Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

Hijack this logje

Abraham54
8 antwoorden
  • Heb beloofd aan mn vriendin om haar laptop te onderzoeken op virussen of andere malware. Ze is er één van het type 'ik-installeer-alles-zonder-te-kijken-wat-ik-juist-installeer. Vandaar… :-)

    Zou er iemand zo vriendelijk willen zijn om dit Hijack this logje eens te bekijken? :-)

    Ik heb laatst enkele malware verwijderd m.b.v. MBAM, maar heb geen idee of alles nu verwijderd is.

    De enige problemen die ik in het verleden gemerkt heb hadden betrekking tot een 'programma' genaamd 'Babylon', dat ervoor zorgde dat er niet meer op sommige sites kon gesurft worden.


    Als ik Hijack this opstart en laat lopen, krijg ik volgend venster:

    [img:0c91655fef]http://i49.tinypic.com/162435z.png[/img:0c91655fef]

    Als ik vervolgens verderga, krijg ik dit logje:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:09:36, on 5/02/2013
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.17153)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Users\Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Windows\SysWOW64\RunDll32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
    C:\Users\Nathalie\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0A0EyBzytAyEyB0C0EyE0DtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=438714810
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=grupo&s={searchTerms}&f=4
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Aanmeldhulp voor Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [CAHeadless] c:\Program Files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe
    O4 - Startup: Dropbox.lnk = Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nathalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O8 - Extra context menu item: Google Sidewiki… - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
    O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
    O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
    O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
    O23 - Service: VAIO Entertainment Common Service (SpfService) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
    O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
    O23 - Service: VAIO Content Metadata Intelligent Network Service Manager (VcmINSMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
    O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


    End of file - 11215 bytes


    Alvast bedankt! :-)
  • PS: Ik lees nu pas in één van onderstaande topics dat Hijackthis niet zo goed werkt op een 64-bits versie..

    En deze laptop draait op een 64-bits versie…
  • Even wachten op Abraham54 die geeft jou beslist antwoord.
    Maar ja hij heeft het doorgaans heel erg druk op meerdere fora.
    Succes.
  • Hoi Dries, we gaan kijken.

    [b:88beefa1e3]Stap •1•[/b:88beefa1e3][/color:88beefa1e3]
    [b:88beefa1e3]Welk programma[/b:88beefa1e3]: [b:88beefa1e3]AdwCleaner[/b:88beefa1e3][/color:88beefa1e3]
    [b:88beefa1e3]Waarvoor/waarom[/b:88beefa1e3]: Scanner om Windows op te schonen en te ontdoen van malafide toolbars.
    [b:88beefa1e3]Moeilijkheidsgraad[/b:88beefa1e3]: Geen.
    [b:88beefa1e3]Downloadlokatie[/b:88beefa1e3]: Dit programma absoluut naar het bureaublad downloaden dan wel daar naar toe verplaatsen!
    [b:88beefa1e3]Download[/b:88beefa1e3]: [b:88beefa1e3]AdwCleaner by Xplode[/b:88beefa1e3][/color:88beefa1e3].

    [b:88beefa1e3]Opmerkingen[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3][b:88beefa1e3] Alle openstaande programma's en webpagina's dienen afgesloten te zijn[/b:88beefa1e3][/color:88beefa1e3].
    [*:88beefa1e3]Dat na opstarten van [b:88beefa1e3]AdwCleaner[/b:88beefa1e3][/color:88beefa1e3] de snelkoppelingen verdwijnen van bureaublad, is normaal.[/list:u:88beefa1e3]
    [b:88beefa1e3]AdwCleaner[/color:88beefa1e3] opstarten[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3][b:88beefa1e3]Windows 2000[/color:88beefa1e3][/b:88beefa1e3] en [b:88beefa1e3]Windows XP[/b:88beefa1e3][/color:88beefa1e3]: dubbelklik op adwcleaner.exe.
    [*:88beefa1e3][b:88beefa1e3]Windows Vista[/b:88beefa1e3][/color:88beefa1e3], [b:88beefa1e3]Windows 7[/b:88beefa1e3][/color:88beefa1e3] en [b:88beefa1e3]Windows 8[/b:88beefa1e3][/color:88beefa1e3]: via rechtsklik op adwcleaner.exe en kies voor "Als Administrator uitvoeren".[/list:u:88beefa1e3]
    [b:88beefa1e3]AdwCleaner[/color:88beefa1e3] is opgestart[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3]Klik op de knop [b:88beefa1e3]Verwijderen[/b:88beefa1e3][/color:88beefa1e3]
    [*:88beefa1e3]Klik bij [b:88beefa1e3]AdwCleaner – Afsluiting van de programma's[/b:88beefa1e3][/color:88beefa1e3] op [b:88beefa1e3]OK[/b:88beefa1e3]
    [*:88beefa1e3]Klik bij [b:88beefa1e3]AdwCleaner – Herstarten noodzakelijk[/b:88beefa1e3][/color:88beefa1e3] op [b:88beefa1e3]OK[/b:88beefa1e3][/list:u:88beefa1e3]
    [b:88beefa1e3]AdwCleaner[/color:88beefa1e3] logbestand[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3]Nadat de PC opnieuw is opgestart, opent een logfile.
    [*:88beefa1e3]Post vervolgens de inhoud van dit log in je volgende bericht.[/list:u:88beefa1e3]

    [b:88beefa1e3]Stap •2•[/b:88beefa1e3][/color:88beefa1e3]
    [b:88beefa1e3]Welk programma[/b:88beefa1e3]: [b:88beefa1e3]ComboFix[/b:88beefa1e3][/color:88beefa1e3]
    [b:88beefa1e3]Waarvoor/waarom[/b:88beefa1e3]: Zeer specialistische scanner om Windows diepgaand te onderzoeken en op te schonen.
    [b:88beefa1e3]Moeilijkheidsgraad[/b:88beefa1e3]: Min of meer lastige voorbereidingsfase, dus lees alles eerst goed.
    [b:88beefa1e3]Downloadlokatie[/b:88beefa1e3]: Dit programma absoluut naar het bureaublad downloaden!
    [b:88beefa1e3]Download ComboFix via één van deze locaties[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3][b:88beefa1e3]Bleepingcomputer[/b:88beefa1e3]
    [*:88beefa1e3][b:88beefa1e3]ForoSpyware[/b:88beefa1e3]
    [*:88beefa1e3][b:88beefa1e3]Geekstogo[/b:88beefa1e3][/list:u:88beefa1e3]
    [b:88beefa1e3]Hier[/color:88beefa1e3][/b:88beefa1e3] zie je hoe je ComboFix moet gebruiken.

    Antivirusprogramma en actieve malwarescanners dienen al voor je ComboFix start gedeaktiveert zijn!
    [b:88beefa1e3]Hier[/color:88beefa1e3][/b:88beefa1e3] en [b:88beefa1e3]hier[/color:88beefa1e3][/b:88beefa1e3] vindt je gegevens hoe antivirusprogramma's en spywarescanners te deaktiveren.

    [b:88beefa1e3]Opmerkingen[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3] Bij gebruik van Windows XP zal er mogelijk gevraagd worden, om de "Recovery Console" te installeren!
    Sta dit dan toe (hiervoor is een actieve internet verbinding vereist).
    [*:88beefa1e3]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:88beefa1e3]
    [b:88beefa1e3]ComboFix opstarten[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3][b:88beefa1e3]Windows 2000[/color:88beefa1e3][/b:88beefa1e3] en [b:88beefa1e3]Windows XP[/b:88beefa1e3][/color:88beefa1e3]: dubbelklik op ComboFix.exe.
    [*:88beefa1e3][b:88beefa1e3]Windows Vista[/b:88beefa1e3][/color:88beefa1e3] en [b:88beefa1e3]Windows 7[/b:88beefa1e3][/color:88beefa1e3]: via rechtsklik op ComboFix.exe en kies voor "Als Administrator uitvoeren".[/list:u:88beefa1e3]
    [b:88beefa1e3]ComboFix is opgestart[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3]Niet in het zwarte venster klikken, hierdoor kan ComboFix of zelfs Windows geheel "bevriezen"!
    [*:88beefa1e3]Combofix sluit tijdens de scan de internet verbinding – probeer deze tussentijds niet te herstellen!
    [*:88beefa1e3]Het kan voorkomen dat de computer meerdere malen opnieuw opgestart moet worden, dit is normaal.
    [*:88beefa1e3]Wanneer ComboFix gereed is, zal het het een logbestand voor je maken.
    [*:88beefa1e3]Post de inhoud van dit logbestand in je volgende bericht.
    [*:88beefa1e3]Indien het log niet opstart, is dit terug tevinden in C:\ComboFix.txt[/list:u:88beefa1e3]
    [b:88beefa1e3]Belangrijke opmerking[/b:88beefa1e3]:
    [list:88beefa1e3][*:88beefa1e3][b:88beefa1e3]Indien na de scan bij het opstarten van programma's er een error wordt getoond met de melding:[/color:88beefa1e3][/b:88beefa1e3]
    [*:88beefa1e3][b:88beefa1e3]Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die is gemarkeerd voor verwijdering.[/color:88beefa1e3][/b:88beefa1e3]
    [*:88beefa1e3][b:88beefa1e3]Start dan de computer opnieuw op.[/color:88beefa1e3][/b:88beefa1e3][/list:u:88beefa1e3]
  • Bedankt voor deze spoedige respons :-)

    Hier is het AdwCleaner logje:
    ComboFix log volgt in volgende post.


    # AdwCleaner v2.111 - Verslag gemaakt op 06/02/2013 om 11:31:09
    # Geactualiseerd op 05/02/2013 door Xplode
    # Besturingssysteem : Windows 7 Home Premium (64 bits)
    # Gebruiker : Nathalie - NATHALIE-VAIO
    # Opstarten Modus : Normale modus
    # Gelanceerd vanaf : C:\Users\Nathalie\Desktop\adwcleaner.exe
    # Optie [Verwijderen]


    ***** [Diensten] *****


    ***** [Files / Mappen] *****

    File Verwijdert : C:\END
    File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Verwijdert : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml
    File Verwijdert : C:\Program Files (x86)\Mozilla FireFox\searchplugins\Search_Results.xml
    File Verwijdert : C:\user.js
    File Verwijdert : C:\Users\Nathalie\AppData\Local\funmoods-speeddial.crx
    Map Verwijdert : C:\Program Files (x86)\Conduit
    Map Verwijdert : C:\ProgramData\Babylon
    Map Verwijdert : C:\ProgramData\boost_interprocess
    Map Verwijdert : C:\ProgramData\Partner
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Conduit
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif
    Map Verwijdert : C:\Users\Nathalie\AppData\Local\Ilivid Player
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\BabylonToolbar
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\Conduit
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\PriceGong
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\searchquband
    Map Verwijdert : C:\Users\Nathalie\AppData\LocalLow\Softonic
    Map Verwijdert : C:\Users\Nathalie\AppData\Roaming\Babylon
    Map Verwijdert : C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\Smartbar

    ***** [Register] *****

    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\searchqutoolbar
    Sleutel Verwijdert : HKCU\Software\AppDataLow\Software\SmartBar
    Sleutel Verwijdert : HKCU\Software\Babylon
    Sleutel Verwijdert : HKCU\Software\BabylonToolbar
    Sleutel Verwijdert : HKCU\Software\DataMngr
    Sleutel Verwijdert : HKCU\Software\InstallCore
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Sleutel Verwijdert : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Sleutel Verwijdert : HKLM\Software\Babylon
    Sleutel Verwijdert : HKLM\Software\BabylonToolbar
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
    Sleutel Verwijdert : HKLM\SOFTWARE\Classes\Prod.cap
    Sleutel Verwijdert : HKLM\Software\Conduit
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsLatest_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Sleutel Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Sleutel Verwijdert : HKLM\SOFTWARE\DataMngr
    Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
    Sleutel Verwijdert : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
    Sleutel Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Waarde Verwijdert : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Waarde Verwijdert : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
    Waarde Verwijdert : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

    ***** [Browsers] *****

    -\\ Internet Explorer v8.0.7600.17153

    Verwijdert : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=grupo&s={searchTerms}&f=4 –> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0A0EyBzytAyEyB0C0EyE0DtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=438714810 –> hxxp://www.google.com
    Vervangen : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzuzzzzzy0F0F0A0EyBzytAyEyB0C0EyE0DtN0D0Tzu0CtByEyCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=438714810 –> hxxp://www.google.com

    -\\ Mozilla Firefox v18.0.1 (nl)

    File : C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\prefs.js

    C:\Users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\user.js … Verwijdert !

    Verwijdert : user_pref("CT2269050.1000082.isDisplayHidden", "true");
    Verwijdert : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[…]
    Verwijdert : user_pref("CT2269050.1000234.TWC_TMP_city", "BRUSSELS");
    Verwijdert : user_pref("CT2269050.1000234.TWC_TMP_country", "BE");
    Verwijdert : user_pref("CT2269050.1000234.TWC_locId", "BEXX0005");
    Verwijdert : user_pref("CT2269050.1000234.TWC_location", "Brussels, Belgium");
    Verwijdert : user_pref("CT2269050.1000234.TWC_region", "OT");
    Verwijdert : user_pref("CT2269050.1000234.TWC_temp_dis", "c");
    Verwijdert : user_pref("CT2269050.1000234.TWC_wind_dis", "kmh");
    Verwijdert : user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"15°C\",\"temperat[…]
    Verwijdert : user_pref("CT2269050.CBOpenMAMSettings.enc", "MA==");
    Verwijdert : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Verwijdert : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[…]
    Verwijdert : user_pref("CT2269050.FirstTime", "true");
    Verwijdert : user_pref("CT2269050.FirstTimeFF3", "true");
    Verwijdert : user_pref("CT2269050.LoginRevertSettingsEnabled", true);
    Verwijdert : user_pref("CT2269050.RevertSettingsEnabled", true);
    Verwijdert : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[…]
    Verwijdert : user_pref("CT2269050.UserID", "UN72473593205633082");
    Verwijdert : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
    Verwijdert : user_pref("CT2269050.autoDisableScopes", -1);
    Verwijdert : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
    Verwijdert : user_pref("CT2269050.cb_experience_000", "Mg==");
    Verwijdert : user_pref("CT2269050.cb_firstuse0100", "MQ==");
    Verwijdert : user_pref("CT2269050.cbcountry_001.enc", "QkU=");
    Verwijdert : user_pref("CT2269050.cbfirsttime.enc", "V2VkIFNlcCAyNiAyMDEyIDIxOjA3OjI2IEdNVCswMjAwIChSb21hbmNlICh6[…]
    Verwijdert : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[…]
    Verwijdert : user_pref("CT2269050.enableAlerts", "always");
    Verwijdert : user_pref("CT2269050.enableFix404ByUser", "TRUE");
    Verwijdert : user_pref("CT2269050.firstTimeDialogOpened", "true");
    Verwijdert : user_pref("CT2269050.fixPageNotFoundErrorByUser", "TRUE");
    Verwijdert : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
    Verwijdert : user_pref("CT2269050.fixUrls", true);
    Verwijdert : user_pref("CT2269050.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "b3[…]
    Verwijdert : user_pref("CT2269050.installType", "Unknown");
    Verwijdert : user_pref("CT2269050.isCheckedStartAsHidden", true);
    Verwijdert : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Verwijdert : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
    Verwijdert : user_pref("CT2269050.isNewTabEnabled", true);
    Verwijdert : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
    Verwijdert : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Verwijdert : user_pref("CT2269050.keyword", true);
    Verwijdert : user_pref("CT2269050.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[…]
    Verwijdert : user_pref("CT2269050.lastVersion", "10.14.42.7");
    Verwijdert : user_pref("CT2269050.migrateAppsAndComponents", true);
    Verwijdert : user_pref("CT2269050.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[…]
    Verwijdert : user_pref("CT2269050.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Verwijdert : user_pref("CT2269050.openThankYouPage", "FALSE");
    Verwijdert : user_pref("CT2269050.openUninstallPage", "FALSE");
    Verwijdert : user_pref("CT2269050.search.searchAppId", "128834881989343895");
    Verwijdert : user_pref("CT2269050.search.searchCount", "0");
    Verwijdert : user_pref("CT2269050.searchInNewTabEnabledByUser", "true");
    Verwijdert : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
    Verwijdert : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Verwijdert : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[…]
    Verwijdert : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348686439452");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1349124398466");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348686441725");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1353274221033");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358362531726");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359570512026");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_login_10.14.42.7_lastUpdate", "1359954943517");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1349124399618");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348686441786");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1349102612501");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1359888432189");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348686441669");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1359962144128");
    Verwijdert : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1359888432657");
    Verwijdert : user_pref("CT2269050.settingsINI", true);
    Verwijdert : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
    Verwijdert : user_pref("CT2269050.smartbar.CTID", "CT2269050");
    Verwijdert : user_pref("CT2269050.smartbar.Uninstall", "1");
    Verwijdert : user_pref("CT2269050.smartbar.homepage", true);
    Verwijdert : user_pref("CT2269050.smartbar.isHidden", true);
    Verwijdert : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
    Verwijdert : user_pref("CT2269050.startPage", "userChanged");
    Verwijdert : user_pref("CT2269050.toolbarBornServerTime", "26-9-2012");
    Verwijdert : user_pref("CT2269050.toolbarCurrentServerTime", "4-2-2013");
    Verwijdert : user_pref("CT2269050.url_history0001.enc", "aHR0cDovL3d3dy5rb29wamVza3JhbnQuYmUvZ2VudF9odWlzX2xvc3N0[…]
    Verwijdert : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[…]
    Verwijdert : user_pref("Smartbar.ConduitHomepagesList", "");
    Verwijdert : user_pref("Smartbar.ConduitSearchEngineList", "");
    Verwijdert : user_pref("Smartbar.ConduitSearchUrlList", "");
    Verwijdert : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.softonic.com/MON00222/tb_v1?Search[…]
    Verwijdert : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
    Verwijdert : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");
    Verwijdert : user_pref("backup.old.browser.search.selectedEngine", "Search the web (Babylon)");
    Verwijdert : user_pref("backup.old.browser.startup.homepage", "hxxp://search.babylon.com/?affID=110000&tt=3512_5&[…]
    Verwijdert : user_pref("browser.BabylonToolbar_i.newTab", "");
    Verwijdert : user_pref("browser.BabylonToolbar_i.newTabUrl", "");
    Verwijdert : user_pref("browser.babylon.HPOnNewTab", "");
    Verwijdert : user_pref("extensions.BabylonToolbar.admin", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Verwijdert : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Verwijdert : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Verwijdert : user_pref("extensions.BabylonToolbar.babExt", "");
    Verwijdert : user_pref("extensions.BabylonToolbar.babTrack", "affID=110000&tt=3512_5");
    Verwijdert : user_pref("extensions.BabylonToolbar.bbDpng", 2);
    Verwijdert : user_pref("extensions.BabylonToolbar.cntry", "BE");
    Verwijdert : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Verwijdert : user_pref("extensions.BabylonToolbar.dfltSrch", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.envrmnt", "production");
    Verwijdert : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.hdrMd5", "91F8BAD855AB60AFBC64A5BE4FA89CD7");
    Verwijdert : user_pref("extensions.BabylonToolbar.hmpg", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.id", "3484ce4d0000000000004a0f6ef7b6de");
    Verwijdert : user_pref("extensions.BabylonToolbar.instlDay", "15585");
    Verwijdert : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Verwijdert : user_pref("extensions.BabylonToolbar.isdcmntcmplt", true);
    Verwijdert : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?AF=10588&babsrc=adbart[…]
    Verwijdert : user_pref("extensions.BabylonToolbar.lastDP", 2);
    Verwijdert : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1220:34:45");
    Verwijdert : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");
    Verwijdert : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");
    Verwijdert : user_pref("extensions.BabylonToolbar.newTab", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
    Verwijdert : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
    Verwijdert : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"6\",\"lastVrsn\":\"6\",\"vrsnLoad\":\[…]
    Verwijdert : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Verwijdert : user_pref("extensions.BabylonToolbar.propectorlck", 85172171);
    Verwijdert : user_pref("extensions.BabylonToolbar.prtkDS", 1);
    Verwijdert : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
    Verwijdert : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Verwijdert : user_pref("extensions.BabylonToolbar.ptch_0717", true);
    Verwijdert : user_pref("extensions.BabylonToolbar.sg", "azb");
    Verwijdert : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
    Verwijdert : user_pref("extensions.BabylonToolbar.srcExt", "ss");
    Verwijdert : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    Verwijdert : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[…]
    Verwijdert : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
    Verwijdert : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1220:34:45");
    Verwijdert : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110000&tt=3512_5");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.hardId", "3484ce4d000000000000889ffae79347");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.id", "3484ce4d000000000000889ffae79347");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.instlDay", "15326");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Verwijdert : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1220:34:45");
    Verwijdert : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Verwijdert : user_pref("extensions.Softonic.admin", false);
    Verwijdert : user_pref("extensions.Softonic.aflt", "orgnl");
    Verwijdert : user_pref("extensions.Softonic.autoRvrt", "false");
    Verwijdert : user_pref("extensions.Softonic.cntry", "BE");
    Verwijdert : user_pref("extensions.Softonic.cv", "cv5");
    Verwijdert : user_pref("extensions.Softonic.dfltLng", "");
    Verwijdert : user_pref("extensions.Softonic.dfltSrch", true);
    Verwijdert : user_pref("extensions.Softonic.dfltlng", "en");
    Verwijdert : user_pref("extensions.Softonic.dfltsrch", true);
    Verwijdert : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)");
    Verwijdert : user_pref("extensions.Softonic.dspOld", "Search");
    Verwijdert : user_pref("extensions.Softonic.envrmnt", "production");
    Verwijdert : user_pref("extensions.Softonic.excTlbr", false);
    Verwijdert : user_pref("extensions.Softonic.hdrMd5", "7F77BD8EBC3DD57CBB31CCF37644541A");
    Verwijdert : user_pref("extensions.Softonic.hmpg", true);
    Verwijdert : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=13&[…]
    Verwijdert : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=13&cc[…]
    Verwijdert : user_pref("extensions.Softonic.hpOld", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEt[…]
    Verwijdert : user_pref("extensions.Softonic.hrdid", "3484ce4d0000000000004a0f6ef7b6de");
    Verwijdert : user_pref("extensions.Softonic.id", "3484ce4d0000000000004a0f6ef7b6de");
    Verwijdert : user_pref("extensions.Softonic.instlDay", "15607");
    Verwijdert : user_pref("extensions.Softonic.instlRef", "MON00001");
    Verwijdert : user_pref("extensions.Softonic.instlday", "15607");
    Verwijdert : user_pref("extensions.Softonic.instlref", "MON00001");
    Verwijdert : user_pref("extensions.Softonic.isdcmntcmplt", "false");
    Verwijdert : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=[…]
    Verwijdert : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=[…]
    Verwijdert : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.418:53:03");
    Verwijdert : user_pref("extensions.Softonic.mntrvrsn", "1.3.0");
    Verwijdert : user_pref("extensions.Softonic.newTab", false);
    Verwijdert : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=1[…]
    Verwijdert : user_pref("extensions.Softonic.newtab", "false");
    Verwijdert : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/MON00222/tb_v1?SearchSource=1[…]
    Verwijdert : user_pref("extensions.Softonic.prdct", "Softonic");
    Verwijdert : user_pref("extensions.Softonic.propectorlck", 94232804);
    Verwijdert : user_pref("extensions.Softonic.prtnrId", "softonic");
    Verwijdert : user_pref("extensions.Softonic.prtnrid", "softonic");
    Verwijdert : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[…]
    Verwijdert : user_pref("extensions.Softonic.savedVrsnTs", "1");
    Verwijdert : user_pref("extensions.Softonic.sg", "az");
    Verwijdert : user_pref("extensions.Softonic.smplGrp", "none");
    Verwijdert : user_pref("extensions.Softonic.smplgrp", "none");
    Verwijdert : user_pref("extensions.Softonic.srch", "");
    Verwijdert : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
    Verwijdert : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)");
    Verwijdert : user_pref("extensions.Softonic.tlbrId", "base");
    Verwijdert : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[…]
    Verwijdert : user_pref("extensions.Softonic.tlbrid", "base");
    Verwijdert : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/MON00001/tb_v1?SearchSource[…]
    Verwijdert : user_pref("extensions.Softonic.vrsn", "1.6.7.4");
    Verwijdert : user_pref("extensions.Softonic.vrsnTs", "1.6.7.418:53:03");
    Verwijdert : user_pref("extensions.Softonic.vrsni", "1.6.7.4");
    Verwijdert : user_pref("extensions.Softonic.vrsnts", "1.6.7.418:53:03");
    Verwijdert : user_pref("extensions.Softonic_i.dnsErr", true);
    Verwijdert : user_pref("extensions.Softonic_i.hmpg", true);
    Verwijdert : user_pref("extensions.Softonic_i.newTab", false);
    Verwijdert : user_pref("extensions.Softonic_i.smplGrp", "none");
    Verwijdert : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.418:53:03");
    Verwijdert : user_pref("extensions.facemoods._xpiupdate", true);
    Verwijdert : user_pref("extensions.facemoods.aflt", "_#wbst");
    Verwijdert : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
    Verwijdert : user_pref("extensions.facemoods.first_time", false);
    Verwijdert : user_pref("extensions.facemoods.id", "_#13ea277658f54f45adc98abaced55655");
    Verwijdert : user_pref("extensions.facemoods.instlDay", "_#15338");
    Verwijdert : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
    Verwijdert : user_pref("extensions.facemoods.sid", "_#13ea277658f54f45adc98abaced55655");
    Verwijdert : user_pref("extensions.facemoods.update", "_#v1.4.0");
    Verwijdert : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
    Verwijdert : user_pref("extensions.funmoods.aflt", "iron2");
    Verwijdert : user_pref("extensions.funmoods.autoRvrt", false);
    Verwijdert : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
    Verwijdert : user_pref("extensions.funmoods.cntry", "BE");
    Verwijdert : user_pref("extensions.funmoods.cv", "cv5");
    Verwijdert : user_pref("extensions.funmoods.dfltLng", "");
    Verwijdert : user_pref("extensions.funmoods.dfltSrch", true);
    Verwijdert : user_pref("extensions.funmoods.dfltlng", "en");
    Verwijdert : user_pref("extensions.funmoods.dfltsrch", true);
    Verwijdert : user_pref("extensions.funmoods.dnsErr", true);
    Verwijdert : user_pref("extensions.funmoods.envrmnt", "production");
    Verwijdert : user_pref("extensions.funmoods.excTlbr", false);
    Verwijdert : user_pref("extensions.funmoods.hdrMd5", "4CE4DB7B61E9CC6D4D566277E917E78D");
    Verwijdert : user_pref("extensions.funmoods.hmpg", true);
    Verwijdert : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=iron2&chnl=iron2&cd=2Xzuy[…]
    Verwijdert : user_pref("extensions.funmoods.hrdid", "889FFAE79347CE4D");
    Verwijdert : user_pref("extensions.funmoods.id", "889FFAE79347CE4D");
    Verwijdert : user_pref("extensions.funmoods.instlDay", "15585");
    Verwijdert : user_pref("extensions.funmoods.instlRef", "iron2");
    Verwijdert : user_pref("extensions.funmoods.instlday", "15585");
    Verwijdert : user_pref("extensions.funmoods.instlref", "iron2");
    Verwijdert : user_pref("extensions.funmoods.isdcmntcmplt", true);
    Verwijdert : user_pref("extensions.funmoods.keywordurl", "");
    Verwijdert : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2220:58:14");
    Verwijdert : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
    Verwijdert : user_pref("extensions.funmoods.newTab", true);
    Verwijdert : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[…]
    Verwijdert : user_pref("extensions.funmoods.newtab", true);
    Verwijdert : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=iron2&chnl=iron2&cd=2Xz[…]
    Verwijdert : user_pref("extensions.funmoods.prdct", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.prtnrId", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.prtnrid", "funmoods");
    Verwijdert : user_pref("extensions.funmoods.savedVrsnTs", "1");
    Verwijdert : user_pref("extensions.funmoods.sg", "none");
    Verwijdert : user_pref("extensions.funmoods.smplGrp", "none");
    Verwijdert : user_pref("extensions.funmoods.smplgrp", "none");
    Verwijdert : user_pref("extensions.funmoods.srch", "");
    Verwijdert : user_pref("extensions.funmoods.srchPrvdr", "Search");
    Verwijdert : user_pref("extensions.funmoods.srchprvdr", "Search");
    Verwijdert : user_pref("extensions.funmoods.tlbrId", "base");
    Verwijdert : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[…]
    Verwijdert : user_pref("extensions.funmoods.tlbrid", "base");
    Verwijdert : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=iron2&chnl=iron2&cd=2[…]
    Verwijdert : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2220:58:14");
    Verwijdert : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
    Verwijdert : user_pref("extensions.funmoods.vrsnts", "1.5.23.2220:58:14");
    Verwijdert : user_pref("extensions.funmoods_i.newTab", true);
    Verwijdert : user_pref("extensions.funmoods_i.smplGrp", "none");
    Verwijdert : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2220:58:14");
    Verwijdert : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[…]
    Verwijdert : user_pref("smartbar.machineId", "XDH4NSSPV7L2XZAVSPG3K+2INM3IXT7TKIUQVZWOY9X5C3ZDXROIM6CUYLDHBWLOO4F[…]
    Verwijdert : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[…]

    -\\ Google Chrome v [Onmogelijk de versie te verkrijgen]

    File : C:\Users\Nathalie\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] De file bevat geen enkele ongeoorloofde invoer.

    *************************

    AdwCleaner[S1].txt - [31605 octets] - [06/02/2013 11:31:09]

    ########## EOF - C:\AdwCleaner[S1].txt - [31666 octets] ##########
  • Hier volgt het ComboFix logje:

    ( Het zijn twee logjes, aangezien ik de eerste keer vergeten was Windows Defender uit te schakelen.

    Logje met WD nog aan:

    ComboFix 13-02-03.03 - Nathalie 06/02/2013 11:49:14.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3950.2547 [GMT 1:00]
    Gestart vanuit: c:\users\Nathalie\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-06 10:40 . 2013-02-06 10:40 ——– d—–w- C:\Virusscan logs
    2013-02-05 10:56 . 2013-01-08 05:32 9161176 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C54FD52-7704-4A7E-ACC9-60B2107134C1}\mpengine.dll
    2013-02-03 21:27 . 2013-02-03 21:27 ——– d—–w- c:\program files (x86)\ESET
    2013-02-03 10:50 . 2013-02-03 10:50 ——– d—–w- c:\users\Nathalie\AppData\Roaming\Apple Computer
    2013-01-15 18:24 . 2013-01-04 18:51 9376256 —-a-w- c:\windows\system32\mshtml.dll
    2013-01-15 18:24 . 2010-11-04 04:35 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2013-01-15 18:24 . 2010-11-04 04:08 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-09 15:19 . 2012-11-09 05:34 751104 —-a-w- c:\windows\system32\win32spl.dll
    2013-01-09 15:19 . 2012-11-09 04:49 492032 —-a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 15:17 . 2012-11-30 05:43 424960 —-a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 15:16 . 2012-11-23 03:45 3147264 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 00:28 . 2011-07-09 16:47 273840 ——w- c:\windows\system32\MpSigStub.exe
    2013-01-12 13:11 . 2011-07-09 11:10 67599240 —-a-w- c:\windows\system32\MRT.exe
    2013-01-09 21:26 . 2012-12-19 18:44 697864 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 21:26 . 2012-01-12 15:29 74248 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 16:52 . 2012-12-21 20:36 46080 —-a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2012-12-21 20:36 367616 —-a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 15:49 . 2011-07-09 16:45 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:56 . 2013-01-09 15:17 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2012-11-19 20:12 . 2012-11-19 20:12 477168 —-a-w- c:\windows\SysWow64
    pdeployJava1.dll
    2012-11-19 20:12 . 2011-07-06 21:12 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-16 18:00 . 2012-11-19 18:42 112640 —-a-w- c:\windows\SysWow64\ff_vfw.dll
    2012-11-09 05:34 . 2012-12-16 16:00 2048 —-a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:49 . 2012-12-16 16:00 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-10-09 615808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-08 98304]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    c:\users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-05-28 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1255736]
    R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-24 202752]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 21:26]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.be/
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://www.google.com
    IE: Free YouTube to MP3 Converter - c:\users\Nathalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\
    FF - prefs.js: browser.startup.homepage - www.google.be
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    .
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ———————— Andere Aktieve Processen ————————
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe
    c:\windows\SysWOW64\DllHost.exe
    c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
    c:\windows\SysWOW64\RunDll32.exe
    c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    .
    **************************************************************************
    .
    Voltooingstijd: 2013-02-06 12:05:29 - machine werd herstart
    ComboFix-quarantined-files.txt 2013-02-06 11:05
    .
    Pre-Run: 400.966.885.376 bytes beschikbaar
    Post-Run: 400.702.656.512 bytes beschikbaar
    .
    - - End Of File - - 89C76DD0B0E8329777F1FCAD64B4F5DB








    Logje met WD uitgeschakeld:


    ComboFix 13-02-03.03 - Nathalie 06/02/2013 12:13:09.2.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.32.1043.18.3950.2563 [GMT 1:00]
    Gestart vanuit: c:\users\Nathalie\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2013-01-06 to 2013-02-06 ))))))))))))))))))))))))))))))
    .
    .
    2013-02-06 11:21 . 2013-02-06 11:21 ——– d—–w- c:\users\Default\AppData\Local\temp
    2013-02-06 10:40 . 2013-02-06 11:08 ——– d—–w- C:\Virusscan logs
    2013-02-05 10:56 . 2013-01-08 05:32 9161176 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C54FD52-7704-4A7E-ACC9-60B2107134C1}\mpengine.dll
    2013-02-03 21:27 . 2013-02-03 21:27 ——– d—–w- c:\program files (x86)\ESET
    2013-02-03 10:50 . 2013-02-03 10:50 ——– d—–w- c:\users\Nathalie\AppData\Roaming\Apple Computer
    2013-01-15 18:24 . 2013-01-04 18:51 9376256 —-a-w- c:\windows\system32\mshtml.dll
    2013-01-15 18:24 . 2010-11-04 04:35 1638912 —-a-w- c:\windows\system32\mshtml.tlb
    2013-01-15 18:24 . 2010-11-04 04:08 1638912 —-a-w- c:\windows\SysWow64\mshtml.tlb
    2013-01-09 15:19 . 2012-11-09 05:34 751104 —-a-w- c:\windows\system32\win32spl.dll
    2013-01-09 15:19 . 2012-11-09 04:49 492032 —-a-w- c:\windows\SysWow64\win32spl.dll
    2013-01-09 15:17 . 2012-11-30 05:43 424960 —-a-w- c:\windows\system32\KernelBase.dll
    2013-01-09 15:16 . 2012-11-23 03:45 3147264 —-a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-01-17 00:28 . 2011-07-09 16:47 273840 ——w- c:\windows\system32\MpSigStub.exe
    2013-01-12 13:11 . 2011-07-09 11:10 67599240 —-a-w- c:\windows\system32\MRT.exe
    2013-01-09 21:26 . 2012-12-19 18:44 697864 —-a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2013-01-09 21:26 . 2012-01-12 15:29 74248 —-a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-12-16 16:52 . 2012-12-21 20:36 46080 —-a-w- c:\windows\system32\atmlib.dll
    2012-12-16 14:40 . 2012-12-21 20:36 367616 —-a-w- c:\windows\system32\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 295424 —-a-w- c:\windows\SysWow64\atmfd.dll
    2012-12-16 14:25 . 2012-12-21 20:36 34304 —-a-w- c:\windows\SysWow64\atmlib.dll
    2012-12-14 15:49 . 2011-07-09 16:45 24176 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 04:56 . 2013-01-09 15:17 44032 —-a-w- c:\windows\apppatch\acwow64.dll
    2012-11-19 20:12 . 2012-11-19 20:12 477168 —-a-w- c:\windows\SysWow64
    pdeployJava1.dll
    2012-11-19 20:12 . 2011-07-06 21:12 473072 —-a-w- c:\windows\SysWow64\deployJava1.dll
    2012-11-16 18:00 . 2012-11-19 18:42 112640 —-a-w- c:\windows\SysWow64\ff_vfw.dll
    2012-11-09 05:34 . 2012-12-16 16:00 2048 —-a-w- c:\windows\system32\tzres.dll
    2012-11-09 04:49 . 2012-12-16 16:00 2048 —-a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CAHeadless"="c:\program files (x86)\Adobe\Elements Organizer 8.0\CAHeadless\ElementsAutoAnalyzer.exe" [2009-10-09 615808]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2010-05-31 673136]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-08 98304]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
    .
    c:\users\Nathalie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Nathalie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-6-8 1128224]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer2"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
    R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-05-28 158976]
    R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-06-24 271872]
    R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-06-20 108400]
    R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-06-18 423280]
    R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-06-20 67952]
    R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-06-06 304496]
    R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-06-17 851824]
    R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-06-09 537456]
    R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-06-09 384880]
    R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-06-09 101232]
    R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-09 1255736]
    R4 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-06-01 367456]
    R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-10-02 3064000]
    R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
    R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2012-12-05 92632]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2008-06-16 55024]
    S1 aswKbd;aswKbd; [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-06-24 202752]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
    S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2010-06-23 94208]
    S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2010-06-23 78848]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-28 2320920]
    S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2010-06-21 575856]
    S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2010-06-08 836608]
    S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-06-23 342056]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-23 39464]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-28 56344]
    S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [2010-04-26 12032]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-05-31 402720]
    .
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - WS2IFSL
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-19 21:26]
    .
    .
    ——— X64 Entries ———–
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-08-21 09:11 133400 —-a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 162552 —-a-w- c:\users\Nathalie\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-31 10775584]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-05-31 2040352]
    "Apoint"="c:\program files (x86)\Apoint\Apoint.exe" [BU]
    .
    ——- Bijkomende Scan ——-
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.be/
    mStart Page = hxxp://www.google.com
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = <local>
    mSearchAssistant = hxxp://www.google.com
    IE: Free YouTube to MP3 Converter - c:\users\Nathalie\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki… - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    TCP: DhcpNameServer = 192.168.2.1
    FF - ProfilePath - c:\users\Nathalie\AppData\Roaming\Mozilla\Firefox\Profiles\zlukmz5q.default\
    FF - prefs.js: browser.startup.homepage - www.google.be
    .
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.Email.1"
    .
    [HKEY_USERS\S-1-5-21-1117917371-1757927219-761134325-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="WindowsLiveMail.VCard.1"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Voltooingstijd: 2013-02-06 12:23:43
    ComboFix-quarantined-files.txt 2013-02-06 11:23
    .
    Pre-Run: 400.765.202.432 bytes beschikbaar
    Post-Run: 400.468.570.112 bytes beschikbaar
    .
    - - End Of File - - 976339FA3B838615FF2D7549FCA70D18


    Nogmaals bedankt!
  • We gaan nu een volledige scan doen.
    Er is al een hoop troep verwijderd, ik neem aan dat dit al merkbaar is.

    [b:06536fc18b]Welk programma[/b:06536fc18b]: [b:06536fc18b]Emsisoft Emergency Kit 3.0 Portable[/b:06536fc18b][/color:06536fc18b]
    [b:06536fc18b]Waarvoor/waarom[/b:06536fc18b]: Detecteert en verwijdert malware
    [b:06536fc18b]Moeilijkheidsgraad[/b:06536fc18b]: geen.
    Download: [b:06536fc18b]Emsisoft Emergency Kit 3.0 Portable[/color:06536fc18b][/b:06536fc18b]

    [b:06536fc18b]Opmerkingen[/b:06536fc18b]:[list:06536fc18b][*:06536fc18b]de download is gecomprimeerd, pak EmsisoftEmergencyKit.zip uit en plaats de nieuwe map op het bureaublad.
    [*:06536fc18b]Alle openstaande programma's en webpagina's dienen afgesloten te zijn.[/list:u:06536fc18b]

    [b:06536fc18b]Opstarten[/b:06536fc18b]:
    Start door de map "[b:06536fc18b]EmsisoftEmergencyKit[/b:06536fc18b]" te openen
    [list:06536fc18b][list:06536fc18b][*:06536fc18b][b:06536fc18b]Windows 2000[/color:06536fc18b][/b:06536fc18b] en [b:06536fc18b]Windows XP[/b:06536fc18b][/color:06536fc18b]: dubbelklik op "Start.exe".
    [*:06536fc18b][b:06536fc18b]Windows Vista[/b:06536fc18b][/color:06536fc18b], [b:06536fc18b]Windows 7[/b:06536fc18b][/color:06536fc18b] en [b:06536fc18b]Windows 8[/b:06536fc18b][/color:06536fc18b]: via rechtsklik op "Start.exe" en kies voor "Als Administrator uitvoeren".[/list:u:06536fc18b][/list:u:06536fc18b]

    [b:06536fc18b]Scannen[/b:06536fc18b]:
    [list:06536fc18b][*:06536fc18b] Klik nu in het keuzescherm op "[b:06536fc18b]Emergency Kit Scanner[/b:06536fc18b]" en aansluitend komt dan de melding,
    dat het is aanbevolen om eerst te updaten.

    [img:06536fc18b]http://www.imgdumper.nl/uploads5/4f8d1a3bd534a/4f8d1a3bd3fbd-EmsisoftEK11.jpg[/img:06536fc18b]


    [*:06536fc18b]Doe dit dan ook door te klikken op "[b:06536fc18b]Ja[/b:06536fc18b]"
    [*:06536fc18b]Wanneer het updaten gereed is volgt de melding "[b:06536fc18b]Update proces is succesvol afgerond[/b:06536fc18b]"
    [*:06536fc18b]Klik nu op"[b:06536fc18b]Menu[/b:06536fc18b]" en dan op "[b:06536fc18b]Scan PC[/b:06536fc18b]"
    [*:06536fc18b] Selecteer de optie "[b:06536fc18b]Diep[/b:06536fc18b]" als deze niet standaard al zo is ingesteld.
    [*:06536fc18b] Klik aansluitend op de knop "[b:06536fc18b]Scan[/b:06536fc18b]"
    [list:06536fc18b][*:06536fc18b]Wees geduldig en doe verder niets met de computer gedurende de scan,
    daar de scan geruime tijd kan duren.[/list:u:06536fc18b]
    [*:06536fc18b] Het venster met de waarschuwing over een verhoogd risico kan gesloten worden, wanneer de scan gereed is.


    [*:06536fc18b] Zorg ervoor dat alle gevonden items zijn aangevinkt en klik dan op de knop "[b:06536fc18b]Verwijder geselecteerde[/b:06536fc18b]" - dan zal de volgende melding komen:

    [img:06536fc18b]http://www.imgdumper.nl/uploads5/4f8d1a4d63784/4f8d1a4d61ffa-EmsisoftEK2.jpg[/img:06536fc18b]


    [*:06536fc18b]Klik aansluitend dus op "[b:06536fc18b]Ja[/b:06536fc18b]"
    [*:06536fc18b] Wanneer het verwijderen klaar is, klik dan op de knop "[b:06536fc18b]View report[/b:06536fc18b]" en selecteer het tekstbestand van deze scan met de naam zoals: [b:06536fc18b]a3scan_110730-111615.txt[/b:06536fc18b]
    [*:06536fc18b]Het log vind je ook terug in de map van de [b:06536fc18b]EmsisoftEmergencyKit[/b:06536fc18b].
    [*:06536fc18b] Plaats de inhoud van dat LOG bestand straks in het nieuwe bericht.[/list:u:06536fc18b]
    [b:06536fc18b]Notabene:[/b:06536fc18b][/color:06536fc18b] Herstart nu de computer.
  • Er is inderdaad al veel verwijderd. Hopelijk vliegt de resterende troep ook snel van de baan.
    Hier het logbestand:


    Emsisoft Emergency Kit - Versie 3.0
    Laatste Update: 6-2-2013 14:03:48

    Scaninstellingen:

    Scantype: Diepe scan
    Objecten: Rootkits, Geheugen, Sporen, C:\, Q:\

    Detecteer riskware: Uit
    Scan archieven: Aan
    ADS Scan: Aan
    Bestandsextensiefilter: Uit
    Geavanceerde cache: Aan
    Directe schijftoegang: Uit

    Scan gestart: 6-2-2013 14:05:20

    C:\Program Files (x86)\DownloadManager Ontdekt: Trace.File.MediaPipe (A)

    Gescand 462670
    Gevonden 1

    Scan geëindigd: 6-2-2013 15:13:46
    Scantijd: 1:08:26

    C:\Program Files (x86)\DownloadManager Verwijderd Trace.File.MediaPipe (A)

    Verwijderd 1

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.