Hallo Kape,
Hierbij zoals verzocht het logbestand:
ComboFix 10-07-23.02 - Chris & Rosita 24-07-2010 11:10:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.31.1043.18.3327.2735 [GMT 2:00]
Gestart vanuit: c:\documents and settings\Chris & Rosita\Bureaublad\ComboFix.exe
AV: Norton 360 *On-access scanning disabled* (Outdated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Mogelijk geïnfecteerde sites -----
hxxp://buy-download.norton.com
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-06-24 to 2010-07-24 ))))))))))))))))))))))))))))))
.
2010-07-24 08:54 . 2010-07-24 08:54 13104 ----a-w- c:\documents and settings\Chris & Rosita\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-24 02:36 . 2010-07-24 02:36 73809672 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{N360S_NUC_prod_1.19_4.1.0.32}\symcdefs.exe
2010-07-23 07:48 . 2010-07-23 07:48 388096 ----a-r- c:\documents and settings\Chris & Rosita\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-23 07:48 . 2010-07-23 07:48 -------- d-----w- c:\program files\Trend Micro
2010-07-23 07:03 . 2010-07-23 07:03 -------- d-----w- c:\documents and settings\Chris & Rosita\Application Data\Malwarebytes
2010-07-23 07:03 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-23 07:03 . 2010-07-23 07:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-23 07:03 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-23 07:03 . 2010-07-23 07:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-23 05:11 . 2010-07-23 05:11 -------- d-----w- c:\documents and settings\Chris & Rosita\Application Data\Symantec
2010-07-23 00:11 . 2008-07-30 15:42 23888 ----a-w- c:\windows\system32\drivers\COH_Mon.sys
2010-07-22 14:28 . 2010-07-22 14:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2010-07-22 14:23 . 2010-04-12 11:39 1808752 ----a-w- c:\documents and settings\All Users\Application Data\Norton\NUA.exe
2010-07-22 14:23 . 2010-07-24 08:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-07-21 21:51 . 2010-07-23 14:46 -------- d-----w- c:\program files\Norton 360
2010-07-21 21:42 . 2010-07-22 14:54 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-07-21 21:42 . 2010-07-22 14:54 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-07-21 21:39 . 2010-07-22 14:54 -------- d-----w- c:\program files\Symantec
2010-07-21 21:39 . 2010-07-24 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-07-21 21:37 . 2010-07-24 09:01 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-07-21 21:07 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-07-21 21:07 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-07-21 21:06 . 2010-07-21 21:06 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2010-07-21 21:03 . 2008-10-09 03:00 69632 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPP9E.DLL
2010-07-21 21:03 . 2008-10-09 03:00 27136 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPD9E.DLL
2010-07-21 21:03 . 2008-10-09 03:00 230912 ----a-w- c:\windows\system32\CNMLM9E.DLL
2010-07-21 21:02 . 2010-07-21 21:02 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information
2010-07-21 21:01 . 2008-05-30 07:27 270336 ----a-w- c:\windows\system32\CNC540L.DLL
2010-07-21 21:01 . 2008-04-07 12:58 1339392 ----a-w- c:\windows\system32\CNC540C.DLL
2010-07-21 21:01 . 2008-04-07 12:58 98304 ----a-w- c:\windows\system32\CNC540I.DLL
2010-07-21 21:01 . 2007-03-15 12:12 188416 ----a-w- c:\windows\system32\CNC540O.DLL
2010-07-21 21:00 . 2010-07-21 21:00 -------- d--h--w- c:\program files\CanonBJ
2010-07-21 15:22 . 2010-07-21 15:22 -------- d-----w- c:\documents and settings\Chris & Rosita\Application Data\DisplayTune
2010-07-21 14:36 . 2007-04-24 08:49 11776 ----a-w- c:\windows\system32\drivers\pdiddcci.sys
2010-07-21 14:36 . 2006-11-16 15:20 15920 ----a-w- c:\windows\system32\drivers\PdiPorts.sys
2010-07-21 14:34 . 2004-11-22 10:07 2304 ----a-w- c:\windows\system32\Machnm32.sys
2010-07-21 14:34 . 2007-02-09 10:17 62009 ----a-w- c:\windows\system32\WPFB.DLL
2010-07-21 14:34 . 2007-02-09 10:17 11323 ----a-w- c:\windows\system32\drivers\pivotmou.sys
2010-07-21 14:34 . 2007-02-09 10:17 17465 ----a-w- c:\windows\system32\drivers\pivot.sys
2010-07-21 14:29 . 2010-07-21 14:34 -------- d-----w- c:\program files\Common Files\Portrait Displays
2010-07-21 14:29 . 2010-07-21 14:34 -------- d-----w- c:\program files\Portrait Displays
2010-07-21 14:09 . 2010-07-21 14:09 -------- d-----w- c:\documents and settings\Chris & Rosita\Local Settings\Application Data\Ahead
2010-07-21 14:06 . 2010-07-21 21:18 -------- d-----w- c:\program files\Common Files\LightScribe
2010-07-21 13:45 . 2010-07-21 21:18 -------- d-----w- c:\documents and settings\Chris & Rosita\Application Data\Ahead
2010-07-21 13:24 . 2010-07-21 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-21 13:24 . 2010-07-21 13:44 -------- d-----w- c:\program files\Common Files\Ahead
2010-07-21 13:24 . 2010-07-21 13:24 -------- d-----w- c:\program files\Nero
2010-07-21 12:33 . 2010-07-21 12:33 0 ----a-w- c:\windows\nsreg.dat
2010-07-21 12:33 . 2010-07-21 12:33 -------- d-----w- c:\documents and settings\Chris & Rosita\Local Settings\Application Data\Mozilla
2010-07-21 00:09 . 2009-08-13 15:24 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-07-20 22:24 . 2007-05-31 12:29 12288 ----a-w- c:\windows\system32\drivers\EIO.sys
2010-07-20 21:09 . 2010-07-20 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-07-20 21:06 . 2010-07-20 21:06 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-07-20 21:06 . 2010-07-20 21:06 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-07-20 21:06 . 2010-07-20 21:06 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-07-20 21:01 . 2010-07-20 21:20 -------- d-----w- c:\program files\NVIDIA Corporation
2010-07-20 20:52 . 2010-07-09 22:38 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-20 20:52 . 2010-07-09 22:38 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-20 20:52 . 2010-07-09 22:38 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-20 20:52 . 2010-07-09 22:38 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-20 20:52 . 2010-07-09 22:38 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-07-20 20:51 . 2010-07-09 22:38 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-20 20:49 . 2010-07-20 20:49 -------- d-----w- C:\NVIDIA
2010-07-20 20:36 . 2010-07-20 20:36 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-20 20:33 . 2010-07-20 20:33 -------- d-----w- c:\program files\My Company Name
2010-07-20 20:31 . 2007-05-31 12:29 12416 ----a-w- c:\windows\system32\drivers\asusgsb.sys
2010-07-20 20:27 . 2010-07-20 20:27 -------- d-----w- c:\windows\nview
2010-07-20 20:27 . 2010-07-09 22:38 604776 ----a-w- c:\windows\system32\nvudisp.exe
2010-07-20 20:23 . 2010-07-07 11:46 604776 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-20 16:49 . 2010-07-20 16:49 2605008 ----a-w- c:\documents and settings\Chris & Rosita\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2010-07-20 09:27 . 2010-07-20 09:27 -------- d-----w- c:\windows\system32\nl-nl
2010-07-20 09:27 . 2010-07-20 09:27 -------- d-----w- c:\windows\l2schemas
2010-07-20 09:27 . 2010-07-20 09:27 -------- d-----w- c:\windows\system32\nl
2010-07-20 09:27 . 2010-07-20 09:27 -------- d-----w- c:\windows\system32\bits
2010-07-20 05:34 . 2004-08-03 20:29 25471 ------w- c:\windows\system32\drivers\watv10nt.sys
2010-07-20 05:34 . 2004-08-03 20:29 22271 ------w- c:\windows\system32\drivers\watv06nt.sys
2010-07-20 05:34 . 2004-08-03 20:29 11935 ------w- c:\windows\system32\drivers\wadv11nt.sys
2010-07-20 05:34 . 2004-08-03 20:29 11871 ------w- c:\windows\system32\drivers\wadv09nt.sys
2010-07-20 05:34 . 2004-08-03 20:29 11807 ------w- c:\windows\system32\drivers\wadv07nt.sys
2010-07-20 05:34 . 2004-08-03 20:29 11295 ------w- c:\windows\system32\drivers\wadv08nt.sys
2010-07-20 05:33 . 2004-08-03 20:41 13240 ------w- c:\windows\system32\drivers\slwdmsup.sys
2010-07-20 05:33 . 2004-08-03 20:41 95424 ------w- c:\windows\system32\drivers\slnthal.sys
2010-07-20 05:33 . 2004-08-03 20:41 404990 ------w- c:\windows\system32\drivers\slntamr.sys
2010-07-20 05:33 . 2004-08-03 20:41 129535 ------w- c:\windows\system32\drivers\slnt7554.sys
2010-07-20 05:33 . 2004-08-03 20:29 166912 ------w- c:\windows\system32\drivers\s3gnbm.sys
2010-07-20 05:33 . 2004-08-03 20:41 13776 ------w- c:\windows\system32\drivers\recagent.sys
2010-07-20 05:32 . 2010-07-09 22:38 10604128 -c--a-w- c:\windows\system32\dllcache\nv4_mini.sys
2010-07-20 05:32 . 2010-07-09 22:38 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-20 05:32 . 2004-08-03 20:41 180360 ------w- c:\windows\system32\drivers\ntmtlfax.sys
2010-07-20 05:32 . 2007-08-02 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-07-20 05:32 . 2007-08-02 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-07-20 05:32 . 2004-08-03 20:29 452736 ------w- c:\windows\system32\drivers\mtxparhm.sys
2010-07-20 05:32 . 2004-08-03 20:41 126686 ------w- c:\windows\system32\drivers\mtlmnt5.sys
2010-07-20 05:32 . 2004-08-03 20:41 1309184 ------w- c:\windows\system32\drivers\mtlstrm.sys
2010-07-20 05:32 . 2004-08-03 20:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2010-07-20 05:31 . 2004-08-03 20:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-07-20 05:31 . 2004-08-03 20:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-07-20 05:31 . 2004-08-03 20:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-07-20 01:33 . 2010-07-20 08:52 -------- d-----w- c:\windows\ServicePackFiles
2010-07-20 00:57 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-07-20 00:53 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-07-20 00:51 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-07-20 00:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-20 00:45 . 2009-10-15 16:38 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-07-20 00:45 . 2009-10-15 16:38 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-07-20 00:42 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-07-20 00:41 . 2010-02-17 12:09 2194304 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-07-20 00:41 . 2009-03-06 14:23 285696 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-07-20 00:40 . 2009-02-09 11:27 111104 -c----w- c:\windows\system32\dllcache\services.exe
2010-07-20 00:40 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-07-20 00:40 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-07-20 00:40 . 2009-02-09 10:56 684544 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-07-20 00:39 . 2009-06-25 08:27 735232 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-07-20 00:39 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-07-20 00:39 . 2009-02-09 10:56 735744 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-07-20 00:38 . 2010-02-16 19:09 2150912 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-07-20 00:38 . 2010-02-16 19:09 2029056 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-07-20 00:12 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-07-20 00:12 . 2008-06-14 17:36 272640 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-07-20 00:12 . 2008-06-14 17:36 272640 ------w- c:\windows\system32\drivers\bthport.sys
2010-07-20 00:10 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-07-20 00:03 . 2008-10-15 16:37 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-07-20 00:00 . 2008-04-21 21:16 218624 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-07-19 23:50 . 2010-07-19 23:50 -------- d-s---w- c:\documents and settings\Chris & Rosita\UserData
2010-07-19 23:49 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 14:29 . 2007-08-02 12:00 364644 ----a-w- c:\windows\system32\perfh013.dat
2010-07-23 14:29 . 2007-08-02 12:00 53652 ----a-w- c:\windows\system32\perfc013.dat
2010-07-22 14:54 . 2010-07-21 21:42 806 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-07-22 14:54 . 2010-07-21 21:42 10635 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-07-20 09:40 . 2010-07-19 22:10 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-19 22:41 . 2010-07-19 22:41 -------- d-----w- c:\program files\Intel
2010-07-19 22:14 . 2010-07-19 22:14 -------- d-----w- c:\program files\microsoft frontpage
2010-07-19 22:01 . 2010-07-19 22:01 21748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-09 22:38 . 2008-04-14 17:02 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2007-05-10 22:03 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2007-05-10 22:03 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2007-05-10 22:03 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2007-05-10 22:03 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-06-14 14:31 . 2010-07-19 22:03 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-05-02 08:10 . 2007-08-02 12:00 1851392 ----a-w- c:\windows\system32\win32k.sys
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NortonUpdateAgent"="c:\documents and settings\All Users\Application Data\Norton\NUA.exe" [2010-04-12 1808752]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 115816]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 17:02 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DT HPW]
2007-04-25 10:36 280064 ----a-w- c:\program files\Portrait Displays\HP My Display\dthtml.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2010-07-07 21:52 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PivotSoftware]
2007-02-09 10:17 694008 ----a-w- c:\program files\Portrait Displays\Pivot Software\wpCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2006-12-18 13:34 868352 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Norton 360\\MainStub.exe"=
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [22-7-2010 0:13 102712]
--- Andere Services/Drivers In Geheugen ---
*NewlyCreated* - COMHOST
.
.
------- Bijkomende Scan -------
.
FF - ProfilePath - c:\documents and settings\Chris & Rosita\Application Data\Mozilla\Firefox\Profiles\4b5kbc5c.default\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS VERWIJDERD - - - -
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-07-24 11:14
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen ...
scannen van verborgen autostart items ...
scannen van verborgen bestanden ...
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Enum\HID\Vid_045e&Pid_00f9&MI_01&Col02\7&21bf5f6&0&0001\LogConf]
@DACL=(02 0000)
.
Voltooingstijd: 2010-07-24 11:23:03
ComboFix-quarantined-files.txt 2010-07-24 09:23
Pre-Run: 70.918.807.552 bytes beschikbaar
Post-Run: 71.157.035.008 bytes beschikbaar
WindowsXP-KB310994-SP2-Pro-BootDisk-NLD.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 9002FB7BAD863A201A56F8F44D5A8461
Ik kan er niets raars in ontdekken dus dat laat ik aan de expert over ;-)
