MSN "imageshack".pif virus

[Sunflower]

Oké, ik heb combofix gedownload en alles gedaan wat het zei.

Maar nadat combofix de log had gemaakt, heb ik een groot probleem met mijn pc. Van zodra ik een programma aanklik verschijnt er een foutmelding die zegt "Er is geprobeerd een ongeldige bewerking uit te voeren op een registersleutel die gemarkeerd is voor verwijdering!".

Dit zegt hij bij ieder programma, dus zowel bij firefox als msn bv. Ik ben dus toch wel wat aan het panikeren...

Ik kan nu toch posten met firefox omdat ik de run as administrator functie gebruikt heb waarmee de programma's goddank wel te openen waren.

Maar nu heb ik wel wat stress. Zullen de programma's er nog opstaan als ik mijn pc afsluit en heropstart bvb? Ik weet ook niet waar die lijst te vinden is zodat ik het ervan af kan halen dus ... alle hulp is welkom.

Hieronder het Combofixlogje:

ComboFix 10-04-06.05 - Anja 07/04/2010 22:40:28.7.1 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2037.1237 [GMT 2:00]

Gestart vanuit: c:\downloaded with mozilla\ComboFix.exe

AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

SP: AVG Anti-Virus Free *enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500

c:\$recycle.bin\S-1-5-21-2815755638-1480285660-2120787009-500

c:\$recycle.bin\S-1-5-21-857107312-1383821795-3718403111-500

c:\windows\system32\drivers\npf.sys

c:\windows\system32\oem7.inf

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_NPF

(((((((((((((((((((( Bestanden Gemaakt van 2010-03-07 to 2010-04-07 ))))))))))))))))))))))))))))))

.

2010-04-07 20:53 . 2010-04-07 21:11 -------- d-----w- c:\users\Anja\AppData\Local\temp

2010-04-07 20:53 . 2010-04-07 20:53 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-03-21 13:44 . 2010-03-21 13:44 -------- d-----w- C:\MR

2010-03-13 02:00 . 2010-02-12 10:32 293376 ----a-w- c:\windows\system32\browserchoice.exe

2010-03-12 18:20 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2010-03-12 18:20 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2010-03-12 18:20 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2010-03-09 15:19 . 2010-03-09 15:19 -------- d-----w- c:\program files\Windows Portable Devices

2010-03-09 14:58 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2010-03-09 14:58 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2010-03-09 14:58 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2010-03-09 14:56 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe

2010-03-09 14:56 . 2009-10-01 01:02 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll

2010-03-09 14:56 . 2009-10-01 01:01 81920 ----a-w- c:\windows\system32\wpdbusenum.dll

2010-03-09 14:56 . 2009-10-01 01:01 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll

2010-03-09 14:56 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll

2010-03-09 14:56 . 2009-10-01 01:02 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll

2010-03-09 14:56 . 2009-10-01 01:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll

2010-03-09 14:56 . 2009-10-01 01:01 546816 ----a-w- c:\windows\system32\wpd_ci.dll

2010-03-09 14:56 . 2009-10-01 01:01 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll

2010-03-09 14:56 . 2009-10-01 01:01 350208 ----a-w- c:\windows\system32\WPDSp.dll

2010-03-09 14:56 . 2009-10-01 01:01 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll

2010-03-09 14:56 . 2009-10-01 01:01 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll

2010-03-09 14:54 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2010-03-09 14:54 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2010-03-09 14:54 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-04-07 21:01 . 2006-11-02 16:11 678924 ----a-w- c:\windows\system32\perfh013.dat

2010-04-07 21:01 . 2006-11-02 16:11 132050 ----a-w- c:\windows\system32\perfc013.dat

2010-04-07 20:55 . 2008-11-18 22:36 352615 ---ha-w- c:\windows\system32\drivers\vsconfig.xml

2010-03-30 21:31 . 2008-04-19 12:30 -------- d-----w- c:\program files\Common Files\Java

2010-03-30 21:30 . 2008-04-19 12:30 -------- d-----w- c:\program files\Java

2010-03-12 19:39 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail

2010-03-09 15:19 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat

2010-03-09 15:19 . 2010-03-09 15:19 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf

2010-03-09 02:28 . 2008-11-07 13:58 411368 ----a-w- c:\windows\system32\deploytk.dll

2010-03-07 15:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar

2010-03-07 15:23 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar

2010-03-07 15:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal

2010-03-07 15:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration

2010-03-07 15:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery

2010-03-07 15:22 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender

2010-03-05 08:12 . 2010-03-05 08:12 -------- d-----w- c:\program files\Microsoft Silverlight

2010-02-28 18:29 . 2008-06-13 15:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-27 16:56 . 2010-02-27 16:56 388096 ----a-r- c:\users\Anja\AppData\Roaming\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe

2010-02-27 16:56 . 2010-02-27 16:56 -------- d-----w- c:\program files\TrendMicro

2010-02-26 19:03 . 2008-04-23 18:43 80784 ----a-w- c:\users\Anja\AppData\Local\GDIPFONTCACHEV1.DAT

2010-02-24 09:16 . 2009-10-03 10:00 181632 ------w- c:\windows\system32\MpSigStub.exe

2010-02-23 06:39 . 2010-03-31 01:37 916480 ----a-w- c:\windows\system32\wininet.dll

2010-02-23 06:33 . 2010-03-31 01:37 71680 ----a-w- c:\windows\system32\iesetup.dll

2010-02-23 06:33 . 2010-03-31 01:37 109056 ----a-w- c:\windows\system32\iesysprep.dll

2010-02-23 04:55 . 2010-03-31 01:37 133632 ----a-w- c:\windows\system32\ieUnatt.exe

2010-02-20 18:39 . 2008-04-26 14:47 -------- d-----w- c:\programdata\Messenger Plus!

2010-02-20 17:46 . 2010-02-20 17:46 -------- d-----w- c:\program files\Ask Search Assistant

2010-02-20 17:45 . 2008-04-25 19:23 -------- d-----w- c:\program files\Messenger Plus! Live

2010-02-19 14:02 . 2010-02-10 18:44 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-02-14 10:16 . 2009-04-07 12:30 8543800 ----a-w- c:\windows\Internet Logs\tvDebug.zip

2010-02-10 18:48 . 2010-02-10 18:48 52224 ----a-w- c:\users\Anja\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-02-10 18:47 . 2010-02-10 18:47 117760 ----a-w- c:\users\Anja\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-02-10 18:46 . 2010-02-10 18:46 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2010-02-10 18:44 . 2010-02-10 18:44 -------- d-----w- c:\users\Anja\AppData\Roaming\SUPERAntiSpyware.com

2010-02-10 18:42 . 2008-10-12 16:36 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2010-01-25 12:00 . 2010-02-24 16:49 471552 ----a-w- c:\windows\system32\secproc_isv.dll

2010-01-25 12:00 . 2010-02-24 16:49 152064 ----a-w- c:\windows\system32\secproc_ssp.dll

2010-01-25 12:00 . 2010-02-24 16:49 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2010-01-25 12:00 . 2010-02-24 16:49 471552 ----a-w- c:\windows\system32\secproc.dll

2010-01-25 11:58 . 2010-02-24 16:49 332288 ----a-w- c:\windows\system32\msdrm.dll

2010-01-25 08:21 . 2010-02-24 16:49 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe

2010-01-25 08:21 . 2010-02-24 16:49 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe

2010-01-25 08:21 . 2010-02-24 16:49 518144 ----a-w- c:\windows\system32\RMActivate.exe

2010-01-25 08:21 . 2010-02-24 16:49 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe

2010-01-23 09:26 . 2010-02-24 16:49 2048 ----a-w- c:\windows\system32\tzres.dll

2010-01-10 20:44 . 2010-01-10 20:44 581 ----a-w- c:\windows\eReg.dat

2002-02-08 06:53 . 2008-06-15 22:23 2984724 ----a-w- c:\program files\Tetris4000.exe

2008-04-19 12:33 . 2008-04-19 12:33 74 --sh--r- c:\windows\CT4CET.bin

2008-04-19 20:14 . 2008-04-19 19:58 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-02-19 2012912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-29 1261336]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-03-06 133656]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-03-06 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-03-06 166424]

"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]

"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-02-13 16384]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-07 159744]

"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]

"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2008-02-15 405504]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-12-1 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk

backup=c:\windows\pss\Digital Line Detect.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickSet.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickSet.lnk

backup=c:\windows\pss\QuickSet.lnk.CommonStartup

backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]

2007-09-07 06:49 159744 ----a-w- c:\program files\DellTPad\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]

2008-02-13 18:21 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ECenter]

2008-01-18 11:40 17920 ----a-w- c:\dell\E-Center\EULALauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2007-03-21 12:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM02Mon.exe]

2007-08-28 05:51 36864 ----a-w- c:\windows\OEM02Mon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]

2007-11-01 14:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2008-04-19 12:30 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-04-19 12:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"VistaSp2"=hex(:95,d2,7d,5e,0b,be,ca,01

R2 firewallanalyzer;ManageEngine Firewall Analyzer 5.0;c:\adventnet\ME\Firewall\bin\wrapper.exe [2008-03-07 126976]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usbxp.sys [2004-04-30 24832]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-01-29 717296]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2008-09-01 97928]

S1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-01-30 76040]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-19 12872]

S1 SAS***IL;SAS***IL;c:\program files\SUPERAntiSpyware\SAS***IL.sys [2010-02-19 66632]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-11-12 73728]

S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-09-01 875288]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-09-01 231704]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-03-06 111616]

S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-02-19 12872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Inhoud van de 'Gedeelde Taken' map

2010-04-07 c:\windows\Tasks\User_Feed_Synchronization-{F15B7C15-1BFA-4919-A10E-7A045B5944B7}.job

- c:\windows\system32\msfeedssync.exe [2010-03-31 04:54]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/ig/dell?hl=nl&client=dell-row&channel=be&ibd=3080419

IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm

IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

FF - ProfilePath - c:\users\Anja\AppData\Roaming\Mozilla\Firefox\Profiles\5rhy1mfo.default\

FF - prefs.js: browser.startup.homepage - hxxps://netlogin.kuleuven.be/

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-04-07 23:11

Windows 6.0.6002 Service Pack 2 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, GMER - Rootkit Detector and Remover

device: opened successfully

user: MBR read successfully

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys spik.sys hal.dll >>UNKNOWN [0x84D84938]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0x883a9d24

\Driver\ACPI -> acpi.sys @ 0x87c16d68

\Driver\atapi -> 0x84dc51f8

\Driver\iaStor -> iastor.sys @ 0x87d686d0

IoDeviceObjectType ->\Device\Harddisk0\DR0 ->Warning: possible MBR rootkit infection !

user & kernel MBR OK

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{38697df1-1b56-4b0e-a29b-6dcf23831382}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001372

"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{57524c03-3340-48d6-b8c8-023b7c47a8c0}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0c001d09

"Dhcpv6State"=dword:00000000

"Dhcpv6InterfaceOptions"=hex:02,00,00,00,00,00,00,00,0e,00,00,00,00,00,00,00,

ff,ff,ff,7f,00,01,00,01,0f,f4,71,18,00,1b,77,cc,4f,60,00,00,17,00,00,00,00,\

"NameServer"=""

"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07001422

"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{b6567f4f-d028-4a48-bf9f-419a4ec75994}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:07020054

"Dhcpv6State"=dword:00000000

"NameServer"=""

"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{dc23f862-2bf8-4dd3-80a4-40977619b56b}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:0a001f3a

"Dhcpv6State"=dword:00000000

"NameServer"=""

"Domain"=""

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]

@DACL=(02 0000)

"Dhcpv6Iaid"=dword:06001422

"Dhcpv6State"=dword:00000000

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\System32\ZoneLabs\vsmon.exe

c:\windows\system32\WLANExt.exe

c:\program files\Lavasoft\Ad-Aware\aawservice.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\program files\CDBurnerXP\NMSAccessU.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_c09c50a2\STacSV.exe

c:\windows\system32\DRIVERS\xaudio.exe

c:\windows\system32\conime.exe

c:\program files\AVG\AVG8\avgtray.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\rundll32.exe

.

**************************************************************************

.

Voltooingstijd: 2010-04-07 23:19:38 - machine werd herstart

ComboFix-quarantined-files.txt 2010-04-07 21:19

ComboFix2.txt 2008-06-12 16:15

ComboFix3.txt 2008-06-12 16:02

ComboFix4.txt 2008-06-11 18:02

ComboFix5.txt 2010-04-07 20:36

Pre-Run: 18.577.321.984 bytes beschikbaar

Post-Run: 18.458.460.160 bytes beschikbaar

- - End Of File - - E415EE650A442C15DD44ACA26FE6F36E

[kape]

Heb je inmiddels de PC afgesloten en opnieuw opgestart ? Normaal zou dan het gemelde problemen automatich moeten opgelost zijn.

Verwijder dan volgende vetgedrukte bestanden of mappen :

c:\program files\Ask Search Assistant

c:\program files\Tetris4000.exe

Laat dan opnieuw Combofix scannen, hang het nieuwe log in je volgende bericht en laat dan even weten hoe de PC zich nu gedraagt ?

8 april 2010 aangepast door kape