Wel verbinding/ping, geen internet

Xanthi · 26 april 2010

inderdaad (en volgens mij staat er nog meer troep op, die niet nodig is)

Zit de update dan in de exe en niet in een aparte database?

kape · 26 april 2010

De update zit in het programma Malwarebytes zelf op één van de tabbladen. Maar de kans is groot dat je door de besmetting deze update niet kan downloaden. Elke andere mogelijkheid die dit kan verwezenlijken, mag je dus proberen.

Xanthi · 27 april 2010

Ik kan op de probleemmachine inderdaad nog geen internetverbinding krijgen.

Op de goed werkende machine kan ik MBAM wel updaten naar 4043

Echter als ik de hele MBAM map via een stick kopieer naar de probleemPC start hij daar 3937 op. Blijkbaar bewaart hij de update ergens anders?

Wat kan ik nu nog doen, behalve MBAM, want die vindt niets meer?

kape · 27 april 2010

Download Combofix naar het bureaublad van een andere PC, wijzig de naam van het bestand combofix.exe in scan.exe ... en haal ook dit via USB naar de besmette computer. Probeer dan uit of dit wél wil scannen.

Lees hier meer over correct gebruik van Combofix.

OPMERKING: indien je, tijdens of na het downloaden van Combofix of tijdens het gebruik van Combofix een melding krijgt van je Antivirus- of een andere realtime scanner, schakel dan deze scanner uit en download Combofix opnieuw.

Sommige scanners zien bepaalde componenten die Combofix gebruikt als verdacht en gaan deze blokkeren of verwijderen!

Dubbelklik op scan.exe om het te starten.
Indien je Combofix al eerder hebt gebruikt, kan je een waarschuwing krijgen dat een update beschikbaar is. Sta toe dat ComboFix wordt geupdate.
Volg de instructies, aanvaard de disclaimer door op Ja te klikken.
Indien de Recovery Console niet geïnstalleerd is, wordt je gevraagd om dit alsnog te doen door op JA te klikken in het "Query - Recovery Console" venster (enkel voor XP, niet voor VISTA).
Klik op OK en Ja om automatisch de Recovery Console te laten installeren.
Klik na afloop terug op Ja om het scannen op malware te starten.
Tijdens het runnen van de fix, NIET in het venster klikken, want dit zal je pc doen vasthangen.

Wanneer de fix voltooid is en na herstart, zal de log Combofix.txt openen.

Post dit logje in je volgende antwoord.

Xanthi · 27 april 2010

Hier de combi log.

Ik hoop dat je er iets uit kunt halen.

ComboFix 10-04-26.05 - Alexander 27-04-2010 22:16:18.1.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1391 [GMT 2:00]

Gestart vanuit: c:\users\Alexander\Desktop\scan.exe

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\eSellerateEngine.dll

c:\windows\system32\bin

c:\windows\system32\SWCTL.DLL

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_Boonty Games

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-27 to 2010-04-27 ))))))))))))))))))))))))))))))

.

2010-04-27 20:40 . 2010-04-27 21:03 -------- d-----w- c:\users\Alexander\AppData\Local\temp

2010-04-27 20:40 . 2010-04-27 20:40 -------- d-----w- c:\users\niki\AppData\Local\temp

2010-04-27 20:40 . 2010-04-27 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\users\Alexander\AppData\Roaming\Malwarebytes

2010-04-26 17:38 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-04-26 17:38 . 2010-04-26 17:38 -------- d-----w- c:\programdata\Malwarebytes

2010-04-26 17:38 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-04-23 12:43 . 2010-04-23 12:43 -------- d-----w- c:\windows\CheckSur

2010-04-22 18:33 . 2010-04-22 18:33 -------- d-----w- C:\inetpub

2010-04-19 19:19 . 2010-02-23 11:10 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys

2010-04-19 19:19 . 2010-02-23 11:10 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2010-04-19 19:19 . 2010-02-23 11:10 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2010-04-19 19:18 . 2010-02-18 14:07 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-04-19 19:18 . 2010-02-18 14:07 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-04-19 19:18 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll

2010-04-19 19:17 . 2009-12-23 11:33 172032 ----a-w- c:\windows\system32\wintrust.dll

2010-04-19 19:16 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

2010-04-19 18:27 . 2010-04-19 19:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2010-04-19 18:27 . 2010-04-19 18:27 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-04-19 17:34 . 2010-04-19 17:39 -------- d-----w- c:\programdata\NOS

2010-04-19 17:17 . 2008-07-07 15:22 2097152 ----a-w- c:\temp\autorun.bin

2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- C:\Temp

2010-04-19 17:17 . 2010-04-19 17:17 -------- d-----w- c:\users\Alexander\AppData\Roaming\WinBatch

2010-04-19 17:17 . 2008-07-07 10:39 789504 ----a-w- c:\temp\SFDNWIN.exe

2010-04-19 17:17 . 2010-02-18 14:07 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-19 17:17 . 2010-02-18 13:30 200704 ----a-w- c:\windows\system32\iphlpsvc.dll

2010-04-19 17:17 . 2010-02-18 11:28 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys

2010-04-04 19:48 . 2010-04-04 19:48 -------- d-----w- c:\program files\Windows Portable Devices

2010-04-04 19:42 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2010-04-04 19:42 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-04-04 19:42 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2010-04-04 19:40 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2010-04-04 19:40 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2010-04-04 19:40 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-04-04 19:40 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2010-04-04 19:40 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2010-04-04 19:40 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2010-04-04 19:40 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll

2010-04-04 19:40 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2010-04-04 19:40 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2010-04-04 19:40 . 2009-10-01 01:01 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys

2010-04-04 19:40 . 2009-10-01 01:01 226816 ----a-w- c:\windows\system32\WpdMtp.dll

2010-04-04 19:40 . 2009-10-01 01:01 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll

2010-04-04 19:40 . 2009-10-01 01:01 33280 ----a-w- c:\windows\system32\WpdConns.dll

2010-04-04 19:39 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2010-04-04 19:39 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2010-04-04 19:39 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2010-04-04 19:38 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll

2010-04-04 19:38 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2010-04-04 19:38 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\ca-ES

2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\eu-ES

2010-04-04 18:46 . 2010-04-04 18:47 -------- d-----w- c:\windows\system32\vi-VN

2010-04-04 18:27 . 2010-04-04 18:27 -------- d-----w- c:\windows\system32\EventProviders

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-27 20:56 . 2007-10-31 00:09 746314 ----a-w- c:\windows\system32\perfh013.dat

2010-04-27 20:56 . 2007-10-31 00:09 157504 ----a-w- c:\windows\system32\perfc013.dat

2010-04-27 20:51 . 2009-02-04 20:38 -------- d-----w- c:\programdata\Google Updater

2010-04-27 18:56 . 2008-07-25 19:26 -------- d-----w- c:\users\Alexander\AppData\Roaming\DNA

2010-04-27 18:45 . 2009-12-25 18:30 -------- d-----w- c:\program files\DNA

2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\programdata\Symantec

2010-04-26 18:29 . 2007-10-30 16:29 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-04-26 18:29 . 2007-10-30 16:30 -------- d-----w- c:\program files\Norton Internet Security

2010-04-22 19:29 . 2008-05-02 20:01 -------- d-----w- c:\users\Alexander\AppData\Roaming\Apple Computer

2010-04-22 10:46 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-04-22 10:46 . 2010-01-27 16:21 -------- d-----w- c:\users\Alexander\AppData\Roaming\BitTorrent

2010-04-04 19:48 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-04-04 19:48 . 2010-04-04 19:48 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

2010-04-04 19:47 . 2010-04-04 19:47 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-04-04 18:47 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-03-31 14:48 . 2008-03-05 17:39 -------- d-----w- c:\program files\Call of Duty

2010-03-31 14:24 . 2008-07-09 13:59 138376 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2010-03-31 14:24 . 2008-07-09 13:59 202448 ----a-w- c:\windows\system32\PnkBstrB.exe

2010-03-19 13:46 . 2010-01-13 20:33 69 ----a-w- c:\users\Alexander\jagex_runescape_preferences2.dat

2010-03-19 13:45 . 2009-02-20 21:06 41 ----a-w- c:\users\Alexander\jagex_runescape_preferences.dat

2010-03-14 20:18 . 2008-01-29 20:56 1812 ----a-w- c:\users\Alexander\AppData\Roaming\wklnhst.dat

2010-03-12 06:24 . 2010-03-12 06:23 -------- d-----w- c:\program files\iTunes

2010-03-12 06:23 . 2010-03-12 06:23 -------- d-----w- c:\program files\iPod

2010-03-12 06:23 . 2008-05-02 19:57 -------- d-----w- c:\program files\Common Files\Apple

2010-03-12 06:20 . 2010-03-12 06:20 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe

2010-03-12 06:19 . 2010-03-12 06:19 -------- d-----w- c:\program files\Safari

2010-03-12 06:18 . 2010-03-12 06:18 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-03-01 17:55 . 2008-12-24 20:23 22328 ----a-w- c:\users\Alexander\AppData\Roaming\PnkBstrK.sys

2010-03-01 17:55 . 2008-12-24 20:23 682280 ----a-w- c:\windows\system32\pbsvc.exe

2010-03-01 17:55 . 2008-07-09 13:59 66872 ----a-w- c:\windows\system32\PnkBstrA.exe

2010-03-01 17:24 . 2010-03-01 17:24 -------- d-----w- c:\program files\Activision

2010-02-25 16:48 . 2008-01-29 20:10 115120 ----a-w- c:\users\Alexander\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 08:16 . 2009-10-02 20:31 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 06:39 . 2010-03-31 07:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-03-31 07:37 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33 . 2010-03-31 07:37 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55 . 2010-03-31 07:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-20 23:06 . 2010-03-11 12:38 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-02-20 23:05 . 2010-03-11 12:38 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-02-20 20:53 . 2010-03-11 12:38 411648 ----a-w- c:\windows\system32\drivers\http.sys

2009-05-03 10:17 . 2008-02-23 18:14 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll

2009-05-03 10:17 . 2008-02-23 18:14 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll

2009-05-03 10:17 . 2008-02-23 18:14 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll

2009-05-03 10:17 . 2008-02-23 18:14 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll

2009-05-03 10:17 . 2008-02-23 18:14 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll

2008-01-29 21:41 . 2008-01-29 21:41 22 --sha-w- c:\windows\SMINST\HPCD.sys

2007-10-31 00:32 . 2007-10-31 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-02-06 21898024]

"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968]

"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-04 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2007-04-07 54936]

"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-07-23 380928]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-02-15 141608]

"ChicoSys"="c:\windows\system32\cc32\webtmr.exe" [2008-02-20 3963384]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"HideFastUserSwitching"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]

"DisableClock"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"LWA"= 0 (0x0)

"LWB"= 0 (0x0)

"LWC"= 0 (0x0)

"LWD"= 0 (0x0)

"LWE"= 0 (0x0)

"LWF"= 0 (0x0)

"LWG"= 0 (0x0)

"LWH"= 0 (0x0)

"LWI"= 0 (0x0)

"LWJ"= 0 (0x0)

"LWK"= 0 (0x0)

"LWL"= 0 (0x0)

"LWM"= 0 (0x0)

"LWN"= 0 (0x0)

"LWO"= 0 (0x0)

"LWP"= 0 (0x0)

"LWQ"= 0 (0x0)

"LWR"= 0 (0x0)

"LWS"= 0 (0x0)

"LWT"= 0 (0x0)

"LWU"= 0 (0x0)

"LWV"= 0 (0x0)

"LWW"= 0 (0x0)

"LWX"= 0 (0x0)

"LWY"= 0 (0x0)

"LWZ"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:8e,66,d9,13,28,d4,ca,01

R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-08-28 10664]

R4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]

R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-03-16 2849844]

R4 swipcciimjxtbr;swipcciimjxtbr; [x]

R4 szlragreckpkqe;szlragreckpkqe; [x]

R4 VRSService;VRS Recording System;c:\program files\NCH Swift Sound\VRS\vrs.exe [2010-01-21 851972]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-12-18 717296]

S1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\idsdefs\20080325.002\IDSvix86.sys [2008-02-13 261680]

S2 Windows-CCHook-Service;Windows-CCHook-Service;c:\windows\system32\cchservice.exe [2008-01-29 952808]

S3 SYMNDISV;SYMNDISV;c:\windows\System32\Drivers\SYMNDISV.SYS [2007-10-30 37936]

--- Andere Services/Drivers In Geheugen ---

*NewlyCreated* - COMHOST

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

2010-04-27 c:\windows\Tasks\Google Software Updater.job

- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-29 20:43]

2010-04-27 c:\windows\Tasks\User_Feed_Synchronization-{58774050-DB70-4723-B221-61377EA9B879}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

------- Bijkomende Scan -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=NL_NL&c=74&bd=Presario&pf=desktop

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_4.0.27.0.cab

FF - ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\26bi2vws.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2046702&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - Shareware.Pro-NE Customized Web Search

FF - prefs.js: browser.startup.homepage -

FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm924YYNL&fl=0&ptb=E25KRkRDPP6lUp6SKU_37w&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=

FF - component: c:\program files\Mozilla Firefox\extensions\{11e7ab0e-3b77-41f8-a9c3-8b67a04fd4c3}\components\FFExternalAlert.dll

FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\program files\Picasa2\npPicasa2.dll

FF - plugin: c:\program files\Picasa2\npPicasa3.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)

WebBrowser-{C0D70ED8-D984-40C3-9666-8939CE76EA13} - (no file)

AddRemove-HyperCam - c:\program files\HyperCam\Uninstall.exe

AddRemove-Peer2Peer-NE Toolbar - c:\progra~1\PEER2P~1\UNWISE.EXE

AddRemove-Soldier of Fortune II - Double Helix MP TEST - c:\progra~1\SOLDIE~1\Uninstall\Unwise.exe

AddRemove-Swords and Sandals 1 - c:\program files\Fizzy\Swords and Sandals 1\uninst.exe

AddRemove-TorrentMan Toolbar - c:\progra~1\TORREN~1\UNWISE.EXE

AddRemove-Virtual DJ - Atomix Productions - c:\progra~1\VIRTUA~1\UNWISE.EXE

AddRemove-Jane's Hotel - Family Hero Deluxe - c:\users\Alexander\AppData\Local\Zylom Games\Jane's Hotel - Family Hero Deluxe\GameInstlr.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-04-27 23:04

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84A1D1F8]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x881a5d24

\Driver\ACPI -> acpi.sys @ 0x805c1d68

\Driver\atapi -> 0x84a1d1f8

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swipcciimjxtbr]

"ImagePath"=" "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\szlragreckpkqe]

"ImagePath"=" "

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:e9,a7,4c,df,3a,ab,2c,a7,21,38,1c,ae,d4,25,53,33,f0,ec,c6,e3,ed,27,a5,

3d,f0,16,88,70,6c,0f,dc,c8,9e,80,63,dc,aa,93,d6,ad,43,b4,d1,14,37,43,5c,bd,\

"??"=hex:4a,18,9c,7a,0e,7c,a1,12,8f,5d,11,c7,a2,cd,08,55

[HKEY_USERS\S-1-5-21-3711584721-1658079923-1828436330-1000\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:1c,96,98,21,1c,16,f2,79,37,88,05,4b,0d,6a,9f,1e,f2,e7,ba,9a,68,

89,10,83,00,1b,ac,bb,c8,e6,a3,31,39,a9,f6,74,3c,f4,5a,ad,b9,e1,93,8d,fb,07,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

c:\windows\system32\PnkBstrA.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\windows\system32\WUDFHost.exe

c:\windows\system32\conime.exe

c:\windows\system32\schtasks.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\jusched.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2010-04-27 23:10:29 - machine werd herstart

ComboFix-quarantined-files.txt 2010-04-27 21:10

Pre-Run: 123.336.527.872 bytes beschikbaar

Post-Run: 125.304.545.280 bytes beschikbaar

- - End Of File - - D873A538E5F12456A9A139CBF7304141

kape · 27 april 2010

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

Driver::

swipcciimjxtbr

szlragreckpkqe

Firefox::

FireFox -: ProfilePath - c:\users\Alexander\AppData\Roaming\Mozilla\Firefox\Profiles\26bi2vws.default\

FireFox -: prefs.js: browser.search.defaulturl -

FireFox -: prefs.js: keyword.URL -

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Xanthi · 28 april 2010

Het blijft vreemd. MS UPdates worden gedownload. iTunes detecteert updates...

Maar IE, Firefox en Safari blijven dood.

Hier het laatste log:

ComboFix 10-04-26.05 - Alexander 28-04-2010 19:36:20.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.31.1043.18.2047.1382 [GMT 2:00]

Gestart vanuit: c:\users\Alexander\Desktop\scan.exe

gebruikte Opdracht switches :: c:\users\Alexander\Desktop\CFScript.txt

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\swctl.dll

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_swipcciimjxtbr

-------\Service_szlragreckpkqe

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-28 to 2010-04-28 ))))))))))))))))))))))))))))))

.

2010-04-28 18:12 . 2010-04-28 18:12 86 ----a-w- c:\windows\system32\swctl.dll

2010-04-28 18:00 . 2010-04-28 18:13 -------- d-----w- c:\users\Alexander\AppData\Local\temp

2010-04-28 18:00 . 2010-04-28 18:00 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-04-28 18:00 . 2010-04-28 18:00 -------- d-----w- c:\users\niki\AppData\Local\temp

2010-04-28 18:00 . 2010-04-28 18:00 -------- d-----w- c:\users\Default\AppData\Local\temp