Ga naar inhoud

Firefox opent geen pagina's meer (door virus?)


Mmaarten

Aanbevolen berichten

Malwarebytes heeft flink huisgehouden om besmetting op te ruimen ... maar er is nog meer aan de hand :s

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O20 - AppInit_DLLs: C:\WINDOWS\System32\dot3ui32.dll

O20 - Winlogon Notify: 1073f35b669 - C:\WINDOWS\System32\dot3ui32.dll

O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)

Klik op 'Fix checked' om de items te verwijderen.

Download Combofix naar je Bureaublad.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

  • Dubbelklik op Combofix.exe om het te starten.
    Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
    Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
    Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
    Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
    Klik na afloop terug op Ja om het scannen op malware te starten.
    Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord, samen met een nieuw log van HijackThis.

Link naar reactie
Delen op andere sites

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Beste reacties in dit topic

Alweer/nogmaals bedankt. Ik heb geen idee wat ik doe en of wat ik doe goed gaat. Maar toch heb ik er vertrouwen in. Hoop dat het nu zo'n beetje klaar is.

Dit is het logje van Combofix

ComboFix 09-09-11.01 - NAAM 12-09-2009 11:59.1.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1401 [GMT 2:00]

Gestart vanuit: c:\documents and settings\NAAM\Bureaublad\ComboFix.exe

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\NAAM\Application Data\0200000079472f96669C.manifest

c:\documents and settings\NAAM\Application Data\0200000079472f96669O.manifest

c:\documents and settings\NAAM\Application Data\0200000079472f96669P.manifest

c:\documents and settings\NAAM\Application Data\0200000079472f96669S.manifest

c:\program files\IEToolbar

c:\windows\Installer\88507.msp

c:\windows\system32\GroupPolicy000.dat

c:\windows\system32\LocalService\285.crack.zip

c:\windows\system32\LocalService\285.crack.zip.kwd

c:\windows\system32\LocalService\286.keygen.zip

c:\windows\system32\LocalService\286.keygen.zip.kwd

c:\windows\system32\LocalService\287.serial.zip

c:\windows\system32\LocalService\287.serial.zip.kwd

c:\windows\system32\LocalService\288.setup.zip

c:\windows\system32\LocalService\288.setup.zip.kwd

c:\windows\system32\LocalService\289.music.au

c:\windows\system32\LocalService\289.music.au.kwd

c:\windows\system32\LocalService\290.music2.au

c:\windows\system32\LocalService\290.music2.au.kwd

c:\windows\system32\LocalService\291.music3.au

c:\windows\system32\LocalService\291.music3.au.kwd

c:\windows\system32\LocalService\292.music4.au

c:\windows\system32\LocalService\292.music4.au.kwd

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))

.

2009-09-11 21:50 . 2009-09-11 21:50 -------- d-----w- c:\documents and settings\NAAM\Application Data\Malwarebytes

2009-09-11 21:50 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-11 21:50 . 2009-09-11 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-09-11 21:50 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-09-11 21:50 . 2009-09-11 21:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-09-11 17:28 . 2009-09-12 09:51 -------- d-----w- c:\program files\backups

2009-09-11 17:26 . 2009-09-11 17:26 396288 ----a-w- c:\program files\HijackThis.exe

2009-09-11 14:29 . 2009-09-11 14:29 27648 ---h--w- c:\documents and settings\NAAM\qlixq.exe

2009-09-11 14:29 . 2009-09-11 14:29 27648 ----a-w- c:\windows\system32\wrws.exe

2009-09-11 14:14 . 2009-09-11 14:14 -------- d-----w- c:\documents and settings\NAAM\Application Data\Download Manager

2009-09-11 13:56 . 2009-09-11 13:56 122880 ----a-w- c:\windows\system32\dot3ui32.dll

2009-09-11 12:19 . 2009-09-11 12:19 -------- d-sh--w- c:\windows\ftpcache

2009-09-11 12:07 . 2009-09-11 12:07 97478 ----a-w- c:\windows\wsqw4868.exe

2009-09-09 16:44 . 2009-06-21 21:49 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

2009-08-30 14:50 . 2009-08-30 14:50 -------- d-----w- c:\documents and settings\NAAM\Application Data\FrimaStudio

2009-08-16 12:11 . 2009-08-16 12:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET

2009-08-15 18:28 . 2009-08-15 18:28 -------- d-----w- c:\program files\MSXML 4.0

2009-08-14 10:23 . 2009-08-14 10:23 -------- d-----w- c:\documents and settings\NAAM\Local Settings\Application Data\IsolatedStorage

2009-08-14 10:23 . 2009-08-14 10:23 -------- d-----w- c:\documents and settings\NAAM\Local Settings\Application Data\HP

2009-08-14 10:23 . 2009-08-16 09:44 -------- d-----w- c:\documents and settings\NAAM\Local Settings\Application Data\ApplicationHistory

2009-08-14 10:23 . 2009-08-14 10:23 137 ----a-w- c:\documents and settings\NAAM\Local Settings\Application Data\fusioncache.dat

2009-08-14 10:06 . 2009-08-14 10:21 29370 ----a-w- c:\windows\hpoins03.dat

2009-08-14 10:06 . 2004-02-26 09:36 38880 ------w- c:\windows\hpomdl03.dat

2009-08-13 19:52 . 2009-08-13 19:52 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-12 09:51 . 2009-09-11 17:26 7759 ----a-w- c:\program files\hijackthis.log

2009-09-11 16:11 . 2008-11-13 21:18 -------- d-----w- c:\documents and settings\NAAM\Application Data\LimeWire

2009-09-11 13:56 . 2009-09-11 13:56 2368 --sha-w- c:\windows\system32\25FC.tmp

2009-09-09 18:23 . 2009-06-25 12:10 -------- d-----w- c:\program files\Microsoft Silverlight

2009-08-30 14:50 . 2009-07-14 14:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2009-08-28 21:13 . 2009-07-14 14:42 -------- d-----w- c:\program files\Common Files\Apple

2009-08-28 15:34 . 2009-08-13 00:08 -------- d-----w- c:\documents and settings\NAAM\Application Data\skypePM

2009-08-28 15:31 . 2009-08-13 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2009-08-15 18:28 . 2001-09-07 12:00 90642 ----a-w- c:\windows\system32\perfc013.dat

2009-08-15 18:28 . 2001-09-07 12:00 508570 ----a-w- c:\windows\system32\perfh013.dat

2009-08-14 10:20 . 2009-08-14 10:08 -------- d-----w- c:\program files\HP

2009-08-14 10:19 . 2009-08-14 10:19 -------- d-----w- c:\program files\Common Files\Hewlett-Packard

2009-08-14 10:16 . 2009-08-14 10:16 -------- d-----w- c:\program files\Common Files\HP

2009-08-13 19:52 . 2008-10-23 18:49 -------- d-----w- c:\program files\Common Files\Adobe

2009-08-13 00:08 . 2009-08-13 00:08 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2009-08-07 16:14 . 2009-07-14 14:58 -------- d-----w- c:\program files\NGS Games

2009-08-07 16:12 . 2008-12-19 13:19 -------- d-----w- c:\program files\directx

2009-08-06 19:03 . 2008-09-11 04:47 28264 ----a-w- c:\documents and settings\NAAM\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-06 18:31 . 2009-08-06 18:31 -------- d-----w- c:\program files\MSBuild

2009-08-06 18:31 . 2009-08-06 18:31 -------- d-----w- c:\program files\Reference Assemblies

2009-08-05 09:01 . 2008-09-11 04:42 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-02 20:28 . 2008-10-25 14:09 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2009-08-02 20:28 . 2008-10-25 14:09 139152 ----a-w- c:\documents and settings\NAAM\Application Data\PnkBstrK.sys

2009-08-02 20:27 . 2008-10-25 14:09 111928 ----a-w- c:\windows\system32\PnkBstrB.exe

2009-08-02 20:27 . 2008-10-25 14:09 75064 ----a-w- c:\windows\system32\PnkBstrA.exe

2009-08-02 20:27 . 2008-10-25 14:09 794408 ----a-w- c:\windows\system32\pbsvc.exe

2009-07-18 15:12 . 2009-07-18 15:12 2771 ----a-w- c:\program files\ito_icon.jpg

2009-07-17 19:04 . 2001-09-07 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 14:44 . 2008-12-28 14:06 -------- d-----w- c:\documents and settings\NAAM\Application Data\Apple Computer

2009-07-14 14:44 . 2009-07-14 14:43 -------- d-----w- c:\program files\iTunes

2009-07-14 14:44 . 2009-07-14 14:43 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-07-14 14:43 . 2009-07-14 14:43 -------- d-----w- c:\program files\iPod

2009-07-14 14:33 . 2009-07-14 14:33 -------- d-----w- c:\program files\QuickTime

2009-07-14 14:33 . 2009-07-14 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

2009-07-13 21:43 . 2004-08-04 08:03 286208 ------w- c:\windows\system32\wmpdxm.dll

2009-06-29 16:01 . 2001-09-07 12:00 827392 ----a-w- c:\windows\system32\wininet.dll

2009-06-29 16:01 . 2004-08-04 08:03 78336 ------w- c:\windows\system32\ieencode.dll

2009-06-29 16:01 . 2001-09-07 12:00 17408 ----a-w- c:\windows\system32\corpol.dll

2009-06-25 08:27 . 2001-09-07 12:00 735232 ----a-w- c:\windows\system32\lsasrv.dll

2009-06-25 08:27 . 2001-09-07 12:00 56832 ----a-w- c:\windows\system32\secur32.dll

2009-06-25 08:27 . 2001-09-07 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll

2009-06-25 08:27 . 2001-09-07 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll

2009-06-25 08:27 . 2001-09-07 12:00 147456 ----a-w- c:\windows\system32\schannel.dll

2009-06-25 08:27 . 2001-09-07 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-06-24 11:18 . 2001-09-07 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2009-06-16 14:40 . 2001-09-07 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2001-09-07 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:45 . 2001-09-07 12:00 79872 ----a-w- c:\windows\system32\telnet.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-07-04 148776]

"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]

"Steam"="c:\games\cs\steam\steam.exe" [2009-07-18 1217784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]

"snpstd"="c:\windows\vsnpstd.exe" [2003-12-31 40960]

"wrws"="c:\windows\system32\wrws.exe" [2009-09-11 27648]

"Adobe Reader Speed Launcher"="c:\programma's\Adobe Reader\Reader\Reader_sl.exe" [2009-02-27 35696]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-07-04 161064]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-03-16 1040384]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]

"Six Engine"="c:\program files\ASUS\Six Engine\SixEngine.exe" [2008-05-14 5958656]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]

"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\NAAM\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2003-9-16 237568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1073f35b669]

2009-09-11 13:56 122880 ----a-w- c:\windows\system32\dot3ui32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=

"c:\\Documents and Settings\\NAAM\\qlixq.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=

"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=

"c:\\Games\\FIFA 08\\FIFA08.exe"=

"c:\\Games\\CS\\Steam\\steamapps\\mjm890@hotmail.com\\counter-strike\\hl.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Programma's\\LimeWire\\LimeWire.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

"c:\\WINDOWS\\system32\\wrws.exe"=

R0 mv61xx;mv61xx;c:\windows\system32\drivers\mv61xx.sys [11-9-2008 6:12 150568]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18-8-2008 13:27 34312]

R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [18-8-2008 13:25 468224]

R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [23-10-2008 22:57 93696]

S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [23-10-2008 23:52 33752]

S3 Mstrecldefi;Mstrecldefi; [x]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - GTNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

"c:\program files\Common Files\LightScribe\LSRunOnce.exe"

.

Inhoud van de 'Gedeelde Taken' map

2009-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.pc-helpforum.be/f168/firefox-opent-geen-paginas-meer-door-17763/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\NAAM\Application Data\Mozilla\Firefox\Profiles\jfjspxdg.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/ig

FF - component: c:\documents and settings\NAAM\Application Data\Mozilla\Firefox\Profiles\jfjspxdg.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll

FF - plugin: c:\documents and settings\NAAM\Application Data\Mozilla\Firefox\Profiles\jfjspxdg.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\programma's\Adobe Reader\Reader\browser\nppdf32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-09-12 12:03

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-57989841-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:29,ed,de,92,52,5e,db,da,0a,97,ae,d2,e2,b2,00,55,1b,c3,e3,32,a2,eb,37,

2c,f2,a6,2e,f9,9e,ce,ab,2e,1b,da,b6,2a,e4,03,9b,42,31,04,4e,13,7e,62,f4,5e,\

"??"=hex:28,42,c1,4b,4c,5c,22,5b,bf,5b,60,2f,dc,7c,d7,80

[HKEY_USERS\S-1-5-21-1659004503-57989841-839522115-1004\Software\SecuROM\License information*]

"datasecu"=hex:6a,5c,6f,37,ab,a7,ac,2f,dd,9f,15,53,c8,50,66,85,97,e7,3b,d4,4e,

d6,06,1d,6e,6e,82,fb,ab,bf,e1,12,8a,a9,65,1e,24,6b,fc,53,d9,02,77,46,e3,d3,\

"rkeysecu"=hex:2c,73,a8,9a,05,2d,e9,c8,e6,8e,01,19,6e,c6,29,6a

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(928)

c:\windows\System32\dot3ui32.dll

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(988)

c:\windows\System32\dot3ui32.dll

.

Voltooingstijd: 2009-09-12 12:04

ComboFix-quarantined-files.txt 2009-09-12 10:04

Pre-Run: 97.733.545.984 bytes beschikbaar

Post-Run: 98.450.481.152 bytes beschikbaar

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

227 --- E O F --- 2009-09-09 16:52

En dit de nieuwe van HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:14:27, on 12-9-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16876)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\HP\HP Software Update\HPWuSchd.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\ASUS\Six Engine\SixEngine.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Program Files\Analog Devices\SoundMAX\Smax4.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe

C:\games\cs\steam\steam.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\explorer.exe

c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-helpforum.be/f168/firefox-opent-geen-paginas-meer-door-17763/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [wrws] C:\WINDOWS\system32\wrws.exe \u

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programma's\Adobe Reader\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [six Engine] "C:\Program Files\ASUS\Six Engine\SixEngine.exe" -r

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [steam] "c:\games\cs\steam\steam.exe" -silent

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OneNote 2007 Schermopname en Snel starten.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O20 - Winlogon Notify: 1073f35b669 - C:\WINDOWS\System32\dot3ui32.dll

O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe

O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe

O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--

End of file - 7064 bytes

PS

Firefox doet het nu weer!!

Link naar reactie
Delen op andere sites

Ik heb geen idee wat ik doe en of wat ik doe goed gaat. Maar toch heb ik er vertrouwen in. Hoop dat het nu zo'n beetje klaar is.
Ik weet dat ook niet (grapje :-)) ... maar we gaan in elk geval de goede kant uit. Doe nog even het volgende :

Start Hijackthis op. Ben je gebruiker van Vista kies dan voor “Run as administrator" of "Uitvoeren als administrator". Selecteer “Do a system scan only”. Selecteer alleen de items die hieronder zijn genoemd:

O20 - Winlogon Notify: 1073f35b669 - C:\WINDOWS\System32\dot3ui32.dll

Klik op 'Fix checked' om de items te verwijderen.

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\25FC.tmp

c:\windows\wsqw4868.exe

c:\windows\system32\dot3ui32.dll

Registry::

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"wrws"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\1073f35b669]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van HijackThis.

Link naar reactie
Delen op andere sites

Oke, hij is inderdaad later... Veel later zelfs...

ComboFix 09-09-11.01 - MaartenMuijser 12-09-2009 14:05:50.4.2 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2047.1513 [GMT 2:00]

Gestart vanuit: C:\Documents and Settings\MaartenMuijser\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: C:\Documents and Settings\MaartenMuijser\Bureaublad\CFScript.txt

AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::

"c:\windows\system32\25FC.tmp"

"c:\windows\system32\dot3ui32.dll"

"c:\windows\wsqw4868.exe"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Voorgaande Run -------

.

C:\Documents and Settings\MaartenMuijser\Application Data\0200000079472f96669C.manifest

C:\Documents and Settings\MaartenMuijser\Application Data\0200000079472f96669O.manifest

C:\Documents and Settings\MaartenMuijser\Application Data\0200000079472f96669P.manifest

C:\Documents and Settings\MaartenMuijser\Application Data\0200000079472f96669S.manifest

c:\windows\system32\25FC.tmp

c:\windows\system32\dot3ui32.dll

C:\WINDOWS\system32\GroupPolicy000.dat

C:\WINDOWS\system32\LocalService\5.tmp

c:\windows\wsqw4868.exe

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-08-12 to 2009-09-12 ))))))))))))))))))))))))))))))

.

2009-09-11 21:50:16 . 2009-09-11 21:50:16 0 d-----w- C:\Documents and Settings\MaartenMuijser\Application Data\Malwarebytes

2009-09-11 21:50:11 . 2009-09-10 12:54:06 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2009-09-11 21:50:10 . 2009-09-11 21:50:10 0 d-----w- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2009-09-11 21:50:10 . 2009-09-10 12:53:50 19160 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

2009-09-11 21:50:09 . 2009-09-11 21:50:16 0 d-----w- C:\Program Files\Malwarebytes' Anti-Malware

2009-09-11 17:28:03 . 2009-09-12 10:39:33 0 d-----w- C:\Program Files\backups

2009-09-11 17:26:28 . 2009-09-11 17:26:28 396288 ----a-w- C:\Program Files\HijackThis.exe

2009-09-11 14:29:53 . 2009-09-11 14:29:48 27648 ---h--w- C:\Documents and Settings\MaartenMuijser\qlixq.exe

2009-09-11 14:29:53 . 2009-09-11 14:29:48 27648 ----a-w- C:\WINDOWS\system32\wrws.exe

2009-09-11 14:14:31 . 2009-09-11 14:14:56 0 d-----w- C:\Documents and Settings\MaartenMuijser\Application Data\Download Manager

2009-09-11 12:19:48 . 2009-09-11 12:19:48 0 d-sh--w- C:\WINDOWS\ftpcache

2009-09-09 16:44:51 . 2009-06-21 21:49:08 153088 -c----w- C:\WINDOWS\system32\dllcache\triedit.dll

2009-08-30 14:50:48 . 2009-08-30 14:50:48 0 d-----w- C:\Documents and Settings\MaartenMuijser\Application Data\FrimaStudio

2009-08-16 12:11:12 . 2009-08-16 12:11:12 0 d-----w- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET

2009-08-15 18:28:18 . 2009-08-15 18:28:18 0 d-----w- C:\Program Files\MSXML 4.0

2009-08-14 10:23:19 . 2009-08-14 10:23:19 0 d-----w- C:\Documents and Settings\MaartenMuijser\Local Settings\Application Data\IsolatedStorage

2009-08-14 10:23:19 . 2009-08-14 10:23:19 0 d-----w- C:\Documents and Settings\MaartenMuijser\Local Settings\Application Data\HP

2009-08-14 10:23:15 . 2009-08-16 09:44:32 0 d-----w- C:\Documents and Settings\MaartenMuijser\Local Settings\Application Data\ApplicationHistory

2009-08-14 10:23:15 . 2009-08-14 10:23:15 137 ----a-w- C:\Documents and Settings\MaartenMuijser\Local Settings\Application Data\fusioncache.dat

2009-08-14 10:06:01 . 2009-08-14 10:21:26 29370 ----a-w- C:\WINDOWS\hpoins03.dat

2009-08-14 10:06:01 . 2004-02-26 09:36:28 38880 ------w- C:\WINDOWS\hpomdl03.dat

2009-08-13 19:52:56 . 2009-08-13 19:52:56 0 d-----w- C:\Program Files\Common Files\Adobe Systems Shared

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-12 10:47:12 . 2009-09-12 10:47:11 2368 --sha-w- C:\WINDOWS\system32\4.tmp

2009-09-12 10:39:18 . 2009-09-11 17:26:48 7062 ----a-w- C:\Program Files\hijackthis.log

2009-09-11 16:11:25 . 2008-11-13 21:18:02 0 d-----w- C:\Documents and Settings\MaartenMuijser\Application Data\LimeWire

2009-09-09 18:23:51 . 2009-06-25 12:10:36 0 d-----w- C:\Program Files\Microsoft Silverlight

2009-08-30 14:50:27 . 2009-07-14 14:58:17 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP

2009-08-28 21:13:48 . 2009-07-14 14:42:58 0 d-----w- C:\Program Files\Common Files\Apple

2009-08-28 15:34:26 . 2009-08-13 00:08:16 0 d-----w- C:\Documents and Settings\MaartenMuijser\Application Data\skypePM

2009-08-28 15:31:06 . 2009-08-13 00:06:19 0 d-----w- C:\Documents and Settings\All Users\Application Data\Skype

2009-08-15 18:28:59 . 2001-09-07 12:00:00 90642 ----a-w- C:\WINDOWS\system32\perfc013.dat

2009-08-15 18:28:59 . 2001-09-07 12:00:00 508570 ----a-w- C:\WINDOWS\system32\perfh013.dat

2009-08-14 10:20:01 . 2009-08-14 10:08:45 0 d-----w- C:\Program Files\HP

2009-08-14 10:19:49 . 2009-08-14 10:19:49 0 d-----w- C:\Program Files\Common Files\Hewlett-Packard

2009-08-14 10:16:55 . 2009-08-14 10:16:55 0 d-----w- C:\Program Files\Common Files\HP

2009-08-13 19:52:09 . 2008-10-23 18:49:29 0 d-----w- C:\Program Files\Common Files\Adobe

2009-08-13 00:08:16 . 2009-08-13 00:08:16 56 ---ha-w- C:\WINDOWS\system32\ezsidmv.dat

2009-08-07 16:14:10 . 2009-07-14 14:58:03 0 d-----w- C:\Program Files\NGS Games

2009-08-07 16:12:08 . 2008-12-19 13:19:20 0 d-----w- C:\Program Files\directx

2009-08-06 19:03:47 . 2008-09-11 04:47:15 28264 ----a-w- C:\Documents and Settings\MaartenMuijser\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-06 18:31:09 . 2009-08-06 18:31:09 0 d-----w- C:\Program Files\MSBuild

2009-08-06 18:31:03 . 2009-08-06 18:31:03 0 d-----w- C:\Program Files\Reference Assemblies

2009-08-05 09:01:48 . 2008-09-11 04:42:32 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll

2009-08-02 20:28:10 . 2008-10-25 14:09:37 139152 ----a-w- C:\WINDOWS\system32\drivers\PnkBstrK.sys

2009-08-02 20:28:10 . 2008-10-25 14:09:37 139152 ----a-w- C:\Documents and Settings\MaartenMuijser\Application Data\PnkBstrK.sys

2009-08-02 20:27:57 . 2008-10-25 14:09:20 111928 ----a-w- C:\WINDOWS\system32\PnkBstrB.exe

2009-08-02 20:27:45 . 2008-10-25 14:09:19 75064 ----a-w- C:\WINDOWS\system32\PnkBstrA.exe

2009-08-02 20:27:45 . 2008-10-25 14:09:18 794408 ----a-w- C:\WINDOWS\system32\pbsvc.exe

2009-07-18 15:12:17 . 2009-07-18 15:12:17 2771 ----a-w- C:\Program Files\ito_icon.jpg

2009-07-17 19:04:38 . 2001-09-07 12:00:00 58880 ----a-w- C:\WINDOWS\system32\atl.dll

2009-07-14 14:44:05 . 2008-12-28 14:06:52 0 d-----w- C:\Documents and Settings\MaartenMuijser\Application Data\Apple Computer

2009-07-14 14:44:00 . 2009-07-14 14:43:33 0 d-----w- C:\Program Files\iTunes

2009-07-14 14:44:00 . 2009-07-14 14:43:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

2009-07-14 14:43:35 . 2009-07-14 14:43:35 0 d-----w- C:\Program Files\iPod

2009-07-14 14:33:56 . 2009-07-14 14:33:34 0 d-----w- C:\Program Files\QuickTime

2009-07-14 14:33:33 . 2009-07-14 14:33:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\Apple Computer

2009-07-13 21:43:24 . 2004-08-04 08:03:24 286208 ------w- C:\WINDOWS\system32\wmpdxm.dll

2009-06-29 16:01:44 . 2001-09-07 12:00:00 827392 ------w- C:\WINDOWS\system32\wininet.dll

2009-06-29 16:01:31 . 2004-08-04 08:03:11 78336 ------w- C:\WINDOWS\system32\ieencode.dll

2009-06-29 16:01:29 . 2001-09-07 12:00:00 17408 ----a-w- C:\WINDOWS\system32\corpol.dll

2009-06-25 08:27:55 . 2001-09-07 12:00:00 735232 ----a-w- C:\WINDOWS\system32\lsasrv.dll

2009-06-25 08:27:55 . 2001-09-07 12:00:00 56832 ----a-w- C:\WINDOWS\system32\secur32.dll

2009-06-25 08:27:55 . 2001-09-07 12:00:00 54272 ----a-w- C:\WINDOWS\system32\wdigest.dll

2009-06-25 08:27:55 . 2001-09-07 12:00:00 301568 ----a-w- C:\WINDOWS\system32\kerberos.dll

2009-06-25 08:27:55 . 2001-09-07 12:00:00 147456 ----a-w- C:\WINDOWS\system32\schannel.dll

2009-06-25 08:27:55 . 2001-09-07 12:00:00 136192 ----a-w- C:\WINDOWS\system32\msv1_0.dll

2009-06-24 11:18:41 . 2001-09-07 12:00:00 92928 ----a-w- C:\WINDOWS\system32\drivers\ksecdd.sys

2009-06-16 14:40:26 . 2001-09-07 12:00:00 81920 ----a-w- C:\WINDOWS\system32\fontsub.dll

2009-06-16 14:40:26 . 2001-09-07 12:00:00 119808 ----a-w- C:\WINDOWS\system32\t2embed.dll

2009-06-15 10:45:41 . 2001-09-07 12:00:00 79872 ----a-w- C:\WINDOWS\system32\telnet.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

Link naar reactie
Delen op andere sites


×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.