MafkeesZ
-
Items
9 -
Registratiedatum
-
Laatst bezocht
Inhoudstype
Profielen
Forums
Store
Berichten die geplaatst zijn door MafkeesZ
-
-
Het probleem is opgelost. Bedankt voor het helpen!!!
Groet Nico
-
Nou ik heb het gedaan en heb 2 dingen verwijderd, maar heb nog steeds als ik een tabblad open dat hij naar mystart gaat :s Kan dit veel kwaad?
-
Het is volgens mij nog steeds niet helemaal weg. Als ik namelijk in google chrome een nieuw tabblad aanklik opent hij nog steeds: MyStart by IncrediBar.com inplaats van google.nl :s Heb bij instellingen wel mystart verwijderd en google ingesteld, maar toch opent hij nog steeds mystart..
Bij start en dan zoeken heb ik ook gezocht op mystart incredibar maar dan kan hij ook niks vinden? Weet jij nog iets wat ik kan proberen?
-
Dan krijg ik dit te zien:
ComboFix 12-07-10.01 - Nico Visser 10-07-2012 21:08:39.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.265 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Nico Visser\Mijn documenten\Downloads\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\Nico Visser\Bureaublad\CFScript.txt
AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Ziggo uitgebreide internetbeveiliging 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
FILE ::
"C:\user.js"
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\116cbe41a8383bfcf42b
c:\116cbe41a8383bfcf42b\amd64\filterpipelineprintproc.dll
c:\116cbe41a8383bfcf42b\amd64\msxpsdrv.cat
c:\116cbe41a8383bfcf42b\amd64\msxpsdrv.inf
c:\116cbe41a8383bfcf42b\amd64\msxpsinc.gpd
c:\116cbe41a8383bfcf42b\amd64\msxpsinc.ppd
c:\116cbe41a8383bfcf42b\amd64\mxdwdrv.dll
c:\116cbe41a8383bfcf42b\amd64\xpssvcs.dll
c:\116cbe41a8383bfcf42b\i386\filterpipelineprintproc.dll
c:\116cbe41a8383bfcf42b\i386\msxpsdrv.cat
c:\116cbe41a8383bfcf42b\i386\msxpsdrv.inf
c:\116cbe41a8383bfcf42b\i386\msxpsinc.gpd
c:\116cbe41a8383bfcf42b\i386\msxpsinc.ppd
c:\116cbe41a8383bfcf42b\i386\mxdwdrv.dll
c:\116cbe41a8383bfcf42b\i386\xpssvcs.dll
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))
.
.
2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\HP
2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\temp
2012-06-23 21:27 . 2012-06-23 21:27 -------- d-----w- C:\swsetup
2012-06-23 13:55 . 2012-06-23 13:55 -------- d-----w- C:\Intel
2012-06-23 02:47 . 2012-07-07 18:36 1929 ----a-w- C:\user.js
2012-06-22 10:10 . 2012-06-22 10:10 -------- d-----r- C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 15:35 . 2009-08-06 17:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:19 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2002-09-11 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2012-06-02 13:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-05-31 13:22 . 2002-09-11 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2002-09-11 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2002-09-11 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2002-09-11 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2002-09-11 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-05 03:15 . 2002-09-11 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-20 19:31 . 2012-04-20 19:31 81920 ------w- c:\windows\system32\ieencode.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1040384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21-6-2012 21:44 44184]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [21-6-2012 21:43 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [21-6-2012 21:43 68064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8-7-2012 13:02 654408]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [21-6-2012 21:43 149672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8-7-2012 13:02 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22-6-2012 0:42 257224]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [21-6-2012 21:43 61088]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsfilter.sys [21-6-2012 21:43 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsrec.sys [21-6-2012 21:43 25184]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 22:42]
.
2012-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004Core.job
- c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004UA.job
- c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 212.54.40.25 192.168.123.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-10 21:15
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\internetbeveiliging\hips\fshook32.dll
c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(728)
c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
c:\program files\internetbeveiliging\hips\fshook32.dll
c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll
.
- - - - - - - > 'csrss.exe'(648)
c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll
.
Voltooingstijd: 2012-07-10 21:17:50
ComboFix-quarantined-files.txt 2012-07-10 19:17
ComboFix2.txt 2012-07-10 18:37
.
Pre-Run: 214.120.001.536 bytes beschikbaar
Post-Run: 214.100.488.192 bytes beschikbaar
.
- - End Of File - - E49DEA24065F74D6D24F49A1584C9EF2
-
Dit stond er in het logbestand:
ComboFix 12-07-10.01 - Nico Visser 10-07-2012 20:25:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.222 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Nico Visser\Mijn documenten\Downloads\ComboFix.exe
AV: Ziggo uitgebreide internetbeveiliging 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: Ziggo uitgebreide internetbeveiliging 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Nico Visser\WINDOWS
c:\windows\fspscprereqmsiinst.log
c:\windows\system32\SET530.tmp
c:\windows\system32\SET534.tmp
c:\windows\system32\SET535.tmp
c:\windows\system32\SET53C.tmp
c:\windows\unin0413.exe
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))
.
.
2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\HP
2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\temp
2012-06-23 21:27 . 2012-06-23 21:27 -------- d-----w- C:\swsetup
2012-06-23 13:55 . 2012-06-23 13:55 -------- d-----w- C:\Intel
2012-06-23 02:47 . 2012-07-07 18:36 1929 ----a-w- C:\user.js
2012-06-23 01:52 . 2012-06-23 01:53 -------- d-----w- C:\116cbe41a8383bfcf42b
2012-06-22 10:10 . 2012-06-22 10:10 -------- d-----r- C:\MSOCache
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-04 15:35 . 2009-08-06 17:23 222448 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:19 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2002-09-11 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2012-06-02 13:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-05-31 13:22 . 2002-09-11 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:09 . 2002-09-11 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:55 . 2002-09-11 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:44 . 2002-09-11 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:44 . 2002-09-11 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-05 03:15 . 2002-09-11 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-20 19:31 . 2012-04-20 19:31 81920 ------w- c:\windows\system32\ieencode.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]
"F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1040384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21-6-2012 21:44 44184]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [21-6-2012 21:43 82120]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [21-6-2012 21:43 68064]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8-7-2012 13:02 654408]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [21-6-2012 21:43 149672]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8-7-2012 13:02 22344]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22-6-2012 0:42 257224]
S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [21-6-2012 21:43 61088]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsfilter.sys [21-6-2012 21:43 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsrec.sys [21-6-2012 21:43 25184]
.
Inhoud van de 'Gedeelde Taken' map
.
2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 22:42]
.
2012-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004Core.job
- c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004UA.job
- c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]
.
2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]
.
2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.nl/
uInternet Settings,ProxyOverride = *.local
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 212.54.40.25 192.168.123.254
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS VERWIJDERD - - - -
.
HKCU-Run-Easy Driver Pro - c:\program files\Probit Software\Easy Driver Pro\DPLauncher.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-07-10 20:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scannen van verborgen processen ...
.
scannen van verborgen autostart items ...
.
scannen van verborgen bestanden ...
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]
"3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Geladen Onder Lopende Processen ---------------------
.
- - - - - - - > 'winlogon.exe'(672)
c:\program files\internetbeveiliging\hips\fshook32.dll
c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll
.
- - - - - - - > 'lsass.exe'(728)
c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL
c:\program files\internetbeveiliging\hips\fshook32.dll
c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll
.
- - - - - - - > 'csrss.exe'(648)
c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll
.
Voltooingstijd: 2012-07-10 20:37:05
ComboFix-quarantined-files.txt 2012-07-10 18:37
.
Pre-Run: 212.966.301.696 bytes beschikbaar
Post-Run: 214.109.519.872 bytes beschikbaar
.
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
.
- - End Of File - - E843ED2840C9BE7517108ABC895D8DE3
-
Ik heb adwcleaner gedownload en uitgevoerd en krijg dan dit in de logfile te zien:
# AdwCleaner v1.701 - Logfile created 07/10/2012 at 19:56:14# Updated 02/07/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Nico Visser - NICO
# Running from : C:\Documents and Settings\Nico Visser\Bureaublad\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
***** [Registre - GUID] *****
***** [internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Google Chrome v19.0.1084.56
File : C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [10184 octets] - [08/07/2012 11:28:14]
AdwCleaner[s1].txt - [10559 octets] - [08/07/2012 11:28:40]
AdwCleaner[R2].txt - [1155 octets] - [08/07/2012 11:42:28]
AdwCleaner[s2].txt - [1215 octets] - [08/07/2012 11:43:16]
AdwCleaner[s3].txt - [294 octets] - [10/07/2012 19:54:47]
AdwCleaner[R3].txt - [1315 octets] - [10/07/2012 19:56:03]
AdwCleaner[s4].txt - [1246 octets] - [10/07/2012 19:56:14]
########## EOF - C:\AdwCleaner[s4].txt - [1374 octets] ##########
-
Kape bedankt voor het snelle reageren!
Dit is wat in het kladblok staat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:15:04, on 8-7-2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Internetbeveiliging\Common\FSM32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Internetbeveiliging\Anti-Virus\FSGK32.EXE
C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe
C:\Program Files\Internetbeveiliging\Anti-Virus\fssm32.exe
C:\Program Files\Internetbeveiliging\Anti-Virus\fsav32.exe
C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Easy Driver Pro] C:\Program Files\Probit Software\Easy Driver Pro\DPLauncher.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340426277234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
--
End of file - 8035 bytes
Hoop dat je me verder kan helpen!
-
Hoi hoi,
Sinds een paar dagen heb ik last van mystart incredibar op mijn computer. Ik heb van alles geprobeerd maar krijg het niet van mijn computer af Kan iemand mij helpen om dit helemaal van mij computer te verwijderen?
Als vast bedankt!
Groet Nico
Hoe verwijder ik Mystart incredibar van mijn computer??
in Archief Bestrijding malware & virussen
Geplaatst: · aangepast door MafkeesZ
Ik had namelijk nog een probleem, dat was namelijk dat er in de text op elke internetsite een paar woorden waren onderstreept en als ik daar met me muis overheen ging kreeg ik reclame te zien. Dat probleem heb ik gegoogled en toen bleek ik iets aan te hebben staan in de instellingen (Bflix extensions) bij extensies.
(Google Chrome aanpassen en beheren ---> extra ---> extensies)
Daar heb ik toen 2 dingen verwijderd en daarna had ik geen last meer van die onderstreepte woorden en kreeg ook bij het openen van een nieuw tabblad geen Mystart meer.