Forumoverzicht Malware en virusinfectie problemen Hulp bij malware en virusinfectie problemen (HijackThis / RSIT / DDS logs) Opgeloste problemen / logs

Gesloten onderwerpen. Stuur een privé bericht naar een Moderator of de Administrator om het topic weer te laten openen.

MyStart Incredibar verwijderen

Berichtdoor Karin » za 08 sep, 2012 20:13:51

Hallo, ik hoop dat iemand mij hier mee kan helpen, alvast bedankt

Ik heb de AdwCleaner gedownload en uitgevoerd, daarna heb ik DDS uitgevoerd hieronder de logfiles:

AdwCleaner
# AdwCleaner v2.000 - Verslag gemaakt op 09/08/2012 om 19:36:41
# Geactualiseerd op 30/08/2012 door Xplode
# Besturingssysteem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Gebruiker : Karin - KARIN-PC
# Opstarten Modus : Normale modus
# Gelanceerd vanaf : C:\Users\Karin\Desktop\adwcleaner.exe
# Optie [Verwijderen]


***** [Diensten] *****


***** [Files / Mappen] *****


***** [Register] *****


***** [Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Het register bevat geen enkele ongeoorloofde invoer.

-\\ Mozilla Firefox v15.0 (nl)

Profielnaam : default
File : C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\al3hy8tu.default\prefs.js

C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\al3hy8tu.default\user.js ... Verwijdert !

Verwijdert : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb178?a=6PQJ0vHZ6p&loc=FF_NT");
Verwijdert : user_pref("browser.search.defaultenginename", "MyStart Search");
Verwijdert : user_pref("browser.search.selectedEngine", "MyStart Search");
Verwijdert : user_pref("extensions.incredibar.actvtyRptTime", "1347096246559");
Verwijdert : user_pref("extensions.incredibar.admin", false);
Verwijdert : user_pref("extensions.incredibar.aflt", "orgnl");
Verwijdert : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Verwijdert : user_pref("extensions.incredibar.cntry", "NL");
Verwijdert : user_pref("extensions.incredibar.dfltLng", "EN");
Verwijdert : user_pref("extensions.incredibar.dfltSrch", false);
Verwijdert : user_pref("extensions.incredibar.dfltlng", "en");
Verwijdert : user_pref("extensions.incredibar.dfltsrch", "false");
Verwijdert : user_pref("extensions.incredibar.did", "10643");
Verwijdert : user_pref("extensions.incredibar.envrmnt", "production");
Verwijdert : user_pref("extensions.incredibar.excTlbr", false);
Verwijdert : user_pref("extensions.incredibar.hdrMd5", "C6F996C15E5A32BC8FC49F004481CBED");
Verwijdert : user_pref("extensions.incredibar.hmpg", false);
Verwijdert : user_pref("extensions.incredibar.hrdid", "461528530000000000001078d2ee2752");
Verwijdert : user_pref("extensions.incredibar.id", "461528530000000000001078d2ee2752");
Verwijdert : user_pref("extensions.incredibar.installerproductid", "26");
Verwijdert : user_pref("extensions.incredibar.instlDay", "15591");
Verwijdert : user_pref("extensions.incredibar.instlRef", "");
Verwijdert : user_pref("extensions.incredibar.instlday", "15591");
Verwijdert : user_pref("extensions.incredibar.instlref", "");
Verwijdert : user_pref("extensions.incredibar.isDcmntCmplt", false);
Verwijdert : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Verwijdert : user_pref("extensions.incredibar.keywordurl", "");
Verwijdert : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:08:21");
Verwijdert : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Verwijdert : user_pref("extensions.incredibar.newTab", false);
Verwijdert : user_pref("extensions.incredibar.newtab", "false");
Verwijdert : user_pref("extensions.incredibar.newtaburl", "");
Verwijdert : user_pref("extensions.incredibar.noFFXTlbr", false);
Verwijdert : user_pref("extensions.incredibar.ppd", "1");
Verwijdert : user_pref("extensions.incredibar.prdct", "incredibar");
Verwijdert : user_pref("extensions.incredibar.productid", "26");
Verwijdert : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Verwijdert : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Verwijdert : user_pref("extensions.incredibar.sg", "none");
Verwijdert : user_pref("extensions.incredibar.smplGrp", "none");
Verwijdert : user_pref("extensions.incredibar.smplgrp", "none");
Verwijdert : user_pref("extensions.incredibar.srch", "");
Verwijdert : user_pref("extensions.incredibar.srchprvdr", "");
Verwijdert : user_pref("extensions.incredibar.tlbrId", "base");
Verwijdert : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQJ0vHZ6p&loc=IB_T[...]
Verwijdert : user_pref("extensions.incredibar.tlbrid", "base");
Verwijdert : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQJ0vHZ6p&loc=IB_T[...]
Verwijdert : user_pref("extensions.incredibar.upn2", "6PQJ0vHZ6p");
Verwijdert : user_pref("extensions.incredibar.upn2n", "92543545101084505");
Verwijdert : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Verwijdert : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:08:21");
Verwijdert : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Verwijdert : user_pref("extensions.incredibar.vrsnts", "1.5.11.1411:08:21");
Verwijdert : user_pref("extensions.incredibar_i.aflt", "orgnl");
Verwijdert : user_pref("extensions.incredibar_i.dfltLng", "");
Verwijdert : user_pref("extensions.incredibar_i.did", "10643");
Verwijdert : user_pref("extensions.incredibar_i.excTlbr", false);
Verwijdert : user_pref("extensions.incredibar_i.id", "461528530000000000001078d2ee2752");
Verwijdert : user_pref("extensions.incredibar_i.installerproductid", "26");
Verwijdert : user_pref("extensions.incredibar_i.instlDay", "15591");
Verwijdert : user_pref("extensions.incredibar_i.instlRef", "");
Verwijdert : user_pref("extensions.incredibar_i.ms_url_id", "");
Verwijdert : user_pref("extensions.incredibar_i.newTab", false);
Verwijdert : user_pref("extensions.incredibar_i.ppd", "1");
Verwijdert : user_pref("extensions.incredibar_i.prdct", "incredibar");
Verwijdert : user_pref("extensions.incredibar_i.productid", "26");
Verwijdert : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Verwijdert : user_pref("extensions.incredibar_i.smplGrp", "none");
Verwijdert : user_pref("extensions.incredibar_i.tlbrId", "base");
Verwijdert : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQJ0vHZ6p&loc=IB[...]
Verwijdert : user_pref("extensions.incredibar_i.upn2", "6PQJ0vHZ6p");
Verwijdert : user_pref("extensions.incredibar_i.upn2n", "92543545101084505");
Verwijdert : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Verwijdert : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:08:21");
Verwijdert : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Verwijdert : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb178/?loc=IB_DS&a=6PQJ0vHZ6p&&i=26&search="[...]
Verwijdert : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[S1].txt - [1534 octets] - [08/09/2012 19:28:49]
AdwCleaner[S2].txt - [491 octets] - [08/09/2012 19:29:13]
AdwCleaner[S3].txt - [491 octets] - [08/09/2012 19:30:01]
AdwCleaner[S4].txt - [491 octets] - [08/09/2012 19:30:25]
AdwCleaner[S5].txt - [491 octets] - [08/09/2012 19:30:58]
AdwCleaner[S6].txt - [6793 octets] - [08/09/2012 19:36:41]

########## EOF - C:\AdwCleaner[S6].txt - [6853 octets] ##########

DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Karin at 19:41:16 on 2012-09-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.31.1043.18.4061.2841 [GMT 2:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://hotmail.com/
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aanmeldhulp voor Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [Memorex Button Manager] C:\Program Files\Memorex Button Manager\MmrBtnMgr.exe
mRun: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Verzenden naar OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: E&xporteren naar Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\Karin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.2.254
TCP: Interfaces\{09269082-DF53-4EB3-AF2C-BA7F14775609} : DhcpNameServer = 192.168.2.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
mRun-x64: [Memorex Button Manager] C:\Program Files\Memorex Button Manager\MmrBtnMgr.exe
mRun-x64: [Corel Photo Downloader] "C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
mRun-x64: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Karin\AppData\Roaming\Mozilla\Firefox\Profiles\al3hy8tu.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Karin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-8-26 243232]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Updateservice (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-28 116648]
S3 gupdatem;Google Update-service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-28 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 114144]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Netwerkinspectie;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies-service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-09-08 14:43:29 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{683D94CD-8A0F-4E7E-B845-8E31589E3100}\mpengine.dll
2012-09-08 10:52:26 -------- d-----w- C:\sh4ldr
2012-09-08 10:52:26 -------- d-----w- C:\Program Files\Enigma Software Group
2012-09-08 10:51:25 -------- d-----w- C:\Windows\8C5C34C7BC6B48318B2C6535FE63E502.TMP
2012-09-08 10:51:24 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-09-08 09:46:28 -------- d-----w- C:\Users\Karin\AppData\Roaming\Malwarebytes
2012-09-08 09:46:20 -------- d-----w- C:\ProgramData\Malwarebytes
2012-09-08 09:19:53 9310152 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-04 16:42:42 -------- d-----w- C:\Users\Karin\AppData\Local\{8E1299BA-AEE2-4602-B702-3BB4486C1A0F}
2012-08-26 10:43:55 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-26 10:43:55 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-08-15 15:06:17 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 15:06:17 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 15:06:13 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 15:06:13 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 15:06:13 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 15:06:13 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 15:06:12 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 15:06:12 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 15:06:12 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 15:06:11 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 15:06:10 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-12 10:38:52 -------- d-----w- C:\Users\Karin\AppData\Local\Albelli Fotoboeken
2012-08-12 09:54:02 -------- d-----w- C:\Users\Karin\AppData\Local\Hema Fotoalbum
.
==================== Find3M ====================
.
2012-08-28 18:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-28 18:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-27 17:09:25 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-27 17:09:25 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-21 07:59:18 0 ----a-w- C:\Windows\SysWow64\sho1C17.tmp
2012-07-12 15:06:54 0 ----a-w- C:\Windows\SysWow64\sho2B05.tmp
2012-07-01 10:05:38 848 --sha-w- C:\ProgramData\KGyGaAvL.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 19:42:18,06 ===============
Karin
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 4
Geregistreerd: za 08 sep, 2012 19:56:57
Kennisniveau: (1) Beginner
OS: windows
AV: security essentails
FW: security essentails

Re: MyStart Incredibar verwijderen

Berichtdoor Maxstar » za 08 sep, 2012 21:21:25

Hoi en welkom op het forum,

Download zoek.exe naar het bureaublad.
"zoek.exe" gebruiken:
  • Sluit nu eerst alle nog openstaande programmavensters!
  • Schakel je antivirus- en antispywareprogramma's uit, mogelijk kunnen ze conflicteren met zoek.exe
    (hier of hier) kan je lezen hoe je dat doet.
    • Windows 2000 en Windows XP: start de tool middels dubbelklik op "zoek.exe".
    • Windows Vista en Windows 7: start de tool middels rechtsklik op "zoek.exe" en dan kiezen voor Als Administrator uitvoeren.
  • Vervolgens zal er na een tijdje een venster geopend worden.
  • Met je muis selecteer je nu de volgende keuze "Combined fix"(rechts onderaan)
  • Kopieer nu onderstaande code en plak die in het grote invulvenster:

    Note: Dit script is speciaal bedoeld voor deze PC, gebruik dit dan ook niet op andere PC's met een gelijkwaardig probleem.

    Code: Selecteer alles
    installedprogs;
    cd /D "%APPDATA%\Mozilla\Firefox\Profiles";b
    cd *.default;b
    type prefs.js >>"%temp%\log.txt";b
    emptyiecache;
    emptyflash;
    emptyjava;
  • Klik nu op de knop "Run script".
  • Wacht nu geduldig af tot er een logje opent(dit kan na een herstart zijn)
  • Mocht na de herstart geen logje verschijnen, start zoek.exe dan opnieuw, de log verschijnt dan alsnog.
  • Post nu de inhoud van het geopende logje in het volgende bericht.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32677
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor

Re: MyStart Incredibar verwijderen

Berichtdoor Karin » za 08 sep, 2012 23:59:20

Dank voor je snelle reactie!
Hieronder het logje:


Zoek.exe Version 3.0.0.3 Updated 08-SEPT-2012
Tool run by Karin on za 08-09-2012 at 23:44:14,27.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running from: C:\Users\Karin\AppData\Local\Temp\zoek.exe

==== Installed Programs ======================

@C:\\PROGRA~2\\Nero\\Update\\NASvc.exe,-200
@C:\\Program Files (x86)\\Intel\\Intel Control Center\\Uninstaller\\SetupICC.exe,-100
@C:\\Program Files (x86)\\Intel\\Intel(R) Graphics Media Accelerator Driver\\Uninstall\\Setup.exe,-2018
Acer ScreenSaver
Acer Updater
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Nederlands
Advertising Center
Apple Application Support
Apple Software Update
ArcSoft TotalMedia Backup
Commandos 3 - Destination Berlin
Corel Graphics - Windows Shell Extension
Corel Paint Shop Pro Photo X2
CorelDRAW Graphics Suite X5 - BR
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - DE
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Extra Content
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - FR
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - IT
CorelDRAW Graphics Suite X5 - NL
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW Graphics Suite X5
CorelDRAW(R) Graphics Suite X5
Crazy Factory
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Handboek
eSobi v2
Free YouTube to MP3 Converter version 3.11.21.504
Google Earth Plug-in
Google Update Helper
Heroes of Might & Magic V: Hammers of Fate
Heroes of Might and Magic V
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Identity Card
ImagXpress
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 35
Junk Mail filter update
Memorex Button Manager
Mesh Runtime
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Dutch) 2010
Microsoft Office Excel MUI (Dutch) 2010
Microsoft Office Groove MUI (Dutch) 2010
Microsoft Office InfoPath MUI (Dutch) 2010
Microsoft Office Klik-en-Klaar 2010
Microsoft Office OneNote MUI (Dutch) 2010
Microsoft Office Outlook MUI (Dutch) 2010
Microsoft Office PowerPoint MUI (Dutch) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (Dutch) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proofing (Dutch) 2010
Microsoft Office Publisher MUI (Dutch) 2010
Microsoft Office Shared MUI (Dutch) 2010
Microsoft Office Starter 2010 - Nederlands
Microsoft Office Word MUI (Dutch) 2010
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MioMore Desktop 7.30
MioMore Desktop 7.50
Mozilla Firefox 15.0 (x86 nl)
Mozilla Firefox 15.0.1 (x86 nl)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyFreeCodec
Nero 9 Essentials
Nero Burning ROM 11
Nero Burning ROM 11 Help (CHM)
Nero ControlCenter
Nero ControlCenter 11
Nero ControlCenter 11 Help (CHM)
Nero Core Components 11
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero RescueAgent 11
Nero RescueAgent 11 Help (CHM)
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
Nero Update
nero.prerequisites.msi
NeroExpress
neroxml
QuickTime
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2478663)
Security Update for Taalpakket voor Microsoft .NET Framework 4 Client Profile - NLD (KB2518870)
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Visual Basic for Applications (R) Core - Dutch
Visual Basic for Applications (R) Core - English
Visual Basic for Applications (R) Core
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources

==== Batch Command(s) Run By Tool======================

# Mozilla User Preferences

/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
*/

user_pref("accessibility.typeaheadfind.flashBar", 0);
user_pref("app.update.auto", false);
user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1347125127);
user_pref("app.update.lastUpdateTime.background-update-timer", 1347125614);
user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1347125247);
user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1347117028);
user_pref("browser.anchor_color", "#0000FF");
user_pref("browser.bookmarks.restore_default_bookmarks", false);
user_pref("browser.cache.disk.capacity", 1048576);
user_pref("browser.cache.disk.smart_size.first_run", false);
user_pref("browser.cache.disk.smart_size_cached_value", 1048576);
user_pref("browser.display.background_color", "#C0C0C0");
user_pref("browser.display.use_system_colors", true);
user_pref("browser.download.manager.retention", 0);
user_pref("browser.formfill.enable", false);
user_pref("browser.migration.version", 6);
user_pref("browser.places.smartBookmarksVersion", 4);
user_pref("browser.preferences.advanced.selectedTabIndex", 3);
user_pref("browser.rights.3.shown", true);
user_pref("browser.search.update", false);
user_pref("browser.search.useDBForOrder", true);
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.startup.homepage_override.buildID", "20120905151427");
user_pref("browser.startup.homepage_override.mstone", "15.0.1");
user_pref("browser.startup.page", 0);
user_pref("browser.syncPromoViewsLeft", 0);
user_pref("browser.tabs.warnOnClose", false);
user_pref("browser.taskbar.lastgroupid", "E7CF176E110C211B");
user_pref("browser.visited_color", "#800080");
user_pref("extensions.autoDisableScopes", 0);
user_pref("extensions.blocklist.pingCountTotal", 223);
user_pref("extensions.blocklist.pingCountVersion", -1);
user_pref("extensions.bootstrappedAddons", "{}");
user_pref("extensions.databaseSchema", 13);
user_pref("extensions.enabledAddons", "en-GB@dictionaries.addons.mozilla.org:1.19.1,{ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10,{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35,{972ce4c6-7e08-4474-a285-3208198ce6fd}:15.0.1");
user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1347125748333},\"{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\",\"mtime\":1347125721048},\"{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}\",\"mtime\":1347125721111}}},{\"name\":\"app-profile\",\"addons\":{\"en-GB@dictionaries.addons.mozilla.org\":{\"descriptor\":\"C:\\\\Users\\\\Karin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\al3hy8tu.default\\\\extensions\\\\en-GB@dictionaries.addons.mozilla.org\",\"mtime\":1321104719458},\"{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\":{\"descriptor\":\"C:\\\\Users\\\\Karin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\al3hy8tu.default\\\\extensions\\\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\",\"mtime\":1336210199005}}}]");
user_pref("extensions.lastAppVersion", "15.0.1");
user_pref("extensions.lastPlatformVersion", "15.0.1");
user_pref("extensions.pendingOperations", false);
user_pref("extensions.shownSelectionUI", true);
user_pref("extensions.ui.dictionary.hidden", true);
user_pref("extensions.ui.lastCategory", "addons://list/plugin");
user_pref("extensions.ui.locale.hidden", true);
user_pref("idle.lastDailyNotification", 1346487092);
user_pref("intl.charsetmenu.browser.cache", "windows-1250, ISO-8859-5, UTF-8, windows-1252, ISO-8859-15");
user_pref("network.cookie.lifetimePolicy", 2);
user_pref("network.cookie.prefsMigrated", true);
user_pref("network.proxy.type", 0);
user_pref("places.database.lastMaintenance", 1346487092);
user_pref("places.history.enabled", false);
user_pref("places.history.expiration.transient_current_max_pages", 104858);
user_pref("places.history.expiration.transient_optimal_database_size", 167772160);
user_pref("pref.browser.homepage.disable_button.current_page", false);
user_pref("pref.browser.homepage.disable_button.restore_default", false);
user_pref("print_printer", "EPSON SX100 Series");
user_pref("printer_EPSON_SX100_Series.print_bgcolor", false);
user_pref("printer_EPSON_SX100_Series.print_bgimages", false);
user_pref("printer_EPSON_SX100_Series.print_colorspace", "");
user_pref("printer_EPSON_SX100_Series.print_command", "");
user_pref("printer_EPSON_SX100_Series.print_downloadfonts", false);
user_pref("printer_EPSON_SX100_Series.print_edge_bottom", 0);
user_pref("printer_EPSON_SX100_Series.print_edge_left", 0);
user_pref("printer_EPSON_SX100_Series.print_edge_right", 0);
user_pref("printer_EPSON_SX100_Series.print_edge_top", 0);
user_pref("printer_EPSON_SX100_Series.print_evenpages", true);
user_pref("printer_EPSON_SX100_Series.print_footercenter", "");
user_pref("printer_EPSON_SX100_Series.print_footerleft", "&PT");
user_pref("printer_EPSON_SX100_Series.print_footerright", "&D");
user_pref("printer_EPSON_SX100_Series.print_headercenter", "");
user_pref("printer_EPSON_SX100_Series.print_headerleft", "&T");
user_pref("printer_EPSON_SX100_Series.print_headerright", "&U");
user_pref("printer_EPSON_SX100_Series.print_in_color", true);
user_pref("printer_EPSON_SX100_Series.print_margin_bottom", "0.5");
user_pref("printer_EPSON_SX100_Series.print_margin_left", "0.5");
user_pref("printer_EPSON_SX100_Series.print_margin_right", "0.5");
user_pref("printer_EPSON_SX100_Series.print_margin_top", "0.5");
user_pref("printer_EPSON_SX100_Series.print_oddpages", true);
user_pref("printer_EPSON_SX100_Series.print_orientation", 0);
user_pref("printer_EPSON_SX100_Series.print_page_delay", 50);
user_pref("printer_EPSON_SX100_Series.print_paper_data", 9);
user_pref("printer_EPSON_SX100_Series.print_paper_height", " 11,00");
user_pref("printer_EPSON_SX100_Series.print_paper_name", "");
user_pref("printer_EPSON_SX100_Series.print_paper_size_type", 0);
user_pref("printer_EPSON_SX100_Series.print_paper_size_unit", 1);
user_pref("printer_EPSON_SX100_Series.print_paper_width", " 8,50");
user_pref("printer_EPSON_SX100_Series.print_plex_name", "");
user_pref("printer_EPSON_SX100_Series.print_resolution_name", "");
user_pref("printer_EPSON_SX100_Series.print_reversed", false);
user_pref("printer_EPSON_SX100_Series.print_scaling", " 1,00");
user_pref("printer_EPSON_SX100_Series.print_shrink_to_fit", true);
user_pref("printer_EPSON_SX100_Series.print_to_file", false);
user_pref("printer_EPSON_SX100_Series.print_to_filename", "");
user_pref("printer_EPSON_SX100_Series.print_unwriteable_margin_bottom", 0);
user_pref("printer_EPSON_SX100_Series.print_unwriteable_margin_left", 0);
user_pref("printer_EPSON_SX100_Series.print_unwriteable_margin_right", 0);
user_pref("printer_EPSON_SX100_Series.print_unwriteable_margin_top", 0);
user_pref("privacy.clearOnShutdown.cookies", false);
user_pref("privacy.clearOnShutdown.passwords", true);
user_pref("privacy.donottrackheader.enabled", true);
user_pref("privacy.popups.showBrowserMessage", false);
user_pref("privacy.sanitize.didShutdownSanitize", true);
user_pref("privacy.sanitize.migrateFx3Prefs", true);
user_pref("privacy.sanitize.sanitizeOnShutdown", true);
user_pref("security.disable_button.openDeviceManager", false);
user_pref("security.warn_viewing_mixed", false);
user_pref("security.warn_viewing_mixed.show_once", false);
user_pref("services.sync.clients.lastSync", "0");
user_pref("services.sync.clients.lastSyncLocal", "0");
user_pref("services.sync.globalScore", 0);
user_pref("services.sync.lastversion", "1.11.0");
user_pref("services.sync.migrated", true);
user_pref("services.sync.nextSync", 0);
user_pref("services.sync.tabs.lastSync", "0");
user_pref("services.sync.tabs.lastSyncLocal", "0");
user_pref("signon.rememberSignons", false);
user_pref("spellchecker.dictionary", "nl");
user_pref("storage.vacuum.last.index", 0);
user_pref("storage.vacuum.last.places.sqlite", 1346487092);
user_pref("toolkit.startup.last_success", 1347140563);
user_pref("toolkit.telemetry.prompted", 2);
user_pref("urlclassifier.keyupdatetime.https://sb-ssl.google.com/safebrowsing/newkey", 1349295481);
user_pref("xpinstall.whitelist.add", "");
user_pref("xpinstall.whitelist.add.36", "");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_dailyPing", "true|||1347181983390");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_debugMode", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_gtQueryParam", "UA-25323614-20");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_installedPing", "true|||8641347095583395");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_lastUpdate", "1347095583454|||8641347095583455");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam1", "MB189");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_redirectQueryParam2", "MB190");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_showtoaster", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_status", "active");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_toasterID", "not set");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_upn2", "6PQJ0vHZ6p");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_installer_name", "sg_6PQJ0vHZ6p_active_MB189_MB190_UA-25323614-20_2012-09-08-11-08-08");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_name", "Web Assistant");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_product_version", "2.0.0.100");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_temp_installer_name", "sg_6PQJ0vHZ6p_active_MB189_MB190_UA-25323614-20_2012-09-08-11-08-08");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_toolbarID", "d81f157672344bb6b5270e3840d2fb2c");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.extensionFirstRun", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.lastExtensionVersion", "2.0.0.100");
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdefaultsearch_2.0.0.100", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.100", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.setdnscatch_2.0.0.413", false);
user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.sethomepage_2.0.0.100", false);

==== Empty IE Cache ======================

C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Karin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Karin\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Karin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully
Karin
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 4
Geregistreerd: za 08 sep, 2012 19:56:57
Kennisniveau: (1) Beginner
OS: windows
AV: security essentails
FW: security essentails

Re: MyStart Incredibar verwijderen

Berichtdoor Maxstar » zo 09 sep, 2012 09:19:36

Hoi,

Hoe staat het nu momenteel met de problemen?
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32677
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor

Re: MyStart Incredibar verwijderen

Berichtdoor Karin » zo 09 sep, 2012 11:23:16

Dank je wel! Ik heb nu nergens meer last van, is het virus er nu volledig af?
Gisteren was het zo als ik een nieuw tablad opende dat ik dan de site van incredibar te zien kreeg, dat is gelukkig niet meer zo.

Ik heb nog wel een vraag, ik heb mijn startpagina's ingesteld bij internetopties, maar als ik internet opstart krijg ik maar een tablad ipv twee te zien?
Ik gebruik firefox. Hoe kan ik dat instellen?
Karin
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 4
Geregistreerd: za 08 sep, 2012 19:56:57
Kennisniveau: (1) Beginner
OS: windows
AV: security essentails
FW: security essentails

Re: MyStart Incredibar verwijderen

Berichtdoor Maxstar » zo 09 sep, 2012 11:38:21

Hoi,

Heb je de twee opgegeven startpagina's wel gescheiden met het pipe-teken? |, het zou er dan als volgt uit moeten zien.
http://www.website1.nl | http://www.website2.nl
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32677
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor

Re: MyStart Incredibar verwijderen

Berichtdoor Karin » zo 09 sep, 2012 11:42:57

Het is gelukt! Bedankt voor je hulp
Karin
PC Web Plus - Member
PC Web Plus - Member
 
Berichten: 4
Geregistreerd: za 08 sep, 2012 19:56:57
Kennisniveau: (1) Beginner
OS: windows
AV: security essentails
FW: security essentails

Re: MyStart Incredibar verwijderen

Berichtdoor Maxstar » zo 09 sep, 2012 11:44:05

Hoi,

Graag gedaan en mooi dat het gelukt is. :good:

De volgende programma's en bijbehorende log bestanden mag je verwijderen. MBAM en de Emsisoft Emergency Kit kan je gewoon blijven gebruiken om periodiek de computer te scannen (wel eerst updaten).
  • Zoek.exe
  • DDS


Aangezien de problemen zijn verholpen adviseer ik u nog wel even het onderstaande uit te voeren.

1.) Systeemherstelpunten verwijderen
Als de computer geïnfecteerd is geweest met een malware infectie is het raadzaam om alle aanwezige systeemherstelpunten te verwijderen, want hier kunnen namelijk besmette herstelpunten tussen zitten.
  • Hoe u de herstelpunten verwijderd leest u hier
  • Hoe u zelf snel een nieuw systeemherstelpunt aan kunt maken leest u hier

2.) Installeren van essentiële updates.
Hoe u uw besturingssysteem en overige software up to date houdt kunt u hier lezen.
Door middel van het programma Secunia PSI wordt u automatisch gewaarschuwd indien er updates voor de geïnstalleerde software beschikbaar is, meer informatie leest u hier

3.) Pas op voor 'Phishing' berichten.
Phishing is een vorm van internet oplichting (fraude), met valse e-mailberichten en websites die er vertrouwd uitzien wordt er getracht 'logingegevens' en andere persoonlijke informatie te achterhalen.
Dit gebeurt vaak op hele slinkse manieren, zoals bijvoorbeeld e-mailberichten waarin u gevraagd wordt uw inloggegevens te verifiëren, in deze gevallen wordt u vaak naar een valse (clone) website gestuurd, zodra u uw gegevens hier hebt ingevoerd zijn deze in de handen van de kwaadwillende met alle gevolgen van dien.
Meer informatie leest u hier

4.) Gebruikersaccounts
Met dit account heeft u dus het volledige beheer van de computer in handen, het is dan ook niet aan te raden om dit account als primair account voor het dagelijkse gebruik in te stellen.
Meer informatie hierover leest u hier

5.) Wachtwoorden wijzigen
De meeste malware maakt een uitgaande verbinding met een Command & Control-server waarbij er vertrouwelijke gegevens zoals bijvoorbeeld inloggegevens worden buitgemaakt, indien uw computer geïnfecteerd is geweest is het dan ook raadzaam om al uw gebruikte wachtwoorden te wijzigen.
Meer informatie hierover leest u hier

6.) Risico's bij het downloaden
Peer to Peer (P2P) netwerken en ook Usenet (nieuwsgroepen) zijn een grote bron op het internet wat betreft het verspreiden van malware, het aanbieden van 'gevaarlijke' software (malware) gebeurt vrijwel anoniem waardoor dit een veel gebruikte methode is voor het verspreiden van malware.
Meer informatie hierover leest u hier

7.) Preventie informatie & het gebruik van beveiligings software.
Om de kans op een her-infectie te minimaliseren kan je naast de gebruikte beveiligingssoftware een aanvullende malwarescanner installeren zoals Emsisoft Anti-Malware of Malwarebytes' Antimalware om de bescherming te optimaliseren.
Hier staat meer informatie hoe u een infectie in de toekomst kunt voorkomen, lees dit eens op uw gemak door.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32677
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor

Re: MyStart Incredibar verwijderen

Berichtdoor Maxstar » ma 10 sep, 2012 14:23:35

Omdat het probleem is verholpen wordt dit topic gesloten en verplaatst naar de sectie opgeloste problemen / logs.

Als u dit topic heropent wilt hebben, dan kunt u mij of één van moderators een (PB) privébericht sturen met een link naar dit betreffende topic.

Indien het topic al langere tijd is gesloten kunt u het beste hier een nieuw topic aanmaken, en eventueel verwijzen naar dit topic.


Voor alle andere vragen kunt u in het juiste forum een nieuw onderwerp starten.
Met vriendelijke groet,

Maxstar


Member of UNITE Unified Network of Instructors and Trained Eliminators (Unite Against Malware)
Avatar gebruiker
Maxstar
Administrator
Administrator
 
Berichten: 32677
Geregistreerd: za 27 sep, 2008 10:18:07
Kennisniveau: (3) Expert
OS: Windows 7
AV: Emsisoft Anti-Malware
FW: Online Armor


Keer terug naar Opgeloste problemen / logs

Wie is er online

Gebruikers op dit forum: Geen geregistreerde gebruikers. en 0 gasten