Ga naar inhoud

Aanbevolen berichten

Geplaatst:

ComboFix 09-08-10.06 - Hannibal 18/08/2009 21:51.1.4 - NTFSx86 MINIMAL

Microsoft Windows XP Home Edition 5.1.2600.3.1252.32.1043.18.3582.3307 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Hannibal\Bureaublad\ComboFix.exe

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}

FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

- VERMINDERDE FUNCTIONALITEIT MODUS -

.

(((((((((((((((((((( Bestanden Gemaakt van 2009-07-18 to 2009-08-18 ))))))))))))))))))))))))))))))

.

2009-08-18 19:44 . 2009-08-18 19:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache

2009-08-18 19:37 . 2009-08-18 19:37 -------- d-----w- c:\windows\ie8updates

2009-08-18 17:44 . 2009-08-18 17:44 -------- d-----w- C:\Kopie van 32788R22FWJFW.3.tmp

2009-08-18 07:36 . 2009-08-18 17:43 -------- d-----w- C:\32788R22FWJFW.5.tmp

2009-08-18 07:35 . 2009-07-03 17:00 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2009-08-18 07:35 . 2009-07-03 17:00 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-08-18 07:35 . 2009-07-03 17:00 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-08-18 07:35 . 2009-07-03 17:00 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2009-08-18 07:35 . 2009-07-03 17:00 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll

2009-08-18 07:32 . 2009-08-18 07:36 -------- d-----w- C:\32788R22FWJFW.4.tmp

2009-08-18 07:30 . 2009-08-18 10:24 -------- d--h--r- c:\documents and settings\Hannibal\Onlangs geopend

2009-08-18 07:28 . 2009-08-18 07:32 -------- d-----w- C:\32788R22FWJFW.3.tmp

2009-08-18 07:27 . 2009-08-18 07:28 -------- d-----w- C:\32788R22FWJFW.2.tmp

2009-08-18 07:25 . 2009-08-18 07:27 -------- d-----w- C:\32788R22FWJFW.1.tmp

2009-08-18 07:19 . 2009-08-18 07:19 -------- d-sh--w- c:\documents and settings\Hannibal\IECompatCache

2009-08-18 07:17 . 2009-08-18 07:17 -------- d-sh--w- c:\documents and settings\Hannibal\PrivacIE

2009-08-18 07:14 . 2009-08-18 07:14 -------- d-sh--w- c:\documents and settings\Hannibal\IETldCache

2009-08-18 07:11 . 2009-08-18 07:12 -------- dc-h--w- c:\windows\ie8

2009-08-17 01:15 . 2009-08-17 01:15 -------- d-----w- c:\windows\system32\XPSViewer

2009-08-17 01:15 . 2009-08-17 01:15 -------- d-----w- c:\program files\Reference Assemblies

2009-08-17 01:03 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll

2009-08-17 01:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll

2009-08-17 01:03 . 2009-08-17 01:15 -------- d-----w- C:\36b59d4ad08d75b002d04281016b38

2009-08-17 01:03 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll

2009-08-17 01:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll

2009-08-17 01:03 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll

2009-08-17 01:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll

2009-08-17 01:03 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe

2009-08-16 13:51 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe

2009-08-16 13:21 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys

2009-08-16 13:20 . 2009-08-16 13:20 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}

2009-08-16 13:20 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe

2009-08-16 13:20 . 2009-08-16 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft

2009-08-16 13:20 . 2009-08-16 13:20 -------- d-----w- c:\program files\Lavasoft

2009-08-16 12:49 . 2009-08-16 12:49 -------- d-----w- c:\documents and settings\Hannibal\Application Data\Malwarebytes

2009-08-16 12:48 . 2009-08-03 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-08-16 12:48 . 2009-08-16 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-08-16 12:48 . 2009-08-03 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-08-16 12:48 . 2009-08-16 12:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-08-13 14:43 . 2009-08-13 14:43 -------- d--h--w- c:\windows\PIF

2009-08-12 18:42 . 2009-08-12 18:42 -------- d-----w- c:\program files\Windows Live SkyDrive

2009-08-09 22:47 . 2009-08-09 22:48 -------- d-----w- c:\program files\Sinking Island

2009-08-05 14:02 . 2009-08-05 14:02 152576 ----a-w- c:\documents and settings\Hannibal\Application Data\Sun\Java\jre1.6.0_15\lzma.dll

2009-08-04 14:42 . 2009-08-04 14:42 -------- d-----w- c:\documents and settings\Hannibal\Local Settings\Application Data\COMODO

2009-07-29 22:15 . 2009-07-29 22:15 -------- d-----w- c:\program files\uTorrent

2009-07-29 22:14 . 2009-08-15 23:09 -------- d-----w- c:\documents and settings\Hannibal\Application Data\uTorrent

2009-07-28 17:11 . 2009-07-28 17:11 -------- d-----w- c:\program files\TVAnts

2009-07-22 21:41 . 2009-07-22 21:41 -------- d-----w- c:\program files\DirectVobSub

2009-07-22 19:13 . 2009-07-22 19:13 28592 ----a-w- c:\windows\system32\drivers\tap0901.sys

2009-07-21 08:25 . 2009-07-21 08:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2009-07-20 23:24 . 2009-07-21 08:37 -------- d-----w- c:\documents and settings\Hannibal\Local Settings\Application Data\Google

2009-07-20 23:23 . 2009-07-20 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater

2009-07-20 23:23 . 2009-07-20 23:24 -------- d-----w- c:\program files\Google

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-08-18 19:42 . 2009-06-08 20:48 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat

2009-08-18 07:31 . 2009-06-22 11:09 -------- d-----w- c:\program files\CCleaner

2009-08-17 01:19 . 2008-04-15 12:00 86226 ----a-w- c:\windows\system32\perfc013.dat

2009-08-17 01:19 . 2008-04-15 12:00 499242 ----a-w- c:\windows\system32\perfh013.dat

2009-08-17 01:15 . 2009-07-14 14:26 -------- d-----w- c:\program files\MSBuild

2009-08-14 01:02 . 2009-07-14 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-08-12 22:05 . 2009-06-16 13:52 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-08-12 18:42 . 2009-06-09 05:51 -------- d-----w- c:\program files\Windows Live

2009-08-05 14:03 . 2009-06-09 18:56 -------- d-----w- c:\program files\Java

2009-08-05 09:01 . 2008-04-15 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll

2009-07-25 03:23 . 2009-06-09 18:56 411368 ----a-w- c:\windows\system32\deploytk.dll

2009-07-22 21:38 . 2009-06-08 21:07 -------- d-----w- c:\program files\Gabest

2009-07-19 16:39 . 2009-07-19 16:38 -------- d-----w- c:\program files\SopCast

2009-07-18 11:24 . 2009-06-09 18:52 -------- d-----w- c:\program files\Foxit Reader

2009-07-17 19:04 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\atl.dll

2009-07-14 14:34 . 2009-06-08 17:47 68456 ----a-w- c:\documents and settings\Hannibal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-07-14 14:26 . 2009-07-14 14:26 -------- d-----w- c:\program files\Microsoft Works

2009-07-14 14:03 . 2009-07-14 14:03 -------- d-----w- c:\program files\DAMN NFO Viewer

2009-07-13 21:43 . 2008-04-15 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll

2009-07-10 17:21 . 2009-07-10 17:21 4608 ----a-w- c:\windows\system32\w95inf32.dll

2009-07-10 17:21 . 2009-07-10 17:21 2272 ----a-w- c:\windows\system32\w95inf16.dll

2009-07-05 12:35 . 2009-07-05 12:35 -------- d-----w- c:\documents and settings\Hannibal\Application Data\Media Player Classic

2009-07-03 17:00 . 2008-04-15 12:00 915456 ----a-w- c:\windows\system32\wininet.dll

2009-07-02 02:34 . 2009-07-02 02:34 33840 ----a-w- c:\windows\system32\drivers\HssDrv.sys

2009-06-23 11:53 . 2009-06-23 11:45 -------- d-----w- c:\documents and settings\Hannibal\Application Data\BonkEnc

2009-06-23 11:44 . 2009-06-23 11:44 160622 ----a-w- c:\windows\Free Audio Converter CS Uninstaller.exe

2009-06-23 11:44 . 2009-06-23 11:44 -------- d-----w- c:\program files\Free Audio Converter CS

2009-06-23 11:31 . 2009-06-23 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Movavi Video Converter 6

2009-06-23 11:27 . 2009-06-23 11:27 -------- d-----w- c:\program files\Movavi Video Converter 6

2009-06-23 11:11 . 2009-06-23 11:11 -------- d-----w- c:\program files\YouTube Downloader

2009-06-20 13:28 . 2009-06-20 13:28 -------- d-----w- c:\program files\MSXML 4.0

2009-06-20 10:38 . 2009-06-20 10:38 -------- d-----w- c:\program files\DIFX

2009-06-20 10:38 . 2009-06-20 10:38 -------- d-----w- c:\documents and settings\Hannibal\Application Data\Samsung

2009-06-20 10:38 . 2009-06-09 19:04 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-06-20 10:38 . 2009-06-20 10:38 -------- d-----w- c:\program files\MarkAny

2009-06-20 10:37 . 2009-06-20 10:37 -------- d-----w- c:\program files\Samsung

2009-06-20 10:35 . 2009-06-20 10:34 -------- d-----w- c:\program files\Common Files\Adobe

2009-06-16 14:40 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll

2009-06-16 14:40 . 2008-04-15 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2009-06-15 10:45 . 2008-04-15 12:00 79872 ----a-w- c:\windows\system32\telnet.exe

2009-06-10 14:16 . 2008-04-15 12:00 85504 ----a-w- c:\windows\system32\avifil32.dll

2009-06-10 13:47 . 2009-06-09 19:01 15600 ----a-w- c:\windows\gdrv.sys

2009-06-10 07:22 . 2009-06-08 17:38 2066432 ----a-w- c:\windows\system32\mstscax.dll

2009-06-10 06:16 . 2008-04-15 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll

2009-06-09 18:56 . 2009-06-09 18:56 152576 ----a-w- c:\documents and settings\Hannibal\Application Data\Sun\Java\jre1.6.0_13\lzma.dll

2009-06-09 18:00 . 2009-06-08 17:41 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2009-06-08 20:57 . 2009-06-08 20:07 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys

2009-06-08 20:07 . 2009-06-08 20:07 82080 ----a-w- c:\windows\system32\drivers\inspect.sys

2009-06-08 20:07 . 2009-06-08 20:07 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys

2009-06-08 20:07 . 2009-06-08 20:07 168208 ----a-w- c:\windows\system32\guard32.dll

2009-06-08 19:05 . 2009-06-08 19:05 0 ----a-w- c:\windows\nsreg.dat

2009-06-08 17:39 . 2009-06-08 17:39 21748 ----a-w- c:\windows\system32\emptyregdb.dat

2009-06-03 19:11 . 2008-04-15 12:00 1295360 ----a-w- c:\windows\system32\quartz.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-06-08 1794320]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-25 8527872]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-10-25 81920]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-15 172032]

"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2009-02-17 17508864]

"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-10-25 1626112]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsasvr.exe"=

"c:\\Program Files\\Samsung\\Samsung New PC Studio\\npsvsvr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]

"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [16/08/2009 15:21 64160]

R0 pe3ajbeb;L Ile Noyee Environment Driver (pe3ajbeb);c:\windows\system32\drivers\pe3ajbeb.sys [22/08/2007 18:31 64632]

R0 ps7ajbeb;L Ile Noyee Synchronization Driver (ps7ajbeb);c:\windows\system32\drivers\ps7ajbeb.sys [22/08/2007 18:30 68736]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/07/2009 16:49 1029456]

S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [8/06/2009 22:07 132640]

S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [8/06/2009 22:07 24096]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [20/06/2009 12:38 233472]

S2 gupdate1ca09913ab90a96;Google Updateservice (gupdate1ca09913ab90a96);c:\program files\Google\Update\GoogleUpdate.exe [21/07/2009 1:24 133104]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/06/2009 20:21 1684736]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [20/06/2009 12:38 36608]

S3 tap0901;TAP-Win32 Adapter V9;c:\windows\system32\drivers\tap0901.sys [22/07/2009 21:13 28592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

Inhoud van de 'Gedeelde Taken' map

2009-08-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]

2009-08-18 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-20 23:23]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 23:24]

2009-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-20 23:24]

2009-08-17 c:\windows\Tasks\OGADaily.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-08-18 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

.

- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-NPSStartup - (no file)

.

------- Bijkomende Scan -------

.

uInternet Settings,ProxyOverride = local

uInternet Settings,ProxyServer = 127.0.0.1:9666

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Hannibal\Application Data\Mozilla\Firefox\Profiles\n1er2irn.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (nl)

FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll

FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2009-08-18 21:53

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

Voltooingstijd: 2009-08-18 21:55

ComboFix-quarantined-files.txt 2009-08-18 19:55

Pre-Run: 132.654.477.312 bytes beschikbaar

Post-Run: 132.671.954.944 bytes beschikbaar

263 --- E O F --- 2009-08-18 19:37

Geplaatst:

Deze vetgedrukte bestanden mag je nog verwijderen met Windows Verkenner :

C:\Kopie van 32788R22FWJFW.3.tmp

C:\32788R22FWJFW.5.tmp

C:\32788R22FWJFW.4.tmp

C:\32788R22FWJFW.3.tmp

C:\32788R22FWJFW.2.tmp

C:\32788R22FWJFW.1.tmp

... en dan mag je aan de opruiming beginnen.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Verwijder volgende vetgedrukte map met Windows Verkenner : C:\Qoobox (indien nog aanwezig).

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

That's it !

Geplaatst:
Deze vetgedrukte bestanden mag je nog verwijderen met Windows Verkenner :

C:\Kopie van 32788R22FWJFW.3.tmp

C:\32788R22FWJFW.5.tmp

C:\32788R22FWJFW.4.tmp

C:\32788R22FWJFW.3.tmp

C:\32788R22FWJFW.2.tmp

C:\32788R22FWJFW.1.tmp

Dit lukt eigenaardig genoeg niet.

Ik krijg een foutmelding "kan forcelibrary.dll niet vewijderen. De toegang is geweigerd. Controleer...."

Ik heb dit ook al een aantal keer voorgehad dat ik een map met filmpjes niet kan verwijderen, maar in de map zelf de filmpjes individueel wel.

Vooraleer dus combofix weg te doen, wacht ik nog even af tot dit opgelost is.

Geplaatst:

Ok, de *.tmp-mapjes zijn verwijderd.

Verwijder Combofix: Start -> Uitvoeren en typ: combofix /u

Dit lukt echter niet, als ik dit ingeef herstart hij combofix en krijg ik weer de foutmeldingen (geen toelating).

Is het de bedoeling dat ik dit op nieuw in veilige modus doe of kan ik combofix gewoon handmatig verwijderen?

Edit: deze namiddag is mijn audio-icoontje wederom verdwenen uit mijn sys-tray. Kan dus weer geen mp3's meer afspelen.

Als ik dus al met een virus zat is het blijkbaar nog niet verdwenen.

Wat doe ik best? combofix nog eens laten lopen of eerst de logs nog eens posten?

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.