proxy server firefox

[swingkid]

ik had een infectie met mywebsearch.
deze verwijderd en daarna de map waar alles inzat ook verwijderd.
nu gaat alleen elke keer als ik firefox opstart de instelling weer naar een proxyserver
(127.0.0.1 poort 60202 )
al diverse scans geprobeerd ,ook in save mode en alle verwijzingen naar mywebsearch verwijderd in het prefs,js
dit is de hijack file:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:41, on 12-5-2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Ati2evxx.exe
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir Desktop\sched.exe
H:\Program Files\Avira\AntiVir Desktop\avguard.exe
H:\WINDOWS\Explorer.EXE
H:\Program Files\Avira\AntiVir Desktop\avshadow.exe
H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
H:\Program Files\Avira\AntiVir Desktop\avgnt.exe
H:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
H:\Program Files\Pure Networks\Network Magic\nmapp.exe
H:\Program Files\dcmsvc\dcmsvc.exe
H:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\ASRock Utility\IES\AsrIes.exe
H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
H:\Program Files\Windows Media Player\WMPNSCFG.exe
H:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
H:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
H:\Program Files\Bonjour\mDNSResponder.exe
H:\WINDOWS\system32\crypserv.exe
H:\Program Files\Executive Software\Diskeeper\DkService.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Java\jre6\bin\jqs.exe
H:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
H:\Program Files\3D Driver\Win32\S3DCService.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\system32\Pen_Tablet.exe
H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
H:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
H:\WINDOWS\system32\Pen_Tablet.exe
H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\Program Files\Mozilla Firefox\plugin-container.exe
H:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bolhoeve.tk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - H:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - H:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - H:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - H:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HDAudDeck] H:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [DiskeeperSystray] H:\Program Files\Executive Software\Diskeeper\DkIcon.exe
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [nmctxth] H:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
O4 - HKLM\..\Run: [nmapp] "H:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [ATICustomerCare] H:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe
O4 - HKLM\..\Run: [EPSON Stylus DX3800 Series] H:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACE.EXE /F "H:\WINDOWS\TEMP\E_S1CF.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [dcmsvc] H:\Program Files\dcmsvc\dcmsvc.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] H:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ASRockIES] H:\Program Files\ASRock Utility\IES\AsrIes.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] H:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] H:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
O4 - HKCU\..\Run: [WMPNSCFG] H:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ColorVisionStartup.lnk = H:\Program Files\ColorVision\Utility\ColorVisionStartup.exe
O8 - Extra context menu item: &Download by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://H:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://H:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Do&wnload selected by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://H:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://H:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - H:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O20 - Winlogon Notify: !SASWinLogon - H:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - H:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - H:\WINDOWS\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - H:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - H:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - H:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - H:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - H:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - H:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - H:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - H:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - H:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-service (gupdatem) (gupdatem) - Google Inc. - H:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - H:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - H:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - H:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - H:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - H:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - H:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - H:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: S3D Service (Win32) - iZ3D Inc. - H:\Program Files\3D Driver\Win32\S3DCService.exe
O23 - Service: ServiceLayer - Nokia - H:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - H:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - H:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - H:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 12035 bytes

 

[Aphysemi0n]

Je zou even kunnen scannen met Houscall online (het beste is in safe mode) .... en als je in je Windows\system32\drivers\etc kijkt en daar het bestandje HOSTS bewerkt met notepad, zul je geheid een heleboel adressen zien die gekoppeld zijn aan 127.0.0.1 (hier hoort alleen 127.0.0.1 localhost te staan).

 

[mrmusic]

Of in Firefox onder Extra -> Opties -> Geavanceerd -> Instellingen de Proxy verbinding uitschakelen

 

[swingkid]

als ik de proxy uitschakel is hij bij het herstarten van firefox weer terug , dat is het probleem

 

[mrmusic]

Dan heb je MyWebSearch dus niet op de juiste manier verwijderd...
Hier kun je lezen hoe het wel moet:

http://www.bleepingcomputer.com/forums/topic260840.html

 

[swingkid]

Je zou even kunnen scannen met Houscall online (het beste is in safe mode) .... en als je in je Windows\system32\drivers\etc kijkt en daar het bestandje HOSTS bewerkt met notepad, zul je geheid een heleboel adressen zien die gekoppeld zijn aan 127.0.0.1 (hier hoort alleen 127.0.0.1 localhost te staan).

ik heb het nagekeken maar alleen localhost staat in de lijst
ik zal houscall eens proberen

 

[swingkid]

ik had houscall all gedaan maar nog niet in safemode ,nu wel
de stappen van bleeping gedaan (meeste had ik al maar teveel kan geen kwaad) maar ook daar kwamen ze niet tot een oplossing.
het toppic stopte gewoon
ik had ik heb mywebsearch dus verwijderd via uninstall
hierna superanti spyware
houscall
Malwarebytes' Anti-Malware
combofix liep vast
cc cleaner
regsupreme
atf cleaner
en in het prefs,jfs file alles verwijderd wat maar met mywebsearch te maken had
waarbij alle bovengenoemde programma's niets (meer) vinden !

 

[swingkid]

ik heb firefox opnieuw geïnstalleerd en heb er nu geen last meer van maar de oorzaak is nog steeds onbekend.