plus network zoekmachine

MANONNA

25-12-2011 23:29

ComboFix 11-12-24.10 - MANONNA 25-12-2011 22:54:48.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.997
Gestart vanuit: c:\users\MANONNA\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\MANONNA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-25 to 2011-12-25 ))))))))))))))))))))))))))))))
.
.
2011-12-25 21:22 . 2011-12-25 21:22 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB005053-922D-4B11-B5C6-A6F1C2827945}\offreg.dll
2011-12-23 11:44 . 2011-11-21 10:47 6823496 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB005053-922D-4B11-B5C6-A6F1C2827945}\mpengine.dll
2011-12-18 16:36 . 2011-12-18 16:36 ——– d—–w- c:\users\MANONNA\AppData\Local\Messenger_Plus_Live
2011-12-18 16:26 . 2011-12-23 13:25 ——– d—–w- c:\program files\BrowserCompanion
2011-12-18 16:25 . 2011-12-19 20:51 ——– d—–w- c:\users\MANONNA\AppData\Local\Linkury
2011-12-14 18:39 . 2011-10-27 08:01 3602816 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 18:39 . 2011-10-27 08:01 3550080 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 18:39 . 2011-10-14 16:02 429056 —-a-w- c:\windows\system32\EncDec.dll
2011-12-14 18:39 . 2011-11-23 13:37 2043904 —-a-w- c:\windows\system32\win32k.sys
2011-12-14 18:39 . 2011-11-08 12:10 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 18:39 . 2011-10-25 15:56 49152 —-a-w- c:\windows\system32\csrsrv.dll
2011-12-14 18:39 . 2011-11-08 14:42 2048 —-a-w- c:\windows\system32\tzres.dll
2011-11-30 21:13 . 2011-11-30 21:13 ——– d—–w- c:\users\MANONNA\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-06-29 18:14 41184 —-a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-05-22 09:13 199816 —-a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-06 17:10 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-05-22 09:14 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-05-22 09:14 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-05-22 09:14 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-05-22 09:13 55128 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2008-05-22 09:14 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-22 19:29 . 2011-06-05 20:35 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-05-01 07:52 472808 —-a-w- c:\windows\system32\deployJava1.dll
2011-11-22 19:34 . 2011-03-30 20:21 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“IncrediMail”=“c:\program files\IncrediMail\bin\IncMail.exe”
“NTI Scheduler”=“c:\program files\Common Files\NewTech Infosystems\Scheduler\Schdlr32.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe”
“IntelliPoint”=“c:\program files\Microsoft IntelliPoint\ipoint.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“AppInit_DLLs”=c:\windows\System32\eNetHook.dll
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
2007-02-06 22:04 464168 —-a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
2007-02-09 08:40 13312 —-a-w- c:\acer\Empowering Technology\eDSMSNfix.exe
.
2011-04-22 12:21 247728 —-a-w- d:\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
.
2006-11-05 19:48 57344 —-a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“EnableNotifications”=dword:00000001
“EnableNotificationsRef”=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
S2 TomTomHOMEService;TomTomHOMEService;d:\tomtom\TomTom HOME 2\TomTomHOMEService.exe
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys
.
.
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\MANONNA\AppData\Roaming\Mozilla\Firefox\Profiles\6x29b06f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-25 23:06
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2011-12-25 23:13:56
ComboFix-quarantined-files.txt 2011-12-25 22:13
.
Pre-Run: 16.598.130.688 bytes beschikbaar
Post-Run: 16.332.316.672 bytes beschikbaar
.
- - End Of File - - 3E31B62589EA90EC977ADF5DE26447DB
fazantje

26-12-2011 10:16
Hoi Manonna,
Open Kladblok, kopiëer en plak het volgende (vetgedrukte, blauwe tekst) in een leeg venster:
File::
FF - ProfilePath - c:\users\MANONNA\AppData\Roaming\Mozilla\Firefox\Profiles\6x29b06f.default\
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Succes,
Huib;)
Ben

26-12-2011 10:17

Hallo MANNONA,
We proberen het nog een keer.
Open Kladblok, kopiëer en plak het volgende vetgedrukte blauwe tekst in een leeg venster:
Firefox::
FF - ProfilePath - c:\users\MANONNA\AppData\Roaming\Mozilla\Firefox\Profiles\6x29b06f.default\
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
Sla dit op op je Bureaublad als CFScript.txt
Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :
Dit zal ComboFix doen herstarten.
Start opnieuw op als daarom gevraagd wordt,
en post de inhoud van de Combofix.txt in je volgende antwoord samen met een nieuw HijackThislogje.
Gr Ben
MANONNA

26-12-2011 12:33

Ok,even hoor.:o
Wat Ben zei gisteren had ik gedaan en kreeg de schrik van mijn leven want niks deed het meer.
Gelukkig had ik de mobiel nog en zag dus dat dat die melding van illegal registry enz was.
Zij het in het nederlands.
Ok opnieuw opgestart en dat hielp PFOEIII::o
Dus daar is dat logje van.
Nu zeggen jullie weer iets soortgelijks maar net even anders.
Wat gaat dat precies doen?
En ik zie het dus nergens meer,alleen als ik ga zoeken in het adresbalkje naar -damstercaafjes- (een site van een bevriende caviafokker) dan opent ie net als google maar dan dus alleen op die plusnetwork pagina.
fazantje

26-12-2011 12:59

Hoi Manonna,
In jou combo logje staat nog steeds resten van die plus network, dus daarom graag uitvoeren wat er gevraagd wordt.
Anders zal het niet overgaan:?
Ik ga nu naar mijn werk en Ben zal je wel weer verder helpen;)
Succes,
Huib;)
MANONNA

26-12-2011 18:32

ComboFix 11-12-24.10 - MANONNA 26-12-2011 17:23:13.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2037.940
Gestart vanuit: c:\users\MANONNA\Desktop\ComboFix.exe
gebruikte Opdracht switches :: c:\users\MANONNA\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((( Bestanden Gemaakt van 2011-11-26 to 2011-12-26 ))))))))))))))))))))))))))))))
.
.
2011-12-26 16:32 . 2011-12-26 16:32 ——– d—–w- c:\users\MANONNA\AppData\Local\temp
2011-12-26 16:32 . 2011-12-26 16:32 ——– d—–w- c:\users\Gast\AppData\Local\temp
2011-12-26 16:32 . 2011-12-26 16:32 ——– d—–w- c:\users\Default\AppData\Local\temp
2011-12-25 22:56 . 2011-12-25 22:56 56200 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB005053-922D-4B11-B5C6-A6F1C2827945}\offreg.dll
2011-12-23 11:44 . 2011-11-21 10:47 6823496 —-a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB005053-922D-4B11-B5C6-A6F1C2827945}\mpengine.dll
2011-12-18 16:36 . 2011-12-18 16:36 ——– d—–w- c:\users\MANONNA\AppData\Local\Messenger_Plus_Live
2011-12-18 16:26 . 2011-12-23 13:25 ——– d—–w- c:\program files\BrowserCompanion
2011-12-18 16:25 . 2011-12-19 20:51 ——– d—–w- c:\users\MANONNA\AppData\Local\Linkury
2011-12-14 18:39 . 2011-10-27 08:01 3602816 —-a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 18:39 . 2011-10-27 08:01 3550080 —-a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 18:39 . 2011-10-14 16:02 429056 —-a-w- c:\windows\system32\EncDec.dll
2011-12-14 18:39 . 2011-11-23 13:37 2043904 —-a-w- c:\windows\system32\win32k.sys
2011-12-14 18:39 . 2011-11-08 12:10 2409784 —-a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-12-14 18:39 . 2011-10-25 15:56 49152 —-a-w- c:\windows\system32\csrsrv.dll
2011-12-14 18:39 . 2011-11-08 14:42 2048 —-a-w- c:\windows\system32\tzres.dll
2011-11-30 21:13 . 2011-11-30 21:13 ——– d—–w- c:\users\MANONNA\AppData\Local\Deployment
.
.
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 18:01 . 2010-06-29 18:14 41184 —-a-w- c:\windows\avastSS.scr
2011-11-28 18:01 . 2008-05-22 09:13 199816 —-a-w- c:\windows\system32\aswBoot.exe
2011-11-28 17:53 . 2011-03-06 17:10 435032 —-a-w- c:\windows\system32\drivers\aswSnx.sys
2011-11-28 17:53 . 2008-05-22 09:14 314456 —-a-w- c:\windows\system32\drivers\aswSP.sys
2011-11-28 17:52 . 2008-05-22 09:14 34392 —-a-w- c:\windows\system32\drivers\aswRdr.sys
2011-11-28 17:52 . 2008-05-22 09:14 52952 —-a-w- c:\windows\system32\drivers\aswTdi.sys
2011-11-28 17:52 . 2008-05-22 09:13 55128 —-a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-11-28 17:51 . 2008-05-22 09:14 20568 —-a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-11-22 19:29 . 2011-06-05 20:35 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-03 04:06 . 2010-05-01 07:52 472808 —-a-w- c:\windows\system32\deployJava1.dll
2011-11-22 19:34 . 2011-03-30 20:21 134104 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
.
@=“{472083B0-C522-11CF-8763-00608CC02F24}”
2011-11-28 18:01 122512 —-a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
“ehTray.exe”=“c:\windows\ehome\ehTray.exe”
“IncrediMail”=“c:\program files\IncrediMail\bin\IncMail.exe”
“NTI Scheduler”=“c:\program files\Common Files\NewTech Infosystems\Scheduler\Schdlr32.exe”
.
“SynTPEnh”=“c:\program files\Synaptics\SynTP\SynTPEnh.exe”
“LManager”=“c:\progra~1\LAUNCH~1\LManager.exe”
“IntelliPoint”=“c:\program files\Microsoft IntelliPoint\ipoint.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“RtHDVCpl”=“RtHDVCpl.exe”
“Malwarebytes Anti-Malware (reboot)”=“c:\program files\Malwarebytes' Anti-Malware\mbam.exe”
“SunJavaUpdateSched”=“c:\program files\Common Files\Java\Java Update\jusched.exe”
.
“EnableUIADesktopToggle”= 0 (0x0)
.
“AppInit_DLLs”=c:\windows\System32\eNetHook.dll
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
2007-02-06 22:04 464168 —-a-w- c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe
.
2007-02-09 08:40 13312 —-a-w- c:\acer\Empowering Technology\eDSMSNfix.exe
.
2011-04-22 12:21 247728 —-a-w- d:\tomtom\TomTom HOME 2\TomTomHOMERunner.exe
.
2006-11-05 19:48 57344 —-a-w- c:\acer\WR_PopUp\WarReg_PopUp.exe
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“DisableMonitoring”=dword:00000001
.
“EnableNotifications”=dword:00000001
“EnableNotificationsRef”=dword:00000002
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
S0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\System32\drivers\sfsync03.sys
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys
S1 aswSnx;aswSnx;
S1 aswSP;aswSP;
S2 aswFsBlk;aswFsBlk;
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys
S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe
S2 TomTomHOMEService;TomTomHOMEService;d:\tomtom\TomTom HOME 2\TomTomHOMEService.exe
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys
.
.
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
——- Bijkomende Scan ——-
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\MANONNA\AppData\Roaming\Mozilla\Firefox\Profiles\6x29b06f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.startpagina.nl/
FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=addr&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-12-26 17:32
Windows 6.0.6002 Service Pack 2 NTFS
.
scannen van verborgen processen …
.
scannen van verborgen autostart items …
.
scannen van verborgen bestanden …
.
Scan succesvol afgerond
verborgen bestanden: 0
.
**************************************************************************
.
——————— VERGRENDELDE REGISTER SLEUTELS ———————
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
“BlindDial”=dword:00000000
.
Voltooingstijd: 2011-12-26 17:39:13
ComboFix-quarantined-files.txt 2011-12-26 16:39
ComboFix2.txt 2011-12-25 22:13
.
Pre-Run: 16.395.472.896 bytes beschikbaar
Post-Run: 16.222.789.632 bytes beschikbaar
.
- - End Of File - - 951C22D599F1C442DD4C198CE37D4F60
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:32:03, on 26-12-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Users\MANONNA\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Internet Explorer\IELowutil.exe
D:\Nieuwe map (2)\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: “C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schdlr32.exe” -s
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O11 - Options group: Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5781/mcfscan.cab
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Tomtom\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 5687 bytes
Ben

26-12-2011 21:51

Hallo MANONNA,
Probeer dit eens: http://www.clickx.nl/brieven/127482/ongewilde-plugins-verwijderen/
Ik neem aan dat je de startpagina al hebt aangepast via Extra, Opties, tabblad Algemeen, waarna je de gewenste startpagina zelf intikt, bij voorkeur nadat je tijdelijke bestanden en cookies hebt verwijderd (via Ctrl+Shift+Delete)?
Verder, heb je ook al gecheckt of de bijhorende add-on is gedeïnstalleerd (via Extra, Add-ons, De-installeren, of eventueel via het Windows Configuratiescherm, Een programma verwijderen)?
Gr.Ben
MANONNA

26-12-2011 22:01

Ik heb gelijk configuratiescherm nagekeken,(ik zie nergens trouwens ask.com.)
Ik heb alle online scanners er op losgelaten,ook spybot( die is er nu af) alle zoekmachines teruggezet ,alle startpagina's teruggezet,in FF en IE,ccleaner, cleanup, atf cleaner,
systeemherstelpunten verwijderd…
ik ga nu jouw link eens bekijken…X(
Ben

26-12-2011 22:25

Hallo MANONNA,
Jij moet deze toolbar zoeken plus network
Ik gaf die link als voorbeeld
Gr. Ben
MANONNA

26-12-2011 22:34

Als ik die nou had was het makkelijk he(
zal je nog een hjt geven
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:23, on 26-12-2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\igfxext.exe
C:\Users\MANONNA\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Internet Explorer\IELowutil.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Nieuwe map (2)\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: “C:\Program Files\Microsoft IntelliPoint\ipoint.exe”
O4 - HKLM\..\Run: C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: RtHDVCpl.exe
O4 - HKLM\..\Run: “C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe” /runcleanupscript
O4 - HKLM\..\Run: “C:\Program Files\Common Files\Java\Java Update\jusched.exe”
O4 - HKCU\..\Run: C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: “C:\Program Files\Common Files\NewTech Infosystems\Scheduler\Schdlr32.exe” -s
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O11 - Options group: Accelerated graphics
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5781/mcfscan.cab
O20 - AppInit_DLLs: C:\Windows\System32\eNetHook.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TomTomHOMEService - TomTom - D:\Tomtom\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
–
End of file - 5854 bytes

plus network zoekmachine

MANONNA

fazantje

Ben

MANONNA

fazantje

MANONNA

Ben

MANONNA

Ben

MANONNA