Ga naar inhoud

MafkeesZ

Lid
  • Items

    9
  • Registratiedatum

  • Laatst bezocht

Berichten die geplaatst zijn door MafkeesZ

  1. Ik had namelijk nog een probleem, dat was namelijk dat er in de text op elke internetsite een paar woorden waren onderstreept en als ik daar met me muis overheen ging kreeg ik reclame te zien. Dat probleem heb ik gegoogled en toen bleek ik iets aan te hebben staan in de instellingen (Bflix extensions) bij extensies.

    (Google Chrome aanpassen en beheren ---> extra ---> extensies)

    Daar heb ik toen 2 dingen verwijderd en daarna had ik geen last meer van die onderstreepte woorden en kreeg ook bij het openen van een nieuw tabblad geen Mystart meer.

  2. Het is volgens mij nog steeds niet helemaal weg. Als ik namelijk in google chrome een nieuw tabblad aanklik opent hij nog steeds: MyStart by IncrediBar.com inplaats van google.nl :s Heb bij instellingen wel mystart verwijderd en google ingesteld, maar toch opent hij nog steeds mystart..

    Bij start en dan zoeken heb ik ook gezocht op mystart incredibar maar dan kan hij ook niks vinden? Weet jij nog iets wat ik kan proberen?

  3. Dan krijg ik dit te zien:

    ComboFix 12-07-10.01 - Nico Visser 10-07-2012 21:08:39.2.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.265 [GMT 2:00]

    Gestart vanuit: c:\documents and settings\Nico Visser\Mijn documenten\Downloads\ComboFix.exe

    gebruikte Opdracht switches :: c:\documents and settings\Nico Visser\Bureaublad\CFScript.txt

    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

    .

    FILE ::

    "C:\user.js"

    .

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\116cbe41a8383bfcf42b

    c:\116cbe41a8383bfcf42b\amd64\filterpipelineprintproc.dll

    c:\116cbe41a8383bfcf42b\amd64\msxpsdrv.cat

    c:\116cbe41a8383bfcf42b\amd64\msxpsdrv.inf

    c:\116cbe41a8383bfcf42b\amd64\msxpsinc.gpd

    c:\116cbe41a8383bfcf42b\amd64\msxpsinc.ppd

    c:\116cbe41a8383bfcf42b\amd64\mxdwdrv.dll

    c:\116cbe41a8383bfcf42b\amd64\xpssvcs.dll

    c:\116cbe41a8383bfcf42b\i386\filterpipelineprintproc.dll

    c:\116cbe41a8383bfcf42b\i386\msxpsdrv.cat

    c:\116cbe41a8383bfcf42b\i386\msxpsdrv.inf

    c:\116cbe41a8383bfcf42b\i386\msxpsinc.gpd

    c:\116cbe41a8383bfcf42b\i386\msxpsinc.ppd

    c:\116cbe41a8383bfcf42b\i386\mxdwdrv.dll

    c:\116cbe41a8383bfcf42b\i386\xpssvcs.dll

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))

    .

    .

    2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\HP

    2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\temp

    2012-06-23 21:27 . 2012-06-23 21:27 -------- d-----w- C:\swsetup

    2012-06-23 13:55 . 2012-06-23 13:55 -------- d-----w- C:\Intel

    2012-06-23 02:47 . 2012-07-07 18:36 1929 ----a-w- C:\user.js

    2012-06-22 10:10 . 2012-06-22 10:10 -------- d-----r- C:\MSOCache

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-04 15:35 . 2009-08-06 17:23 222448 ----a-w- c:\windows\system32\muweb.dll

    2012-06-02 13:19 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

    2012-06-02 13:19 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 13:19 . 2002-09-11 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

    2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

    2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

    2012-06-02 13:19 . 2012-06-02 13:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

    2012-05-31 13:22 . 2002-09-11 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

    2012-05-16 15:09 . 2002-09-11 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

    2012-05-15 13:55 . 2002-09-11 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys

    2012-05-11 14:44 . 2002-09-11 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

    2012-05-11 14:44 . 2002-09-11 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2012-05-05 03:15 . 2002-09-11 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-05 03:14 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-04-20 19:31 . 2012-04-20 19:31 81920 ------w- c:\windows\system32\ieencode.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]

    "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1040384]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    .

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21-6-2012 21:44 44184]

    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [21-6-2012 21:43 82120]

    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [21-6-2012 21:43 68064]

    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8-7-2012 13:02 654408]

    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [21-6-2012 21:43 149672]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8-7-2012 13:02 22344]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22-6-2012 0:42 257224]

    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [21-6-2012 21:43 61088]

    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsfilter.sys [21-6-2012 21:43 39776]

    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsrec.sys [21-6-2012 21:43 25184]

    .

    Inhoud van de 'Gedeelde Taken' map

    .

    2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 22:42]

    .

    2012-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

    .

    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004Core.job

    - c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]

    .

    2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004UA.job

    - c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]

    .

    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500Core.job

    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]

    .

    2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500UA.job

    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]

    .

    .

    ------- Bijkomende Scan -------

    .

    uStart Page = hxxp://www.google.nl/

    uInternet Settings,ProxyOverride = *.local

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL

    TCP: DhcpNameServer = 212.54.40.25 192.168.123.254

    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

    Rootkit scan 2012-07-10 21:15

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scannen van verborgen processen ...

    .

    scannen van verborgen autostart items ...

    .

    scannen van verborgen bestanden ...

    .

    Scan succesvol afgerond

    verborgen bestanden: 0

    .

    **************************************************************************

    .

    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

    "3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    .

    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    .

    - - - - - - - > 'winlogon.exe'(672)

    c:\program files\internetbeveiliging\hips\fshook32.dll

    c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll

    .

    - - - - - - - > 'lsass.exe'(728)

    c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL

    c:\program files\internetbeveiliging\hips\fshook32.dll

    c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll

    .

    - - - - - - - > 'csrss.exe'(648)

    c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll

    .

    Voltooingstijd: 2012-07-10 21:17:50

    ComboFix-quarantined-files.txt 2012-07-10 19:17

    ComboFix2.txt 2012-07-10 18:37

    .

    Pre-Run: 214.120.001.536 bytes beschikbaar

    Post-Run: 214.100.488.192 bytes beschikbaar

    .

    - - End Of File - - E49DEA24065F74D6D24F49A1584C9EF2

  4. Dit stond er in het logbestand:

    ComboFix 12-07-10.01 - Nico Visser 10-07-2012 20:25:53.1.2 - x86

    Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.503.222 [GMT 2:00]

    Gestart vanuit: c:\documents and settings\Nico Visser\Mijn documenten\Downloads\ComboFix.exe

    AV: Ziggo uitgebreide internetbeveiliging 9.01 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}

    FW: Ziggo uitgebreide internetbeveiliging 9.01 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4}

    .

    .

    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\documents and settings\Nico Visser\WINDOWS

    c:\windows\fspscprereqmsiinst.log

    c:\windows\system32\SET530.tmp

    c:\windows\system32\SET534.tmp

    c:\windows\system32\SET535.tmp

    c:\windows\system32\SET53C.tmp

    c:\windows\unin0413.exe

    .

    .

    (((((((((((((((((((( Bestanden Gemaakt van 2012-06-10 to 2012-07-10 ))))))))))))))))))))))))))))))

    .

    .

    2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\HP

    2012-06-23 21:35 . 2012-06-23 21:35 -------- d-----w- C:\temp

    2012-06-23 21:27 . 2012-06-23 21:27 -------- d-----w- C:\swsetup

    2012-06-23 13:55 . 2012-06-23 13:55 -------- d-----w- C:\Intel

    2012-06-23 02:47 . 2012-07-07 18:36 1929 ----a-w- C:\user.js

    2012-06-23 01:52 . 2012-06-23 01:53 -------- d-----w- C:\116cbe41a8383bfcf42b

    2012-06-22 10:10 . 2012-06-22 10:10 -------- d-----r- C:\MSOCache

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2012-06-04 15:35 . 2009-08-06 17:23 222448 ----a-w- c:\windows\system32\muweb.dll

    2012-06-02 13:19 . 2012-06-02 13:19 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

    2012-06-02 13:19 . 2012-06-02 13:19 45080 ----a-w- c:\windows\system32\wups2.dll

    2012-06-02 13:19 . 2002-09-11 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

    2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

    2012-06-02 13:19 . 2012-06-02 13:19 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

    2012-06-02 13:19 . 2012-06-02 13:19 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

    2012-05-31 13:22 . 2002-09-11 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

    2012-05-16 15:09 . 2002-09-11 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

    2012-05-15 13:55 . 2002-09-11 12:00 1863296 ----a-w- c:\windows\system32\win32k.sys

    2012-05-11 14:44 . 2002-09-11 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

    2012-05-11 14:44 . 2002-09-11 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

    2012-05-05 03:15 . 2002-09-11 12:00 2152960 ----a-w- c:\windows\system32\ntoskrnl.exe

    2012-05-05 03:14 . 2002-09-09 13:18 2031104 ----a-w- c:\windows\system32\ntkrnlpa.exe

    2012-04-20 19:31 . 2012-04-20 19:31 81920 ------w- c:\windows\system32\ieencode.dll

    .

    .

    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "F-Secure Manager"="c:\program files\Internetbeveiliging\Common\FSM32.EXE" [2009-08-05 199264]

    "F-Secure TNB"="c:\program files\Internetbeveiliging\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

    "KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]

    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-15 1040384]

    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

    "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

    .

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

    .

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\Java\\jre7\\bin\\javaw.exe"=

    "c:\\Program Files\\Messenger\\msmsgs.exe"=

    "c:\\Program Files\\uTorrent\\uTorrent.exe"=

    "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

    "c:\\Program Files\\iTunes\\iTunes.exe"=

    .

    R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [21-6-2012 21:44 44184]

    R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [21-6-2012 21:43 82120]

    R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\Internetbeveiliging\HIPS\drivers\fshs.sys [21-6-2012 21:43 68064]

    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8-7-2012 13:02 654408]

    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\Internetbeveiliging\Anti-Virus\minifilter\fsgk.sys [21-6-2012 21:43 149672]

    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8-7-2012 13:02 22344]

    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [22-6-2012 0:42 257224]

    S3 FSORSPClient;F-Secure ORSP Client;c:\program files\Internetbeveiliging\ORSP Client\fsorsp.exe [21-6-2012 21:43 61088]

    S4 F-Secure Filter;F-Secure File System Filter;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsfilter.sys [21-6-2012 21:43 39776]

    S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\Internetbeveiliging\Anti-Virus\win2k\fsrec.sys [21-6-2012 21:43 25184]

    .

    Inhoud van de 'Gedeelde Taken' map

    .

    2012-07-10 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-21 22:42]

    .

    2012-07-05 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 15:57]

    .

    2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004Core.job

    - c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]

    .

    2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-1004UA.job

    - c:\documents and settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-06 05:34]

    .

    2012-06-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500Core.job

    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]

    .

    2012-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-448539723-764733703-725345543-500UA.job

    - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-06-21 22:17]

    .

    .

    ------- Bijkomende Scan -------

    .

    uStart Page = hxxp://www.google.nl/

    uInternet Settings,ProxyOverride = *.local

    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    LSP: c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL

    TCP: DhcpNameServer = 212.54.40.25 192.168.123.254

    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

    .

    - - - - ORPHANS VERWIJDERD - - - -

    .

    HKCU-Run-Easy Driver Pro - c:\program files\Probit Software\Easy Driver Pro\DPLauncher.exe

    .

    .

    .

    **************************************************************************

    .

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

    Rootkit scan 2012-07-10 20:34

    Windows 5.1.2600 Service Pack 3 NTFS

    .

    scannen van verborgen processen ...

    .

    scannen van verborgen autostart items ...

    .

    scannen van verborgen bestanden ...

    .

    Scan succesvol afgerond

    verborgen bestanden: 0

    .

    **************************************************************************

    .

    --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–}|ÿÿÿÿÀ•}|ù•9~*]

    "3140111900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

    .

    --------------------- DLLs Geladen Onder Lopende Processen ---------------------

    .

    - - - - - - - > 'winlogon.exe'(672)

    c:\program files\internetbeveiliging\hips\fshook32.dll

    c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll

    .

    - - - - - - - > 'lsass.exe'(728)

    c:\program files\Internetbeveiliging\FSPS\program\FSLSP.DLL

    c:\program files\internetbeveiliging\hips\fshook32.dll

    c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll

    .

    - - - - - - - > 'csrss.exe'(648)

    c:\program files\Internetbeveiliging\FWES\Program\fsdc32.dll

    .

    Voltooingstijd: 2012-07-10 20:37:05

    ComboFix-quarantined-files.txt 2012-07-10 18:37

    .

    Pre-Run: 212.966.301.696 bytes beschikbaar

    Post-Run: 214.109.519.872 bytes beschikbaar

    .

    WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe

    [boot loader]

    timeout=2

    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

    [operating systems]

    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

    UnsupportedDebug="do not select this" /debug

    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

    .

    - - End Of File - - E843ED2840C9BE7517108ABC895D8DE3

  5. Ik heb adwcleaner gedownload en uitgevoerd en krijg dan dit in de logfile te zien:

    # AdwCleaner v1.701 - Logfile created 07/10/2012 at 19:56:14# Updated 02/07/2012 by Xplode

    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

    # User : Nico Visser - NICO

    # Running from : C:\Documents and Settings\Nico Visser\Bureaublad\adwcleaner.exe

    # Option [Delete]

    ***** [services] *****

    ***** [Files / Folders] *****

    ***** [Registry] *****

    ***** [Registre - GUID] *****

    ***** [internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Google Chrome v19.0.1084.56

    File : C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [10184 octets] - [08/07/2012 11:28:14]

    AdwCleaner[s1].txt - [10559 octets] - [08/07/2012 11:28:40]

    AdwCleaner[R2].txt - [1155 octets] - [08/07/2012 11:42:28]

    AdwCleaner[s2].txt - [1215 octets] - [08/07/2012 11:43:16]

    AdwCleaner[s3].txt - [294 octets] - [10/07/2012 19:54:47]

    AdwCleaner[R3].txt - [1315 octets] - [10/07/2012 19:56:03]

    AdwCleaner[s4].txt - [1246 octets] - [10/07/2012 19:56:14]

    ########## EOF - C:\AdwCleaner[s4].txt - [1374 octets] ##########

  6. Kape bedankt voor het snelle reageren!

    Dit is wat in het kladblok staat:

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 16:15:04, on 8-7-2012

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\spoolsv.exe

    C:\Program Files\Internetbeveiliging\Common\FSM32.EXE

    C:\Program Files\Common Files\Java\Java Update\jusched.exe

    C:\HP\KBD\KBD.EXE

    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

    C:\Program Files\Analog Devices\Core\smax4pnp.exe

    C:\Program Files\iTunes\iTunesHelper.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Program Files\Messenger\msmsgs.exe

    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    C:\Program Files\Bonjour\mDNSResponder.exe

    C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe

    C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE

    C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

    C:\Program Files\Internetbeveiliging\Anti-Virus\FSGK32.EXE

    C:\Program Files\Internetbeveiliging\Common\FSHDLL32.EXE

    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\Program Files\CDBurnerXP\NMSAccessU.exe

    C:\Program Files\iPod\bin\iPodService.exe

    C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe

    C:\Program Files\Internetbeveiliging\Anti-Virus\fssm32.exe

    C:\Program Files\Internetbeveiliging\Anti-Virus\fsav32.exe

    C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

    C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, het laatste nieuws en entertainment | MSN.NL

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Internetbeveiliging\NRS\iescript\baselitmus.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Internetbeveiliging\Common\FSM32.EXE" /splash

    O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Internetbeveiliging\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray

    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

    O4 - HKCU\..\Run: [Easy Driver Pro] C:\Program Files\Probit Software\Easy Driver Pro\DPLauncher.exe

    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nico Visser\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Lokale service')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Netwerkservice')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1340426277234

    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

    O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll

    O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Internetbeveiliging\Anti-Virus\fsgk32st.exe

    O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\FWES\Program\fsdfwd.exe

    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\Common\FSMA32.EXE

    O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\Internetbeveiliging\ORSP Client\fsorsp.exe

    O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

    O23 - Service: NMSAccess - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe

    --

    End of file - 8035 bytes

    Hoop dat je me verder kan helpen!

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.