11-21 17408]

R3 Bulk;HDJBulk;c:\windows\system32\Drivers\HDJBulk.sys [2010-05-06 135168]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-07-15 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-07-15 8456]

R3 HDJAsioK;HDJAsioK;c:\windows\system32\Drivers\HDJAsioK.sys [2010-05-06 185344]

R3 HDJMidi;Hercules DJ Console Rmx MIDI;c:\windows\system32\DRIVERS\HDJMidi.sys [2010-05-06 141312]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-01-22 30963576]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-21 1343400]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.SYS [2010-05-10 67656]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 20992]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-08-28 136360]

S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-08-28 428200]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2011-07-31 8192]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S3 ALSysIO;ALSysIO;c:\users\Matthijs\AppData\Local\Temp\ALSysIO.sys [x]

S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [2010-08-29 17232]

S3 R5U870FLx86;R5U870 UVC Lower Filter ;c:\windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 73472]

S3 R5U870FUx86;R5U870 UVC Upper Filter ;c:\windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 43904]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - ALSYSIO

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

.

2011-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001Core.job

- c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02]

.

2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2154281913-1205275237-2265879538-1001UA.job

- c:\users\Matthijs\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 18:02]

.

.

------- Supplementary Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.1.254 195.241.77.55 195.241.77.58

FF - ProfilePath - c:\users\Matthijs\AppData\Roaming\Mozilla\Firefox\Profiles\wmznb0vy.default\

FF - prefs.js: browser.startup.homepage - google.nl

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]

"ServiceDll"="c:\program files\common files\akamai/netsession_win_d71b4a3.dll"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-11-06 15:10:29

ComboFix-quarantined-files.txt 2011-11-06 14:10

ComboFix2.txt 2011-11-06 10:45

ComboFix3.txt 2011-11-06 09:04

.

Pre-Run: 21.430.968.320 bytes free

Post-Run: 21.381.148.672 bytes free

.

- - End Of File - - CBBCDBCA65BC4BBF4058D32572721310

[kape]

En nu nog merkbare Babylon- of andere problemen ?

[Winterkoning]

Ja nu speelt de mediaspeler ineens mijn cd niet meer. Dat is sinds jouw aanwijzingen. Als ik er een cd in doe dan opent de laptop direct de mediaplayer maar hij herkent de nummers niet. Bij het eerste nummer komt een roodkruis te staan en daarna stopt het, hij speelt helemaal niets. Mp3's speelt ie wel gewoon. Ook met bijv. VLC player herkent hij mijn cd niet.

En google chrome heeft nog steeds deze: Babylon Search startpagina ingesteld. Die ga ik nu weer in mijn eigen voorkeurssite veranderen.

Het log toont een schone laptop begrijp ik?

Begrijp jij iets van die Babylon startpagina?

Kan het zijn dat er een instelling van de mediaplayer is veranderd waardoor hij originele muziekcds niet meer herkent?

[kape]

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Babylon in Chrome : ben geen Chrome-gebruiker, maar zit daar geen instelling in waar je de ingestelde zoekmachine kan bepalen. Het is best mogelijk dat Babylon zich daarin genesteld heeft als standaardzoekmachine ipv je eigen gekozen zoekmachine.

Geluid : er is geen enkel bestand i.v.m. je mediaplayer verwijderd tijdens één van de vorige aanpassingen. Is dus vreemd dat die nu problemen begint te vertonen ?

[Winterkoning]

misschien een gekke vraag hoor, maar hoe doe ik "start" en dan "uitvoeren". Ik heb alleen een search programms veld nadat ik op de start knop heb geklikt. Bedoel je hiermee dat ik naar Dos moet?

Als ik in Dos het commando Combofix/uninstall geef snapt ie het niet. En Combofix/U doet ie ook niet.

Ik heb ook niet de indruk dat Combofix is geinstalleerd omdat het programma niet kan vinden als ik bij programmas kijk of uninstall via control panel wil doen . Ik heb alleen een combofix.exe op het bureaublad. Die heb ik handmatig verwijderd. (eehh eigenlijk heb ik hem weer opgestart om te kijken of ik dan ergens een menu kon vinden om hem te uninstallen. En toen heb ik de Combofix vlak voordat ie begon te scannen weggeklikt door op kruis rechtsboven te klikken).

Ik wacht je instructie weer af.