antimaleware doctor windows vista

kape · 30 augustus 2010

Combofix heeft nog flink wat weggehaald. Volgende mappen mag je nog manueel verwijderen :

c:\program files\Conduit

c:\users\Ronny\AppData\Local\knadhlamu

c:\users\Ronny\AppData\Local\cicyacovv

c:\users\Ronny\AppData\Local\lfycynlgc

En dan nog een vraagje : in je logjes zitten sporen van 3 antivirusscanners (Panda, Norton en AVG) ? Het lijkt me dat AVG je actuele scanner is. Kan je dit bevestigen ? Dan ruimen we ook nog alle overblijfselen van de twee anderen op.

Maak ook nog een nieuw logje met Malwarebytes en hang dit in je volgende bericht ter controle.

RasenKage · 30 augustus 2010

AVG is inderdaad mijn virusscanner, hier het logje van MBAM toch nog een geinfecteerd bestandje

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4503

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

30-8-2010 12:14:10

mbam-log-2010-08-30 (12-14-10).txt

Scantype: Snelle scan

Objecten gescand: 137233

Verstreken tijd: 7 minuut/minuten, 27 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\Windows\system32\Drivers\gmwpryo.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

kape · 30 augustus 2010

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\Tasks\Norton Security Scan for Ronny.job

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe

c:\windows\system32\drivers\PavProc.sys

Folder::

c:\program files\Common Files\Symantec Shared

c:\program files\Common Files\Panda Security

c:\programdata\Symantec

c:\program files\Norton Security Scan

Driver::

ShldDrv

PavProc

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

[-HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht samen met een nieuw logje van Malwarebytes.

RasenKage · 30 augustus 2010

dit is het logje van combofix

ComboFix 10-08-28.02 - Ronny 30-08-2010 12:31:36.2.1 - x86

Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.31.1043.18.1788.915 [GMT 2:00]

Gestart vanuit: c:\users\Ronny\Desktop\ComboFix.exe

gebruikte Opdracht switches :: c:\users\Ronny\Desktop\CFScript.txt

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::

"c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe"

"c:\windows\system32\drivers\PavProc.sys"

"c:\windows\Tasks\Norton Security Scan for Ronny.job"

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\Common Files\Panda Security

c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe

c:\program files\Common Files\Panda Security\PavShld\PavShld.dll

c:\program files\Common Files\Panda Security\PavShld\PAVSHLD.RPE

c:\program files\Common Files\Panda Security\PavShld\ProcProt.dll

c:\program files\Common Files\Symantec Shared

c:\program files\Common Files\Symantec Shared\CCPD-LC\ez_log.htm

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

c:\program files\Common Files\Symantec Shared\CCPD-LC\symlctnk.dll

c:\program files\Common Files\Symantec Shared\Support Controls\ssCmdTar.ini

c:\program files\Common Files\Symantec Shared\Support Controls\ssctlbr.dll

c:\program files\Common Files\Symantec Shared\Support Controls\ssctlln.dll

c:\program files\Common Files\Symantec Shared\Support Controls\ssctlwmi.dll

c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe

c:\program files\Common Files\Symantec Shared\Support Controls\sshelper.exe.manifest

c:\program files\Common Files\Symantec Shared\Support Controls\SymAData.dll

c:\program files\Common Files\Symantec Shared\Support Controls\SymSupCC.dll

c:\program files\Common Files\Symantec Shared\Support Controls\tgctlcm.dll

c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsi.dll

c:\program files\Common Files\Symantec Shared\Support Controls\tgctlsr.dll

c:\program files\Common Files\Symantec Shared\Support Controls\tgctlss.dll

c:\program files\Norton Security Scan

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\{2A85E335-7417-424d-AD89-31DED1689794}.dat

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\{407D1C08-B366-4aca-92FB-E04E97F6681D}.dat

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\BilBDRes.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ccL80U.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ccScanw.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ccVrTrst.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\dec_abi.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\DefLoad.exe

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\DefUtDCD.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\diLueCbk.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ecmldr32.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\HeartBt.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\help.htm

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Microsoft.VC80.CRT.manifest

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\msl.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\msvcp80.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\msvcr80.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\patch25d.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\PrdDtRes.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ReputationCacheDB.db

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\RevList.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SAUpdt.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ScanCore.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ScanRes.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\ScanText.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SKUCfg.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SKURes.dll

c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\SymHTML.dll

c:\program files\Norton Security Scan\Norton Security Scan\isolate.ini

c:\programdata\Symantec

c:\programdata\Symantec\SubEng\platformid.dat

c:\windows\system32\drivers\PavProc.sys

c:\windows\Tasks\Norton Security Scan for Ronny.job

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_PavProc

-------\Service_ShldDrv

(((((((((((((((((((( Bestanden Gemaakt van 2010-07-28 to 2010-08-30 ))))))))))))))))))))))))))))))

.

2010-08-30 10:39 . 2010-08-30 10:39 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-08-29 20:00 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-29 20:00 . 2010-08-29 20:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-08-29 20:00 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-29 07:01 . 2010-08-29 20:13 -------- d-----w- c:\users\Ronny\AppData\Local\Windows

2010-08-13 10:24 . 2010-08-13 10:24 -------- d-----w- C:\$AVG

2010-08-11 14:39 . 2010-08-11 14:39 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2010-08-11 14:39 . 2010-08-11 14:39 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2010-08-11 14:39 . 2010-08-30 06:53 -------- d-----w- c:\windows\system32\drivers\Avg

2010-08-11 14:39 . 2010-08-11 14:39 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys

2010-08-11 14:38 . 2010-08-11 14:38 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2010-08-11 14:36 . 2010-08-11 14:36 -------- d-----w- c:\program files\AVG

2010-08-11 14:36 . 2010-08-11 14:36 -------- d-----w- c:\programdata\avg9

2010-08-11 12:19 . 2010-08-11 12:19 -------- d-----w- c:\users\Ronny\AppData\Roaming\Malwarebytes

2010-08-11 12:18 . 2010-08-11 12:18 -------- d-----w- c:\programdata\Malwarebytes

2010-08-11 11:18 . 2010-08-11 11:18 -------- d-----w- c:\program files\Trend Micro

2010-08-10 19:52 . 2009-10-27 10:07 37896 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys

2010-08-10 19:35 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll

2010-08-10 19:35 . 2010-06-08 17:00 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-08-10 19:35 . 2010-06-08 17:00 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-08-10 19:35 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll

2010-08-10 19:35 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-08-10 19:35 . 2010-06-18 14:43 302080 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-10 19:35 . 2010-06-18 14:43 144896 ----a-w- c:\windows\system32\drivers\srv2.sys

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-08-29 14:30 . 2010-08-29 14:30 388096 ----a-r- c:\users\Ronny\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-08-26 20:33 . 2009-08-05 01:45 -------- d-----w- c:\users\Ronny\AppData\Roaming\BitTorrent

2010-08-23 19:38 . 2008-12-18 14:14 -------- d-----w- c:\program files\Common Files\Adobe

2010-08-18 12:50 . 2008-04-14 15:24 667352 ----a-w- c:\windows\system32\perfh013.dat

2010-08-18 12:50 . 2008-04-14 15:24 126854 ----a-w- c:\windows\system32\perfc013.dat

2010-08-16 14:01 . 2008-12-22 11:40 -------- d-----w- c:\users\Ronny\AppData\Roaming\uTorrent

2010-08-15 16:27 . 2010-04-23 18:44 -------- d-----w- c:\program files\PokerStars

2010-08-11 13:55 . 2009-08-02 22:05 -------- d-----w- c:\users\Ronny\AppData\Roaming\Media Player Classic

2010-08-11 05:04 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-08-10 19:17 . 2009-04-30 22:17 -------- d-----w- c:\users\Ronny\AppData\Roaming\vlc

2010-08-06 13:23 . 2010-07-21 22:30 -------- d-----w- c:\users\Ronny\AppData\Roaming\Apple Computer

2010-07-21 22:30 . 2010-07-21 22:29 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-07-21 22:30 . 2010-07-21 22:29 -------- d-----w- c:\program files\iTunes

2010-07-21 22:29 . 2010-07-21 22:29 -------- d-----w- c:\program files\iPod

2010-07-21 22:29 . 2010-07-21 22:21 -------- d-----w- c:\program files\Common Files\Apple

2010-07-21 22:29 . 2010-07-21 22:27 -------- d-----w- c:\programdata\Apple Computer

2010-07-21 22:28 . 2010-07-21 22:27 -------- d-----w- c:\program files\QuickTime

2010-07-21 22:25 . 2010-07-21 22:25 -------- d-----w- c:\program files\Apple Software Update

2010-07-21 22:21 . 2010-07-21 22:21 -------- d-----w- c:\program files\Bonjour

2010-07-16 06:19 . 2010-07-16 06:19 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.1.4\SetupAdmin.exe

2010-06-28 16:17 . 2010-08-10 19:36 833024 ----a-w- c:\windows\system32\wininet.dll

2010-06-28 16:13 . 2010-08-10 19:36 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-06-21 13:18 . 2010-08-10 19:36 2036736 ----a-w- c:\windows\system32\win32k.sys

2010-06-11 15:31 . 2010-08-10 19:36 274432 ----a-w- c:\windows\system32\schannel.dll

2009-03-31 20:47 . 2008-12-26 15:18 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

2008-10-30 09:20 . 2008-10-30 09:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-10 869936]

"RtHDVCpl"="RtHDVCpl.exe" [2007-08-09 4702208]

"SiSTray"="c:\program files\SiS VGA Utilities\SiSTray.exe" [2007-09-18 552960]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]

"TouchPadHotKey"="c:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe" [2007-08-13 364544]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]

"PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-11 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]

R3 PAC207;PC Camer@;c:\windows\system32\DRIVERS\PFC027.SYS [2008-02-13 618112]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-11 216400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-11 243024]

S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-11 308136]

S3 SiS6350;SiS6350;c:\windows\system32\DRIVERS\SISGRKMD.sys [2007-09-18 452968]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-07-04 47616]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - gmwpryo

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2088433

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html

FF - ProfilePath - c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\oiykkb29.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.nl/

FF - prefs.js: network.proxy.type - 4

FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll

FF - component: c:\users\Ronny\AppData\Roaming\Mozilla\Firefox\Profiles\oiykkb29.default\extensions\{9e1d7c80-43d1-11db-b0de-0800200c9a66}\components\TSHelper.dll

FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-08-30 12:43

Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gmwpryo]

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'Explorer.exe'(3252)

c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

c:\program files\AVG\AVG9\avgnsx.exe

c:\windows\servicing\TrustedInstaller.exe

c:\program files\AVG\AVG9\avgchsvx.exe

c:\program files\AVG\AVG9\avgrsx.exe

c:\program files\AVG\AVG9\avgcsrvx.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\program files\AVG\AVG9\avgtray.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Voltooingstijd: 2010-08-30 12:48:48 - machine werd herstart

ComboFix-quarantined-files.txt 2010-08-30 10:48

ComboFix2.txt 2010-08-30 09:20

Pre-Run: 58.701.344.768 bytes beschikbaar

Post-Run: 58.545.049.600 bytes beschikbaar

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5

- - End Of File - - EBE8C2E022A700DCD9CA562DE906E6D1

en dit is het nieuwe mbamlog, met wederom een geinfecteerd bestand

Malwarebytes' Anti-Malware 1.46

Malwarebytes

Databaseversie: 4503

Windows 6.0.6001 Service Pack 1

Internet Explorer 7.0.6001.18000

30-8-2010 13:03:01

mbam-log-2010-08-30 (13-03-01).txt

Scantype: Snelle scan

Objecten gescand: 136812

Verstreken tijd: 8 minuut/minuten, 9 seconde(n)

Geheugenprocessen geïnfecteerd: 0

Geheugenmodulen geïnfecteerd: 0

Registersleutels geïnfecteerd: 0

Registerwaarden geïnfecteerd: 0

Registerdata geïnfecteerd: 0

Mappen geïnfecteerd: 0

Bestanden geïnfecteerd: 1

Geheugenprocessen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Geheugenmodulen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registersleutels geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerwaarden geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Registerdata geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Mappen geïnfecteerd:

(Geen kwaadaardige objecten gedetecteerd)

Bestanden geïnfecteerd:

C:\Windows\system32\Drivers\gmwpryo.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.

kape · 30 augustus 2010

Hardnekkig kereltje

Download GMER Rootkit detector

Bewaar het op een veilige plaats en pak het uit naar je bureaublad
Verbreek je internetverbinding en sluit ALLE programma's
Er is een kleine kans dat tijdens het runnen van deze applicatie de computer uitvalt, dus zorg dat je al je werk hebt opgeslagen
Dubbelklik gmer.exe en selecteer de “rootkit tab” > klik “scan”
Als je een waarschuwing krijgt over "rootkitactiviteiten" en als er wordt gevraagd om toestemming voor de scan geef OK
Klik rootkit tab en klik scan
als het scannen klaar is klik je copy
Open notepad en copy/paste de tekst
Herstel je internetverbinding en post de tekst in je volgende antwoord.

Plaats de uitslag van Gmer aub.

RasenKage · 30 augustus 2010

heyy gmer rootkit detector werkt niet zo goed bij mij. Het blijft elke keer vastlopen en dan moet ik opnieuw opstarten.

kape · 30 augustus 2010

Download Rootkitrevealer.

Unzip het en dubbelklik op RootkitRevealer.exe.

Wacht een 10 - 15 seconden en klik dan op de scan-knop.

Tijdens de scan doe je niets op de computer. Wacht tot RootkitRevealer klaar is.

Wanneer het tooltje klaar is ga je naar 'File' en kies je voor 'Save'.

Het log van RootkitRevealer wordt nu opgeslagen.

Post de inhoud van dit logje.

31 augustus 2010 aangepast door kape

RasenKage · 31 augustus 2010

als ik op het linkje druk geeft het page not found aan

kape · 31 augustus 2010

Probeer eens HIER.

Inloggen

antimaleware doctor windows vista

Aanbevolen berichten

kape

Link naar reactie

Delen op andere sites

RasenKage

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

RasenKage

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

RasenKage

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

RasenKage

Link naar reactie

Delen op andere sites

kape

Link naar reactie

Delen op andere sites

Welkom op PC Helpforum

Leden statistieken

OVER ONS

SITEMAP

Home

Info

Handleidingen & Tips

Activiteit

Belangrijke informatie