Ga naar inhoud

trojaans paard


Aanbevolen berichten

ComboFix 10-04-17.02 - user 18/04/2010 11:10:29.2.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1791.1157 [GMT 2:00]

Gestart vanuit: c:\documents and settings\user\Mijn documenten\Downloads\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\user\Bureaublad\CFScript.txt

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}

* Nieuw herstelpunt werd aangemaakt

FILE ::

"c:\documents and settings\All Users\Application Data\3V32vF2R.dat"

"c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{628885B7-1D24-4146-AED5-04BE9CB24A5C}\MpKslc3ce5fd0.sys"

"c:\windows\esxx06563.exe"

"c:\windows\kbcdml32.dll"

"c:\windows\system32\drivers\jsftl.sys"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\3V32vF2R.dat

c:\documents and settings\user\Local Settings\Application Data\AskToolbar

c:\documents and settings\user\Local Settings\Application Data\AskToolbar\almost.xml

c:\documents and settings\user\Local Settings\Application Data\AskToolbar\cache.dat

c:\documents and settings\user\Local Settings\Application Data\AskToolbar\config.xml

c:\documents and settings\user\Local Settings\Application Data\AskToolbar\Downloaded Program Files\LimeWire.dll

c:\documents and settings\user\Local Settings\Application Data\AskToolbar\Downloaded Program Files\LimeWire.inf

c:\documents and settings\user\Local Settings\Application Data\AskToolbar\limewire.cab

Besmet exemplaar van c:\windows\system32\drivers\kbdclass.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - Kitty had a snack :P

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_MPKSLC3CE5FD0

-------\Service_qoscq

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-18 to 2010-04-18 ))))))))))))))))))))))))))))))

.

2010-04-17 11:46 . 2010-04-17 11:46 -------- d-----w- c:\program files\Microsoft Security Essentials

2010-04-16 20:42 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-16 20:42 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-16 20:07 . 2010-04-16 20:07 388096 ----a-r- c:\documents and settings\user\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-04-16 20:07 . 2010-04-16 20:07 -------- d-----w- c:\program files\TrendMicro

2010-04-14 17:12 . 2010-04-17 17:11 0 ----a-w- c:\documents and settings\user\Local Settings\Application Data\prvlcl.dat

2010-04-13 17:16 . 2010-04-13 17:16 -------- d-----w- c:\documents and settings\user\Application Data\AVG9

2010-04-13 10:04 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

2010-04-12 16:09 . 2010-04-12 16:09 1035032 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe

2010-04-12 16:09 . 2010-04-12 16:09 1685784 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll

2010-04-11 15:28 . 2010-04-11 15:28 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AVG Security Toolbar

2010-04-11 15:26 . 2010-04-11 15:26 -------- d-----w- C:\$AVG

2010-04-11 15:22 . 2010-04-11 15:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll

2010-04-11 15:21 . 2010-04-18 08:55 -------- d-----w- c:\windows\system32\drivers\Avg

2010-04-11 15:21 . 2010-04-11 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar

2010-04-11 15:20 . 2010-04-11 15:20 25096 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys

2010-04-11 15:20 . 2010-04-11 15:20 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2010-04-11 15:20 . 2010-04-11 15:20 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-04-11 15:20 . 2010-04-11 15:20 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-04-11 15:20 . 2010-04-11 15:20 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-04-11 15:19 . 2010-04-11 15:19 50968 ----a-w- c:\windows\system32\avgfwdx.dll

2010-04-11 15:19 . 2010-04-11 15:19 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys

2010-04-11 15:18 . 2010-04-11 16:10 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

2010-04-11 12:14 . 2010-04-11 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure

2010-04-11 12:12 . 2010-04-11 12:12 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe

2010-04-11 12:12 . 2010-04-18 09:17 7175200 --sha-w- c:\windows\system32\drivers\fidbox.dat

2010-04-11 12:12 . 2010-04-18 09:16 147488 --sha-w- c:\windows\system32\drivers\fidbox2.dat

2010-04-11 12:06 . 2010-04-14 16:00 -------- d-----w- c:\program files\Common Files\ParetoLogic

2010-04-11 12:06 . 2010-04-11 14:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2010-04-11 12:05 . 2010-04-11 12:05 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Downloaded Installations

2010-04-11 10:54 . 2010-04-11 10:54 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes

2010-04-11 10:53 . 2010-04-11 10:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-04-11 10:53 . 2010-04-16 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-11 10:22 . 2010-04-11 10:22 -------- d-----w- c:\program files\Enigma Software Group

2010-04-11 09:51 . 2010-04-11 09:52 -------- d-----w- c:\documents and settings\user\Application Data\Antispyware

2010-04-11 08:49 . 2010-02-24 08:16 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-04-11 00:11 . 2010-04-11 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2010-04-11 00:11 . 2010-04-11 00:12 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-10 21:24 . 2010-04-10 21:24 -------- d-----w- c:\program files\BlueByte

2010-04-10 19:14 . 2010-04-10 21:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2010-04-10 19:09 . 2010-04-10 19:09 503808 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-626ee535-n\msvcp71.dll

2010-04-10 19:09 . 2010-04-10 19:09 499712 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-626ee535-n\jmc.dll

2010-04-10 19:09 . 2010-04-10 19:09 348160 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-626ee535-n\msvcr71.dll

2010-04-10 19:09 . 2010-04-10 19:09 61440 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-752905eb-n\decora-sse.dll

2010-04-10 19:09 . 2010-04-10 19:09 12800 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-752905eb-n\decora-d3d.dll

2010-04-10 19:06 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll

2010-04-10 19:06 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll

2010-04-10 19:06 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll

2010-04-10 19:06 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll

2010-04-10 19:06 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll

2010-04-10 18:25 . 2010-04-10 18:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache

2010-04-09 12:09 . 2010-04-09 12:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-04-09 10:42 . 2010-04-09 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus

2010-03-20 15:00 . 2010-03-20 15:00 -------- d-sh--w- c:\documents and settings\user\IECompatCache

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-18 09:15 . 2010-04-11 12:12 97052 --sha-w- c:\windows\system32\drivers\fidbox.idx

2010-04-18 09:15 . 2010-04-11 12:12 14828 --sha-w- c:\windows\system32\drivers\fidbox2.idx

2010-04-18 09:14 . 2008-04-15 12:00 86370 ----a-w- c:\windows\system32\perfc013.dat

2010-04-18 09:14 . 2008-04-15 12:00 499244 ----a-w- c:\windows\system32\perfh013.dat

2010-04-15 18:07 . 2009-03-08 18:49 -------- d-----w- c:\program files\Google

2010-04-14 08:26 . 2008-10-03 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2010-04-11 15:18 . 2008-10-03 11:09 -------- d-----w- c:\program files\AVG

2010-04-10 19:09 . 2008-10-03 08:47 -------- d-----w- c:\program files\Common Files\Java

2010-04-10 19:09 . 2008-10-03 08:47 -------- d-----w- c:\program files\Java

2010-03-14 14:26 . 2010-03-14 14:25 -------- d-----w- c:\program files\EPB Software Vlaanderen 1.3.2

2010-03-10 06:17 . 2008-04-15 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-03-09 02:28 . 2009-01-09 22:22 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-02-25 06:20 . 2008-04-15 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-24 13:11 . 2008-04-15 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-02-23 12:04 . 2010-04-12 16:10 1664256 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll

2010-02-16 19:09 . 2008-04-15 12:00 2150912 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-02-16 19:09 . 2008-04-14 22:11 2029056 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-02-12 04:35 . 2008-04-15 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll

2010-02-11 12:02 . 2008-04-15 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys

.

<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Ahead\Lib\NeroCheck .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Microsoft Office\Office12\GrooveMonitor .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-04-17_12.18.11 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-04-18 09:16 . 2010-04-18 09:16 16384 c:\windows\Temp\Perflib_Perfdata_860.dat

+ 2008-04-15 12:00 . 2010-04-18 09:14 67626 c:\windows\system32\perfc009.dat

- 2008-04-15 12:00 . 2010-04-17 11:29 67626 c:\windows\system32\perfc009.dat

+ 2008-04-15 12:00 . 2010-04-18 09:14 432670 c:\windows\system32\perfh009.dat

- 2008-04-15 12:00 . 2010-04-17 11:29 432670 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2010-02-23 12:04 1664256 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-02-23 1664256]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [N/A]

"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [N/A]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [N/A]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1093208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

c:\documents and settings\user\Menu Start\Programma's\Opstarten\

OneNote 2007 Schermopname en Snel starten.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

OneNote-inhoudsopgave.onetoc2 [2009-12-14 3656]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [11/04/2010 17:20 25096]

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [11/04/2010 17:20 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/04/2010 17:20 216200]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/04/2010 17:20 242696]

R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/04/2010 17:19 308064]

R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [11/04/2010 17:20 2325816]

R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [11/04/2010 17:19 5888008]

R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [11/04/2010 17:19 30104]

R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [11/04/2010 17:19 122376]

R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [11/04/2010 17:19 30216]

R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [11/04/2010 17:19 26120]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/09/2009 18:42 133104]

S3 ALLOW-IO;ALLOW-IO;\??\e:\allow-io.sys --> e:\ALLOW-IO.sys [?]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [11/04/2010 17:21 369920]

S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [11/04/2010 17:19 30104]

.

Inhoud van de 'Gedeelde Taken' map

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 16:42]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 16:42]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.hln.be/

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\ds8oaqzu.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-04-18 11:17

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'winlogon.exe'(968)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(6460)

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\Ati2evxx.exe

c:\program files\Microsoft Security Essentials\MsMpEng.exe

c:\windows\system32\Ati2evxx.exe

c:\windows\RTHDCPL.EXE

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\PnkBstrB.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2010-04-18 11:20:28 - machine werd herstart

ComboFix-quarantined-files.txt 2010-04-18 09:20

ComboFix2.txt 2010-04-17 12:22

Pre-Run: 1.490.558.976 bytes beschikbaar

Post-Run: 1.381.687.296 bytes beschikbaar

- - End Of File - - 0D2618F2755875F4BCCC455CA4207471

Link naar reactie
Delen op andere sites

Bedankt KAPE!

AVG vindt geen trojaanse paarden meer! Fantastisch!

Enkel Microsoft Security Essentials maakt melding van een virus: Win32/Alureon.H.

Bij uitgevoerde acties vermeld MSE dat het virus gedesinfecteerd werd, maar bij een tweede scan wordt opnieuw melding gemaakt van het virus.

Ik heb een printsceen gemaakt (zie bijlage).

Wat kan hiertegen gedaan worden?

Moet ik Combofix verwijderen?

Bedankt op voorhand!

printscreen.docx

Link naar reactie
Delen op andere sites

Als ik het goed begrijp gebruikt u 2 Antivirus programma's en dat is zeker niet aan te raden hoor.

Maak een keuze uit 1 van de 2 en verwijder dan de andere.

De ene antivirus reageert namelijk op de virus database van de andere en dat zorgt voor problemen.

Verder zal Kape u door de nog te nemen stappen loodsen.;-)

Link naar reactie
Delen op andere sites

Dat varkentje van Microsoft Security Essentials gaan we meteen wassen tijdens de “grote schoonmaak” : verwijderen van gebruikte programma’s, een cleaning en het verwijderen van de besmette herstelpunten.

Verwijder Combofix: Start -> Uitvoeren en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Download CCleaner. Klik op deze pagina op één van de mirrorsites van MajorGeeks en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

En het is inderdaad geen goed idee om twee gelijkaardige scanners te runnen. Laat MSE nog even scannen (om te zien of die nog iets te vertellen heeft) en maak dan best een keuze uit de twee die je momenteel gebruikt.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.