Op deze website gebruiken we cookies om content en advertenties te personaliseren, om functies voor social media te bieden en om ons websiteverkeer te analyseren. Ook delen we informatie over uw gebruik van onze site met onze partners voor social media, adverteren en analyse. Deze partners kunnen deze gegevens combineren met andere informatie die u aan ze heeft verstrekt of die ze hebben verzameld op basis van uw gebruik van hun services. Meer informatie.

Akkoord

Vraag & Antwoord

Beveiliging & privacy

searchnu.com/406

Anoniem
None
41 antwoorden
  • Beste lezer,

    Mijn browser start op met www.searchnu.com/406. Wie kan mij van dit probleem afhelpen?

    Ik heb het internet geraadpleegd en informatie gevonden om het probleem handmatig te verwijderen. Ik heb helaas niet de vaardigheid om folders te verwijderen en het register bij te werken. Ik heb de volgende informatie gevonden:

    Step 1, the associated files of searchnu.com/406 to be deleted is listed as below:

    %AllUsersProfile%\{random}\

    %AllUsersProfile%\{random}\*.lnk
    Step 2, the registry entries of searchnu.com/406 that need to be removed are listed as follows:

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\{random}

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\DisallowRun

    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Regedit32

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current\Winlogon\”Shell” = “{random}.exe”


    Groet


    Jan
  • Hallo Jan, je kan inderdaad dan beter niet in het Windows register rotzooien.

    [b:40f2874e58]Ik wil graag dat jij je tijdens de fix aan onderstaande regels houdt:[/b:40f2874e58]
  • Hallo Jan, je kan inderdaad dan beter niet in het Windows register rotzooien.

    Hallo Abraham,

    Allereerst bedankt voor je reactie! Hieronder tref je de gevraagde logfile aan:


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
    Run by J. Spaans at 10:37:07 on 2012-04-13
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.377 [GMT 2:00]
    .
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    svchost.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\WINDOWS\system32
    vsvc32.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Microsoft Office\Office\OSA.EXE
    C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\J. Spaans\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/
    mSearchMigratedDefaultURL = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    BHO: Adobe PDF Reader Help bij koppelingen: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: {7aa6ef0c-f173-4a58-b153-833326ab7941} - No File
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: ANWB Toolbar: {ebb03e3e-020a-418d-b322-761b730ca860} - c:\program files\anwb\anwbtoolbar\ANWBToolbar.dll
    TB: {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\j. spaans\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /install
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [SoundMax] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
    StartupFolder: c:\docume~1\alluse~1\menust~1\progra~1\opstar~1\ziggow~1.lnk - c:\program files
    etgear\wn111v2\WN111V2.exe
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\windows\system32\msjava.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
    IE: {C180B365-AAB4-49c3-8E52-C37832A8C758} - {EBB03E3E-020A-418D-B322-761B730CA860} - c:\program files\anwb\anwbtoolbar\ANWBToolbar.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
    DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1198315244015
    DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-160-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{4A38CB2B-E753-4794-92F5-DEDBDDCA09F2} : NameServer = 208.67.220.220,208.67.222.222
    TCP: Interfaces\{D581D448-7A84-41F6-A668-AF7073A69FF0} : DhcpNameServer = 10.0.0.1
    Notify: TPSvc - TPSvc.dll
    AppInit_DLLs:
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [2012-2-24 99728]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [2012-3-29 72080]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-3-24 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2012-3-24 86224]
    R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2012-3-24 110032]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-3-24 74640]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-15 654408]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [2010-1-27 50704]
    R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-15 22344]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [2012-2-24 99728]
    S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys –> c:\windows\system32\drivers\Lbd.sys [?]
    S2 gupdate1ca0970b9e2ef88;Google Updateservice (gupdate1ca0970b9e2ef88);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
    S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-8-7 12672]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-20 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files
    etgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
    S3 pbfilter;pbfilter;\??\d:\belangrijke bestanden\programfiles1\peerblock\pbfilter.sys –> d:\belangrijke bestanden\programfiles1\peerblock\pbfilter.sys [?]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2009-1-14 458752]
    .
    =============== Created Last 30 ================
    .
    2012-04-13 08:34:57 ——– d–h–w- c:\windows\PIF
    2012-04-13 08:00:10 711240 —-a-w- c:\windows\isRS-000.tmp
    2012-04-12 16:43:57 388096 —-a-r- c:\documents and settings\j. spaans\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
    2012-04-12 16:43:55 ——– d—–w- c:\program files\Trend Micro
    2012-04-12 14:21:49 42864 —-a-r- c:\windows\system32\SBBD.EXE
    2012-04-12 14:21:49 101112 —-a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-12 14:21:41 ——– d—–w- c:\program files\STOPzilla!
    2012-04-12 14:21:39 ——– d—–w- c:\program files\common files\iS3
    2012-04-12 14:21:39 ——– d—–w- c:\documents and settings\all users\application data\STOPzilla!
    2012-04-12 14:09:06 ——– d–h–r- c:\documents and settings\j. spaans\Onlangs geopend
    2012-04-11 03:00:32 6582328 —-a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{9f49e88f-0d78-4c36-a88a-8c68e59389b4}\mpengine.dll
    2012-04-04 11:13:38 23376 —-a-r- c:\windows\system32\SZIO5.dll
    2012-04-04 11:13:26 546640 —-a-r- c:\windows\system32\SZComp5.dll
    2012-04-04 11:13:22 481104 —-a-r- c:\windows\system32\SZBase5.dll
    2012-03-29 14:36:48 72080 —-a-r- c:\windows\system32\drivers\SZKGFS.sys
    2012-03-24 10:43:05 ——– d—–w- c:\documents and settings\j. spaans\application data\Avira
    2012-03-24 10:37:19 74640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-03-24 10:37:19 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-03-24 10:37:15 ——– d—–w- c:\program files\Avira
    2012-03-24 10:37:15 ——– d—–w- c:\documents and settings\all users\application data\Avira
    2012-03-17 00:15:50 ——– d—–w- c:\program files\SpywareBlaster
    2012-03-14 21:58:30 ——– d—–w- c:\documents and settings\all users\application data\boost_interprocess
    .
    ==================== Find3M ====================
    .
    2012-04-10 08:07:49 1080 —-a-w- c:\windows\AUTOLNCH.REG
    2012-04-04 13:56:40 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-01 11:00:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10:27 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10:27 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17:53 385024 —-a-w- c:\windows\system32\html.iec
    2012-02-26 08:29:38 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-24 13:28:26 99728 —-a-r- c:\windows\system32\drivers\SZKG.sys
    2012-02-24 13:28:26 99728 —-a-r- c:\windows\system32\drivers\is3srv.sys
    2012-02-23 12:09:44 29008 —-a-r- c:\windows\system32\IS3XDat5.dll
    2012-02-23 12:09:42 390992 —-a-r- c:\windows\system32\IS3UI5.dll
    2012-02-23 12:09:42 231248 —-a-r- c:\windows\system32\IS3Win325.dll
    2012-02-23 12:09:40 100176 —-a-r- c:\windows\system32\IS3Svc5.dll
    2012-02-23 12:09:34 132944 —-a-r- c:\windows\system32\IS3HTUI5.dll
    2012-02-23 12:09:34 104272 —-a-r- c:\windows\system32\IS3Inet5.dll
    2012-02-23 12:09:32 67408 —-a-r- c:\windows\system32\IS3Hks5.dll
    2012-02-23 12:09:32 456528 —-a-r- c:\windows\system32\IS3DBA5.dll
    2012-02-23 12:09:30 808784 —-a-r- c:\windows\system32\IS3Base5.dll
    2012-02-23 08:18:36 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-03 09:57:36 1860224 —-a-w- c:\windows\system32\win32k.sys
    2009-08-27 22:10:05 652794 —-a-w- c:\program files\XviD-1.2.2-07062009.exe
    2009-05-12 15:17:58 8657729 —-a-w- c:\program files\Elecard Codec SDK G4 1.2.1.90504 Eval.exe
    2002-06-06 22:56:42 65536 —-a-w- c:\program files\movieid.exe
    2002-05-09 11:54:10 967 —-a-w- c:\program files\MovieID.pif
    .
    ============= FINISH: 10:38:36,57 ===============



  • Hallo Abraham,

    Er werden géén infecties gevonden. Hieronder het resultaat van de eerste scan. Wil je dat ik desondanks stap 3 uitvoer?

    Malwarebytes Anti-Malware (-evaluatieversie-) 1.61.0.1400
    www.malwarebytes.org

    Databaseversie: v2012.04.13.02

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    J. Spaans :: J-4CFF97CD5FDA4 [administrator]

    Realtime bescherming: Uitgeschakeld

    13-4-2012 11:36:16
    mbam-log-2012-04-13 (11-36-16).txt

    Scantype: Snelle scan
    Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
    Uitgeschakelde scanopties: P2P
    Objecten gescand: 212986
    Verstreken tijd: 5 minuut/minuten, 12 seconde(n)

    Geheugenprocessen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Geheugenmodulen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registersleutels gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerwaarden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Registerdata gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Mappen gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    Bestanden gedetecteerd: 0
    (Geen kwaadaardige objecten gedetecteerd)

    (einde)
  • Hallo Jan, je hebt tot nu toe netjes alles gedaan.
    We gaan nu dieper vorsen in jouw Windows.

    Maar eerst dienen twee services gedeaktiveerd te worden!

  • Hallo Abraham, hieronder de gevraagde log van TDSSSStarter.exe:

    Ik had overigens RESIDENT uitgevinkt en dacht daarmee de onderliggende (aangevinkte) Teatimer en SDhelper ook gedeactiveerd te hebben, maar dat blijkt dus verkeerd gedacht. Ik heb ze nu beide uitgevinkt.


    21:10:37.0843 0592 TDSS rootkit removing tool 2.7.28.0 Apr 10 2012 16:54:05
    21:10:37.0843 0592 ============================================================
    21:10:37.0843 0592 Current date / time: 2012/04/13 21:10:37.0843
    21:10:37.0843 0592 SystemInfo:
    21:10:37.0843 0592
    21:10:37.0843 0592 OS Version: 5.1.2600 ServicePack: 3.0
    21:10:37.0843 0592 Product type: Workstation
    21:10:37.0843 0592 ComputerName: J-4CFF97CD5FDA4
    21:10:37.0843 0592 UserName: J. Spaans
    21:10:37.0843 0592 Windows directory: C:\WINDOWS
    21:10:37.0843 0592 System windows directory: C:\WINDOWS
    21:10:37.0843 0592 Processor architecture: Intel x86
    21:10:37.0843 0592 Number of processors: 2
    21:10:37.0843 0592 Page size: 0x1000
    21:10:37.0843 0592 Boot type: Normal boot
    21:10:37.0843 0592 ============================================================
    21:10:39.0109 0592 Drive \Device\Harddisk0\DR0 - Size: 0x2F7B100000 (189.92 Gb), SectorSize: 0x200, Cylinders: 0x60D8, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    21:10:39.0125 0592 \Device\Harddisk0\DR0:
    21:10:39.0125 0592 MBR used
    21:10:39.0125 0592 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637
    21:10:39.0140 0592 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27116B5, BlocksNum 0x154BFD62
    21:10:39.0390 0592 Initialize success
    21:10:39.0390 0592 ============================================================
    21:10:39.0421 3988 ============================================================
    21:10:39.0421 3988 Scan started
    21:10:39.0421 3988 Mode: Auto (DCExact ); SigCheck; TDLFS; Silent;
    21:10:39.0421 3988 ============================================================
    21:10:40.0109 3988 ACPI (02273a448ba21a7d447daeb47810d40c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    21:10:40.0625 3988 ACPIEC (63f517b1a87dabf3f5acb8a7952fc1d1) C:\WINDOWS\system32\drivers\ACPIEC.sys
    21:10:40.0875 3988 ACS (8cddbfcdac7226fe0202c7338107725b) C:\WINDOWS\system32\acs.exe
    21:10:40.0921 3988 ACS ( UnsignedFile.Multi.Generic ) - [b:fde340f979]
  • Hieronder de ComboFix log. Abraham, klopt het dat ik bij de volgende stap (4) vermelde twee programma's weer moet starten en de logs daarvan posten?

    ComboFix 12-04-13.01 - J. Spaans 13-04-2012 21:43:58.2.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.306 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\J. Spaans\Bureaublad\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\J. Spaans\Application Data\Desktopicon
    c:\documents and settings\J. Spaans\Application Data\Desktopicon\eBay.ico
    c:\documents and settings\J. Spaans\Application Data\Desktopicon\uninst.exe
    c:\program files\Elecard Codec SDK G4 1.2.1.90504 Eval.exe
    c:\program files\XviD-1.2.2-07062009.exe
    c:\windows\IsUn0413.exe
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-13 to 2012-04-13 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-13 19:07 . 2012-04-13 19:11 ——– d—–w- C:\TDSSStarter
    2012-04-13 08:34 . 2012-04-13 08:34 ——– d–h–w- c:\windows\PIF
    2012-04-12 16:43 . 2012-04-12 16:43 388096 —-a-r- c:\documents and settings\J. Spaans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-12 16:43 . 2012-04-12 16:43 ——– d—–w- c:\program files\Trend Micro
    2012-04-12 14:21 . 2012-01-19 08:22 42864 —-a-r- c:\windows\system32\SBBD.EXE
    2012-04-12 14:21 . 2012-01-12 07:26 101112 —-a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\STOPzilla!
    2012-04-12 14:21 . 2012-04-13 19:53 ——– d—–w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\Common Files\iS3
    2012-04-12 14:09 . 2012-04-13 19:39 ——– d–h–r- c:\documents and settings\J. Spaans\Onlangs geopend
    2012-04-11 03:00 . 2012-03-14 02:15 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F49E88F-0D78-4C36-A88A-8C68E59389B4}\mpengine.dll
    2012-04-04 11:13 . 2012-04-04 11:13 23376 —-a-r- c:\windows\system32\SZIO5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 546640 —-a-r- c:\windows\system32\SZComp5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 481104 —-a-r- c:\windows\system32\SZBase5.dll
    2012-03-29 14:36 . 2012-03-29 14:36 72080 —-a-r- c:\windows\system32\drivers\SZKGFS.sys
    2012-03-24 10:43 . 2012-03-24 10:43 ——– d—–w- c:\documents and settings\J. Spaans\Application Data\Avira
    2012-03-24 10:37 . 2012-01-31 07:57 74640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-03-24 10:37 . 2012-01-31 07:57 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2012-03-24 10:37 . 2011-09-16 15:09 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\program files\Avira
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
    2012-03-17 00:15 . 2012-03-17 00:18 ——– d—–w- c:\program files\SpywareBlaster
    2012-03-14 21:58 . 2012-03-14 21:58 ——– d—–w- c:\documents and settings\All Users\Application Data\boost_interprocess
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-10 08:07 . 2008-08-16 12:34 1080 —-a-w- c:\windows\AUTOLNCH.REG
    2012-04-04 13:56 . 2008-12-15 09:45 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-14 02:15 . 2007-05-17 00:02 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-03-01 11:00 . 2004-08-04 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00 . 2004-08-04 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00 . 2004-08-04 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2004-08-04 12:00 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-04 12:00 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2012-02-26 08:29 . 2011-05-14 10:20 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\SZKG.sys
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\is3srv.sys
    2012-02-23 12:09 . 2012-02-23 12:09 29008 —-a-r- c:\windows\system32\IS3XDat5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 390992 —-a-r- c:\windows\system32\IS3UI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 231248 —-a-r- c:\windows\system32\IS3Win325.dll
    2012-02-23 12:09 . 2012-02-23 12:09 100176 —-a-r- c:\windows\system32\IS3Svc5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 132944 —-a-r- c:\windows\system32\IS3HTUI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 104272 —-a-r- c:\windows\system32\IS3Inet5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 67408 —-a-r- c:\windows\system32\IS3Hks5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 456528 —-a-r- c:\windows\system32\IS3DBA5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 808784 —-a-r- c:\windows\system32\IS3Base5.dll
    2012-02-23 08:18 . 2009-10-02 18:30 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-03 09:57 . 2004-08-04 12:00 1860224 —-a-w- c:\windows\system32\win32k.sys
    2002-06-06 22:56 . 2009-03-07 21:28 65536 —-a-w- c:\program files\movieid.exe
    2002-05-09 11:54 . 2009-03-07 21:28 967 —-a-w- c:\program files\MovieID.pif
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-22 51984]
    Ziggo Wireless Utility.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-7-15 1532001]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 13:51 177440 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-02-19 00:41 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:03 1695232 —-a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 06:27 570664 —-a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    2003-05-30 07:42 585728 —-a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2003-05-29 14:28 790528 -c–a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-20 19:30 39408 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2002-11-23 00:15 631362 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\HPZipm12.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [24-2-2012 15:28 99728]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [29-3-2012 16:36 72080]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24-3-2012 12:37 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24-3-2012 12:37 86224]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15-12-2008 11:45 654408]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [27-1-2010 4:09 50704]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1-10-2008 17:45 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15-12-2008 11:45 22344]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [24-2-2012 15:28 99728]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1ca0970b9e2ef88;Google Updateservice (gupdate1ca0970b9e2ef88);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-7-2003 13:10 17149]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-2-2008 12:54 360547]
    S3 pbfilter;pbfilter;\??\d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys –> d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys [?]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14-1-2009 3:23 458752]
    .
    — Andere Services/Drivers In Geheugen —
    .
    *NewlyCreated* - 08944499
    *NewlyCreated* - 26668473
    *Deregistered* - 08944499
    *Deregistered* - 26668473
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2012-04-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-20 16:47]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-04-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004Core.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004UA.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-13 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/
    mSearchMigratedDefaultURL = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{4A38CB2B-E753-4794-92F5-DEDBDDCA09F2}: NameServer = 208.67.220.220,208.67.222.222
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    BHO-{7aa6ef0c-f173-4a58-b153-833326ab7941} - (no file)
    Toolbar-10 - (no file)
    Notify-TPSvc - TPSvc.dll
    MSConfigStartUp-Ad-Watch - c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
    AddRemove-Aangifte inkomstenbelasting 2008 - g:\2008\ib2008u.exe
    AddRemove-eBay Icon - c:\documents and settings\J. Spaans\Application Data\Desktopicon\uninst.exe
    AddRemove-HP PrecisionScan LTX - c:\windows\IsUn0413.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-13 21:53
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    .
    c:\windows\TEMP\TMP000000D8062B7AC436910342 524288 bytes
    .
    Scan succesvol afgerond
    verborgen bestanden: 1
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    Voltooingstijd: 2012-04-13 21:57:04
    ComboFix-quarantined-files.txt 2012-04-13 19:56
    .
    Pre-Run: 3.934.863.360 bytes beschikbaar
    Post-Run: 4.231.553.024 bytes beschikbaar
    .
    - - End Of File - - AF38052163722E7922711E8B0B39110D
  • Jan vraagt:"Abraham, klopt het dat ik bij de volgende stap (4) vermelde twee programma's weer moet starten en de logs daarvan posten?"

    Hallo Jan, nee hoor - indien je de opdracht uitgevoerd hebt, hoef je het niet weer te doen.

  • Hallo Abraham,

    Ik heb beide handelingen uitgevoerd. Hieronder de gevraagde scanlog:

    Emsisoft Emergency Kit - Versie 1.0
    Laatste Update: 14-4-2012 11:17:13

    Scaninstellingen:

    Scantype: Diepe Scan
    Objecten: Geheugen, Sporen, Cookies, C:\, D:\
    Scan archieven: Aan
    Heuristieken: Uit
    ADS Scan: Aan

    Scan gestart: 14-4-2012 11:18:47

    c:\windows\system32\fonts Ontdekt: Trace.Directory.IamBigBrother!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> LastConfigRead Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> XML Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\Updates –> LastTime Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> BandClsid Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> ButtonText Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Clsid Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Default Visible Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> HotIcon Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Icon Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuStatusBar Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuText Ontdekt: Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser –> {ebb03e3e-020a-418d-b322-761b730ca860} Ontdekt: Trace.Registry.ANWBToolbar!A2
    Value: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar –> {ebb03e3e-020a-418d-b322-761b730ca860} Ontdekt: Trace.Registry.ANWBToolbar!A2
    Key: HKEY_CURRENT_USER\software\kazaa Ontdekt: Trace.Registry.KaZaA!A2

    Gescand

    Bestanden: 168065
    Sporen: 506787
    Cookies: 14
    Processen: 46

    Gevonden

    Bestanden: 0
    Sporen: 15
    Cookies: 0
    Processen: 0
    Registersleutels: 0

    Scan Geëindigd: 14-4-2012 13:43:58
    Scantijd: 2:25:11

    Key: HKEY_CURRENT_USER\software\kazaa Verwijderd Trace.Registry.KaZaA!A2
    Value: HKEY_CURRENT_USER\software\microsoft\internet explorer\toolbar\webbrowser –> {ebb03e3e-020a-418d-b322-761b730ca860} Verwijderd Trace.Registry.ANWBToolbar!A2
    Value: HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar –> {ebb03e3e-020a-418d-b322-761b730ca860} Verwijderd Trace.Registry.ANWBToolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> LastConfigRead Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\ConfigurationFile –> XML Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_CURRENT_USER\Software\Jaytown\ANWBToolbar\Updates –> LastTime Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> BandClsid Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> ButtonText Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Clsid Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Default Visible Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> HotIcon Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> Icon Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuStatusBar Verwijderd Trace.Registry.ANWB Toolbar!A2
    Value: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C180B365-AAB4-49c3-8E52-C37832A8C758} –> MenuText Verwijderd Trace.Registry.ANWB Toolbar!A2
    c:\windows\system32\fonts Verwijderd Trace.Directory.IamBigBrother!A2

    Verwijderd

    Bestanden: 0
    Sporen: 15
    Cookies: 0
  • Doe de ComboFix scan nogmaals.
    Het kan na opstarten van ComboFix gebeuren dat er een melding komt:

    - of ComboFix wil geupdated worden;
    - of ComboFix wil opnieuw gedownload worden.

    Post wederom de inhoud van het ComboFix-log.
  • [quote:31371835e0="Abraham54"]Doe de ComboFix scan nogmaals.

    Post wederom de inhoud van het ComboFix-log.[/quote:31371835e0]

    Abraham, hieronder de CF log:


    ComboFix 12-04-13.01 - J. Spaans 16-04-2012 10:11:08.3.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1023.284 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\J. Spaans\Bureaublad\ComboFix.exe
    AV: Avira Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\TEMP
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-03-16 to 2012-04-16 ))))))))))))))))))))))))))))))
    .
    .
    2012-04-13 19:07 . 2012-04-13 20:13 ——– d—–w- C:\TDSSStarter
    2012-04-13 08:34 . 2012-04-13 08:34 ——– d–h–w- c:\windows\PIF
    2012-04-12 16:43 . 2012-04-12 16:43 388096 —-a-r- c:\documents and settings\J. Spaans\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-04-12 16:43 . 2012-04-12 16:43 ——– d—–w- c:\program files\Trend Micro
    2012-04-12 14:21 . 2012-01-19 08:22 42864 —-a-r- c:\windows\system32\SBBD.EXE
    2012-04-12 14:21 . 2012-01-12 07:26 101112 —-a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\STOPzilla!
    2012-04-12 14:21 . 2012-04-16 08:19 ——– d—–w- c:\documents and settings\All Users\Application Data\STOPzilla!
    2012-04-12 14:21 . 2012-04-12 14:21 ——– d—–w- c:\program files\Common Files\iS3
    2012-04-12 14:09 . 2012-04-15 11:01 ——– d–h–r- c:\documents and settings\J. Spaans\Onlangs geopend
    2012-04-11 03:00 . 2012-03-14 02:15 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{9F49E88F-0D78-4C36-A88A-8C68E59389B4}\mpengine.dll
    2012-04-04 11:13 . 2012-04-04 11:13 23376 —-a-r- c:\windows\system32\SZIO5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 546640 —-a-r- c:\windows\system32\SZComp5.dll
    2012-04-04 11:13 . 2012-04-04 11:13 481104 —-a-r- c:\windows\system32\SZBase5.dll
    2012-03-29 14:36 . 2012-03-29 14:36 72080 —-a-r- c:\windows\system32\drivers\SZKGFS.sys
    2012-03-24 10:43 . 2012-03-24 10:43 ——– d—–w- c:\documents and settings\J. Spaans\Application Data\Avira
    2012-03-24 10:37 . 2012-01-31 07:57 74640 —-a-w- c:\windows\system32\drivers\avgntflt.sys
    2012-03-24 10:37 . 2012-01-31 07:57 137416 —-a-w- c:\windows\system32\drivers\avipbb.sys
    2012-03-24 10:37 . 2011-09-16 15:09 36000 —-a-w- c:\windows\system32\drivers\avkmgr.sys
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\program files\Avira
    2012-03-24 10:37 . 2012-03-24 10:37 ——– d—–w- c:\documents and settings\All Users\Application Data\Avira
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-10 08:07 . 2008-08-16 12:34 1080 —-a-w- c:\windows\AUTOLNCH.REG
    2012-04-04 13:56 . 2008-12-15 09:45 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-14 02:15 . 2007-05-17 00:02 6582328 —-a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
    2012-03-01 11:00 . 2004-08-04 12:00 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00 . 2004-08-04 12:00 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00 . 2004-08-04 12:00 1469440 ——w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2004-08-04 12:00 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2004-08-04 12:00 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2004-08-04 12:00 385024 —-a-w- c:\windows\system32\html.iec
    2012-02-26 08:29 . 2011-05-14 10:20 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\SZKG.sys
    2012-02-24 13:28 . 2012-02-24 13:28 99728 —-a-r- c:\windows\system32\drivers\is3srv.sys
    2012-02-23 12:09 . 2012-02-23 12:09 29008 —-a-r- c:\windows\system32\IS3XDat5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 390992 —-a-r- c:\windows\system32\IS3UI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 231248 —-a-r- c:\windows\system32\IS3Win325.dll
    2012-02-23 12:09 . 2012-02-23 12:09 100176 —-a-r- c:\windows\system32\IS3Svc5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 132944 —-a-r- c:\windows\system32\IS3HTUI5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 104272 —-a-r- c:\windows\system32\IS3Inet5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 67408 —-a-r- c:\windows\system32\IS3Hks5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 456528 —-a-r- c:\windows\system32\IS3DBA5.dll
    2012-02-23 12:09 . 2012-02-23 12:09 808784 —-a-r- c:\windows\system32\IS3Base5.dll
    2012-02-23 08:18 . 2009-10-02 18:30 237072 ——w- c:\windows\system32\MpSigStub.exe
    2012-02-03 09:57 . 2004-08-04 12:00 1860224 —-a-w- c:\windows\system32\win32k.sys
    2002-06-06 22:56 . 2009-03-07 21:28 65536 —-a-w- c:\program files\movieid.exe
    2002-05-09 11:54 . 2009-03-07 21:28 967 —-a-w- c:\program files\MovieID.pif
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-13_19.53.32 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2012-04-16 08:00 . 2012-04-16 08:00 16384 c:\windows\Temp\Perflib_Perfdata_1c4.dat
    + 2012-04-16 08:09 . 2012-04-16 08:09 12568 c:\windows\system32\drivers\PROCEXP113.SYS
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
    "nwiz"="nwiz.exe" [2008-05-03 1630208]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
    "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264]
    .
    c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
    HP Photosmart Premier Snelstart.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
    Office Opstarten.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-9-22 51984]
    Ziggo Wireless Utility.lnk - c:\program files\NETGEAR\WN111v2\WN111V2.exe [2009-7-15 1532001]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
    otify\TPSvc]
    TPSvc.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2009-08-13 13:51 177440 —-a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
    2006-02-19 00:41 49152 —-a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2009-11-12 15:33 141600 —-a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    2008-04-14 17:03 1695232 —-a-w- c:\program files\Messenger\msmsgs.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-05-28 06:27 570664 —-a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
    2003-05-30 07:42 585728 —-a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2003-05-29 14:28 790528 -c–a-w- c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-07-20 19:30 39408 —-a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\zBrowser Launcher]
    2002-11-23 00:15 631362 —-a-w- c:\program files\Logitech\iTouch\iTouch.exe
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\WINDOWS\\system32\\HPZipm12.exe"=
    "c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=
    "c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexingService.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    .
    R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [24-2-2012 15:28 99728]
    R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [29-3-2012 16:36 72080]
    R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [24-3-2012 12:37 36000]
    R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24-3-2012 12:37 86224]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [15-12-2008 11:45 654408]
    R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers
    pf.sys [27-1-2010 4:09 50704]
    R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3-11-2006 18:19 13592]
    R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [1-10-2008 17:45 57440]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [15-12-2008 11:45 22344]
    S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [24-2-2012 15:28 99728]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys –> c:\windows\system32\DRIVERS\Lbd.sys [?]
    S2 gupdate1ca0970b9e2ef88;Google Updateservice (gupdate1ca0970b9e2ef88);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24-7-2003 13:10 17149]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [20-7-2009 21:31 133104]
    S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\NETGEAR\WN111v2\jswpsapi.exe [27-2-2008 12:54 360547]
    S3 pbfilter;pbfilter;\??\d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys –> d:\belangrijke bestanden\Programfiles1\PeerBlock\pbfilter.sys [?]
    S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14-1-2009 3:23 458752]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2011-02-24 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
    .
    2012-04-13 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-20 16:47]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 19:31]
    .
    2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004Core.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-861567501-1957994488-1801674531-1004UA.job
    - c:\documents and settings\J. Spaans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-12 09:43]
    .
    2012-04-16 c:\windows\Tasks\MP Scheduled Scan.job
    - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = hxxp://www.google.nl/
    uSearchMigratedDefaultURL = hxxp://www.google.com/
    mSearchMigratedDefaultURL = hxxp://www.google.com/
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    IE: {{C180B365-AAB4-49c3-8E52-C37832A8C758}
    TCP: DhcpNameServer = 10.0.0.1
    TCP: Interfaces\{4A38CB2B-E753-4794-92F5-DEDBDDCA09F2}: NameServer = 208.67.220.220,208.67.222.222
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {34DC6011-88B5-4EA9-BA7A-DC7B4F4437FE} - hxxp://foto.hema.nl/ips-opdata/layout/hema/objects/jordan.cab
    DPF: {D3166EE4-3E00-46CA-8F62-8E01D2314A7F} - hxxp://www.cig.canon-europe.com/ph/nl_NL/st/download/ddup/CNIMGUP_01_210102E.cab
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-04-16 10:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    ——————— VERGRENDELDE REGISTER SLEUTELS ———————
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•¤|ÿÿÿÿ•¤|ù•9~*]
    "3140311900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    ——————— DLLs Geladen Onder Lopende Processen ———————
    .
    - - - - - - - > 'explorer.exe'(2628)
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Voltooingstijd: 2012-04-16 10:23:32
    ComboFix-quarantined-files.txt 2012-04-16 08:23
    ComboFix2.txt 2012-04-13 19:57
    .
    Pre-Run: 4.159.864.832 bytes beschikbaar
    Post-Run: 4.140.482.560 bytes beschikbaar
    .
    - - End Of File - - 652D5798A7AF69A45F53D0CAFF99131F

  • Hoe gaat het nu?
  • [quote:caa0d187f5="Abraham54"]Hoe gaat het nu?[/quote:caa0d187f5]

    Hallo Abraham,

    De situatie is ongewijzigd. De browser start nog steeds op met http://www.searchnu.com/406. Ik kan zoals eerder ook wel een ander tabblad selecteren en via Google zoeken. Ook kan ik het tabblad http://www.searchnu.com/406 verwijderen. Als ik mijn browser beëindig en weer opstart, is het er weer, ondanks het feit dat www.Google.nl als standaard browser is ingesteld. Hardnekkig probleem.
  • Jij gebruikt nog steeds IE8 - is het niet?

    Doe dan het volgende:

    [list:aeb9d5e02a][*:aeb9d5e02a]klik in IE op de knop [u:aeb9d5e02a]
  • Jij gebruikt nog steeds IE8 - is het niet?

    Hallo Abraham,

    Helaas heeft het niet geholpen. Voordat ik de hulp van dit forum inriep heb ik het internet geraadpleegd. Ik las toen al dat het lastig is om deze toevoeging te verwijderen.
  • Dan gaan we wat anders doen: download [b:32429c2939] en plaats het bestand op je bureaublad.

  • Hallo Abraham,

    Fijn dat je verder wilt helpen! Hieronder de gevraagde logs (dat je hier nog raad mee weet?):

    OTL logfile created on: 17-4-2012 22:04:25 - Run 1
    OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\J. Spaans\Bureaublad\OTL
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000413 | Country: Nederland | Language: NLD | Date Format: d-M-yyyy

    1022,73 Mb Total Physical Memory | 688,46 Mb Available Physical Memory | 67,32% Memory free
    2,41 Gb Paging File | 1,86 Gb Available in Paging File | 77,47% Paging File free
    Paging file location(s): D:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 19,53 Gb Total Space | 3,86 Gb Free Space | 19,76% Space Free | Partition Type: NTFS
    Drive D: | 170,37 Gb Total Space | 108,96 Gb Free Space | 63,95% Space Free | Partition Type: NTFS

    Computer Name: J-4CFF97CD5FDA4 | User Name: J. Spaans | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

  • Hallo Jan - welke browser gebruik jij standaard?
    Is dat Google's Chrome?


    [b:d83da85cae]Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters![/b:d83da85cae]

    Start OTL[list:d83da85cae][*:d83da85cae]Plak de volgende (vetgedrukte, blauwe tekst) onder
  • Hallo Jan - welke browser gebruik jij standaard?
    Is dat Google's Chrome?

    Hoi Abraham,

    Net thuis van mijn werk. Maar gelijk even draaien. Ik gebruik inderdaad Google's Chrome. Overigens nog niet zo lang.

    Nadat ik de FIX heb gestart kreeg ik na enige minuten de vermelding COMPLETED …… onderaan OTL. De PC sloot echter niet af en stond vast. Ik heb 'm met de aan\ uit knop uit en aan gezet. Ik heb OTL weer opgestart en kreeg direct daarop onderstaande log. Helaas zit die ….. nog steeds in de browser.

    All processes killed
    ========== OTL ==========
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    C:\Documents and Settings\J. Spaans\Application Data\searchquband folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: J. Spaans
    ->Temp folder emptied: 686135 bytes
    ->Temporary Internet Files folder emptied: 285167 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 17888981 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 410 bytes

    User: JC784~1~SPA

    User: LocalService
    ->Temp folder emptied: 66016 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: NetworkService
    ->Temp folder emptied: 4460 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Y Tuurenhout
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 4684 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 198209536 bytes

    Total Files Cleaned = 207,00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default User

    User: J. Spaans
    ->Java cache emptied: 0 bytes

    User: JC784~1~SPA

    User: LocalService

    User: NetworkService

    User: Y Tuurenhout
    ->Java cache emptied: 0 bytes

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: J. Spaans
    ->Flash cache emptied: 0 bytes

    User: JC784~1~SPA

    User: LocalService

    User: NetworkService

    User: Y Tuurenhout
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0,00 mb

    Restore point Set: OTL Restore Point (0)

    OTL by OldTimer - Version 3.2.39.2 log created on 04182012_230346

    Files\Folders moved on Reboot…

    Registry entries deleted on Reboot…
  • Een en ander is het gevolg dat scantools nog niet met Google's Chrome overweg kunnen.
    Daarom gebruiken we weer OTL met een Chromescwitch.

    [b:2639274604]Sluit voordat je OTL de fix laat doen, eerst alle andere openstaande vensters![/b:2639274604]

    Start OTL[list:2639274604][*:2639274604]Plak de volgende (vetgedrukte, blauwe tekst) onder

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.