Babylon search redirect virus niet te verwijderen uit Internet Explorer balk

[Tisnetwerruk]

Hierbij de combofix log. Ben benieuwd. TNW.

ComboFix 12-06-05.04 - BvdGroen 06-06-2012 11:45:39.6.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.31.1033.18.3767.2414 [GMT 2:00]

Gestart vanuit: c:\users\BvdGroen\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-06 to 2012-06-06 ))))))))))))))))))))))))))))))

.

.

2012-06-06 09:55 . 2012-06-06 09:55 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-01 09:12 . 2012-05-08 17:02 8955792 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80AF5A79-AA87-44E2-BAB6-729214F3C03C}\mpengine.dll

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\users\BvdGroen\AppData\Roaming\Malwarebytes

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\programdata\Malwarebytes

2012-05-20 13:28 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-20 13:28 . 2012-05-20 13:28 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-20 13:07 . 2012-05-20 13:07 388096 ----a-r- c:\users\BvdGroen\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-20 13:06 . 2012-05-20 13:06 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-20 12:41 . 2012-05-20 12:56 -------- d-----w- c:\program files (x86)\VS Revo Group

2012-05-20 11:44 . 2012-05-20 11:44 -------- d-----w- c:\program files\CCleaner

2012-05-19 22:35 . 2012-05-19 22:35 -------- d-----w- c:\windows\system32\appmgmt

2012-05-11 07:26 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-11 07:26 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-11 07:26 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-11 07:26 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-11 07:26 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-11 07:26 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-11 07:25 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-11 07:25 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-11 07:25 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-11 07:25 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-11 07:25 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-11 07:25 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 18:54 . 2012-04-04 07:01 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-06 18:54 . 2011-11-07 13:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-06 18:54 . 2012-04-15 20:54 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-03-20 11:11 . 2012-01-03 19:10 162192 ----a-w- c:\windows\system32\mfevtps.exe

.

.

((((((((((((((((((((((((((((( SnapShot_2012-06-03_12.02.15 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-05-14 22:21 . 2012-06-06 08:02 55894 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-06-06 08:02 37384 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-10-29 09:30 . 2012-06-06 08:02 13036 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761177607-583842654-1527739752-1001_UserData.bin

+ 2009-12-01 10:22 . 2012-06-06 09:25 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-01 10:22 . 2012-06-03 09:47 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-12-01 10:22 . 2012-06-03 09:47 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-12-01 10:22 . 2012-06-06 09:25 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-06-06 09:25 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-06-03 09:47 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2011-11-07 13:18 . 2012-05-21 22:51 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-11-07 13:18 . 2012-06-03 12:33 5856 c:\windows\system32\wdi\ERCQueuedResolutions.dat

- 2010-05-14 22:15 . 2012-06-02 13:48 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

+ 2010-05-14 22:15 . 2012-06-05 21:52 1902 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Bluetooth\bthservsdp.dat

- 2012-06-03 09:18 . 2012-06-03 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-06 07:56 . 2012-06-06 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-06-06 07:56 . 2012-06-06 07:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-06-03 09:18 . 2012-06-03 09:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-10-29 14:44 . 2012-06-05 19:48 303576 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

+ 2009-07-14 02:36 . 2012-06-06 08:02 616242 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-03 09:22 616242 c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2012-06-03 09:22 106622 c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2012-06-06 08:02 106622 c:\windows\system32\perfc009.dat

- 2009-07-14 04:46 . 2012-05-19 09:58 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2009-07-14 04:46 . 2012-06-06 08:00 105184 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-06-05 07:24 . 2012-06-05 07:24 237288 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\reliability\Sqm\Manifest\Sqm26.bin

+ 2009-07-14 05:01 . 2012-06-05 21:52 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-06-02 13:48 389832 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:45 . 2012-06-05 14:35 7350914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:45 . 2012-05-13 12:52 7350914 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2009-12-01 10:52 . 2012-06-05 21:52 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2009-12-01 10:52 . 2012-06-02 13:48 1329752 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-10-29 09:25 . 2012-06-05 21:52 7329932 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761177607-583842654-1527739752-1001-8192.dat

- 2009-07-14 02:34 . 2012-05-13 12:45 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

+ 2009-07-14 02:34 . 2012-06-05 07:34 10747904 c:\windows\system32\SMI\Store\Machine\schema.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696]

"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-01-15 316784]

"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-06-17 538472]

"MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-01 26624]

"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-12 1125152]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli c:\program files\Protector Suite\psqlpwd.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R2 0087241338716831mcinstcleanup;McAfee Application Installer Cleanup (0087241338716831);c:\windows\TEMP\008724~1.EXE [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-11-25 362992]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 gupdatem;Google Update-service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 135664]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-11-25 313840]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 QDLService2kSony;Qualcomm Gobi 2000 Download Service (Sony);c:\program files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe [2009-12-08 330488]

S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [x]

S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-01-29 259192]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-02-23 2320920]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-08-11 845312]

S2 WTGService;WTGService;c:\program files (x86)\OneClickInternet\WTGService.exe [2010-03-15 316880]

S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 qcfilterSny2k;Gobi 2000 USB Composite Device Filter Driver(05C6-9225);c:\windows\system32\DRIVERS\qcfilterSny2k.sys [x]

S3 qcusbnetsny2k;Gobi 2000 USB-NDIS miniport(05C6-9225);c:\windows\system32\DRIVERS\qcusbnetsny2k.sys [x]

S3 qcusbserSny2k;Gobi 2000 USB Device for Legacy Serial Communication(05C6-9225);c:\windows\system32\DRIVERS\qcusbserSny2k.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [x]

S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-01-20 574320]

S3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2011-02-14 44736]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-06 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 18:54]

.

2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

2012-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-01 10:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2009-10-29 19:08 5948168 ----a-w- c:\program files\Protector Suite\farchns.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-08 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-08 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-08 410648]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-02-22 16397416]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-19 9650720]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"PSQLLauncher"="c:\program files\Protector Suite\launcher.exe" [2009-10-29 84744]

.

------- Bijkomende Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.google.nl/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xporteren naar Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.2.254

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-06-06 12:16:11

ComboFix-quarantined-files.txt 2012-06-06 10:16

ComboFix2.txt 2012-06-02 13:26

ComboFix3.txt 2012-05-22 07:41

ComboFix4.txt 2012-05-21 22:34

ComboFix5.txt 2012-06-03 11:17

.

Pre-Run: 374.112.165.888 bytes free

Post-Run: 374.341.562.368 bytes free

.

- - End Of File - - 3635B324090D72F23C9D3A3DC06CCB17

[Tisnetwerruk]

Ook nu nog na deze combofix, zie log hierboven gebeurt het volgende. Hij reroute mijn commando www.aegeanair.com getypt in de internet balk bovenin naar https://search.babylon.com/?aegeanair bla bla bla. En krijg ik het babylon icoontje vooraan in mijn search balk. Alleen als ik telkens in de google zoekbalk, dus midden in het scherm iets intype en niet direct in de bovenste balk, blijft babylon slapen.... Wat betekent dit... voor onze acties tot nu toe??

TNW

[kweezie wabbit]

Ga naar start - alle programma's - bureauaccesoires.

Zoek het icoon van het opdrachtprompt en klik er op met de rechter muisknop en kies dan in het lijstje voor uitvoeren als administrator om het opdrachtprompt te openen.

Tik in: sc stop 0087241338716831 en druk op Enter.

Tik in: sc delete 0087241338716831 en druk op Enter.

Tik in: sc stop 0087241338716831mcinstcleanup en druk op Enter.

Tik in: sc delete 0087241338716831mcinstcleanup en druk op Enter.

Tik in: sc stop mfevtp en druk op Enter.

Tik in: sc delete mfevtp en druk op Enter.

Tik in: sc stop nvsvc en druk op Enter.

Tik in: sc delete nvsvc en druk op Enter.

Tik in exit en druk Enter.

Als je op een van deze instructies een foutmelding krijgt, ga dan gewoon door met de volgende instructie.

Open internet explorer en ga naar extra - invoegtoepassingen beheren.

Klik dan aan de linkerkant op zoekmachines.

Zoek daar babylon en verwijder deze.

[Tisnetwerruk]

Hallo kweezie Wabbit,

Beide geprobeerd uit te voeren.

Op de eerste kwamen veel foutmeldingen : Fail 5, niet aanwezig etc.

Bij de tweede kom ik er niet uit. Mijn windowsversie correspondeert niet met jouw instructie. Windows 7 professional.

Ik ben bij Internet Options - Advanced geweest en heb daar : Enable third partie browser extensies uitgevinkt.

Verder heb ik bij GEneral - Search - onder Settings - bij manage addons - staat babylon als default. Ik heb hem nu in prioriteit gemoved naar 5, en Babylon disabled. En bij search de adress bar uitgevinkt. Deleten daar lukt niet.

Ben benieuwd of dit goed is.

Tisnetwerruk.

[Tisnetwerruk]

Hoi HOi,

Heb je nog advies, of is het zo klaar?. Ben benieuwd alvast bedankt.

TNW

[kweezie wabbit]

Verder heb ik bij GEneral - Search - onder Settings - bij manage addons - staat babylon als default. Ik heb hem nu in prioriteit gemoved naar 5, en Babylon disabled.

Normaal kan je daar Babylon toch verwijderen? Selecteer babylon en klik dan op de knop verwijderen (remove) rechts onderaan. Het kan ook met rechtsklik en dan verwijderen kiezen in het menu.

Jou acties gaan zeker resultaat hebben.

Probeer het nog enkele dagen uit en als er geen "rariteiten" meer gebeuren, kunnen we het als opgelost beschouwen.

Ondertussen kunnen we al een en ander opruimen.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall (met spatie voor de /)

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner. (Als je het nog niet hebt)

Installeer het (Als je niet wil dat Google Chrome op je pc als standaard webbrowser wordt geïnstalleerd, moet je de 2 vinkjes wegdoen !!!) en start CCleaner op.

Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'.

Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”.

Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”.

Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”.

Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft.

Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

[Tisnetwerruk]

Dank je wel, zo goed als opgelost. Af en toe nog wat gekkigheden, maar het hoofdprobleem is weg.

Groetjes TNW