3. Installeer alle beveiligingsupdates via de Windows Update Site. Blijf naar deze site terugkeren tot alle essentiele updates zijn geinstalleerd. Dit is nodig om de beveiligingslekken te dichten en zo herinfectie te voorkomen. Heeft U geen originele versie van Windows, dan kan het zijn dat u geen updates kunt downloaden. In dat geval adviseren wij u hier iets aan te
doen.
Ik heb Combofix ff gedraaid zoals in het begin stond (had het ff door moeten lezen maar zag toen pas dat er meerdere berichten waren). Ben ik nu ook clean?
ComboFix 09-07-06.02 - Andreas 07-07-2009 12:42.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.1015.493
Gestart vanuit: c:\documents and settings\Andreas\Bureaublad\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1078081533-1454471165-1644491937-1003
c:\recycler\S-1-5-21-2861624194-3966524187-519522582-1003
c:\recycler\S-1-5-21-3216813156-3719429090-3698719926-1003
D:\Autorun.inf
.
(((((((((((((((((((( Bestanden Gemaakt van 2009-06-07 to 2009-07-07 ))))))))))))))))))))))))))))))
.
2009-07-06 11:16 . 2009-07-06 11:16 ——– d—–w- c:\windows\system32\LogFiles
2009-07-06 10:39 . 2009-07-04 23:21 2052888 —-a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-06 10:12 . 2009-07-06 10:53 ——– d—–w- c:\program files\Enigma Software Group
2009-07-05 16:03 . 2009-06-14 14:07 1004800 —-a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-07-04 23:31 . 2009-07-07 09:40 ——– d–h–w- C:\$AVG8.VAULT$
2009-07-04 23:24 . 2009-07-04 23:24 ——– d—–w- c:\documents and settings\Andreas\Local Settings\Application Data\AVG Security Toolbar
2009-07-04 23:21 . 2009-07-04 23:21 11952 —-a-w- c:\windows\system32\avgrsstx.dll
2009-07-04 23:21 . 2009-07-04 23:21 108552 —-a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-04 23:21 . 2009-07-04 23:21 327688 —-a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 23:21 . 2009-07-04 23:21 27784 —-a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-04 23:21 . 2009-07-06 10:39 ——– d—–w- c:\windows\system32\drivers\Avg
2009-07-04 23:21 . 2009-07-04 23:21 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-07-04 23:21 . 2009-07-04 23:21 ——– d—–w- c:\program files\AVG
2009-07-04 23:21 . 2009-07-04 23:21 ——– d—–w- c:\documents and settings\All Users\Application Data\avg8
2009-07-04 22:54 . 2009-07-07 09:36 ——– d—–w- c:\documents and settings\All Users\Application Data\11956254
2009-07-02 19:37 . 2009-07-02 19:37 4096 —-a-w- c:\windows\d3dx.dat
2009-07-02 19:28 . 2009-07-02 19:28 ——– d—–w- c:\program files\1964
2009-07-02 19:14 . 2009-07-02 19:14 8854 —-a-r- c:\documents and settings\Andreas\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
2009-07-02 19:14 . 2009-07-02 19:14 40960 —-a-r- c:\documents and settings\Andreas\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2009-07-02 19:14 . 2009-07-02 19:14 40960 —-a-r- c:\documents and settings\Andreas\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
2009-07-02 14:55 . 2009-07-02 14:55 ——– d—–w- c:\documents and settings\Andreas\Local Settings\Application Data\WMTools Downloaded Files
2009-07-02 10:24 . 2009-07-02 11:49 ——– d—–w- c:\program files\CamStudio
2009-06-16 12:58 . 2009-06-16 12:58 ——– d—–w- c:\documents and settings\Andreas\Local Settings\Application Data\Xenocode
2009-06-12 14:52 . 2008-04-15 12:00 221184 —-a-w- c:\windows\system32\wmpns.dll
2009-06-12 14:48 . 2009-06-12 14:48 ——– d—–w- c:\documents and settings\Andreas\Local Settings\Application Data\SHOUTcast Radio Toolbar
2009-06-12 14:45 . 2009-06-12 14:45 ——– d—–w- c:\program files\SHOUTcast Radio Toolbar
2009-06-12 14:45 . 2009-06-12 14:45 ——– d—–w- c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar
2009-06-11 20:33 . 2009-07-07 10:39 ——– d—–w- c:\documents and settings\Andreas\Bureaublad
2009-06-11 14:50 . 2009-06-16 16:21 34 —-a-w- c:\documents and settings\Andreas\jagex_runescape_preferences.dat
2009-06-11 14:50 . 2009-06-15 16:51 ——– d—–w- c:\windows\.jagex_cache_32
2009-06-11 14:50 . 2009-06-11 14:50 ——– d—–w- c:\windows\Sun
2009-06-11 14:49 . 2009-06-11 14:49 410984 —-a-w- c:\windows\system32\deploytk.dll
2009-06-11 14:49 . 2009-06-11 14:49 ——– d—–w- c:\program files\Java
2009-06-11 14:49 . 2009-06-11 14:49 152576 —-a-w- c:\documents and settings\Andreas\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-11 14:30 . 2009-06-11 14:30 0 —-a-w- c:\windows\nsreg.dat
2009-06-11 14:30 . 2009-06-11 14:30 ——– d—–w- c:\documents and settings\Andreas\Local Settings\Application Data\Mozilla
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-07 09:37 . 2008-07-02 20:44 69812 —-a-w- c:\windows\system32\perfc013.dat
2009-07-07 09:37 . 2008-07-02 20:44 442556 —-a-w- c:\windows\system32\perfh013.dat
2009-06-12 14:45 . 2009-06-12 14:17 ——– d—–w- c:\documents and settings\Andreas\Application Data\Winamp
2009-06-12 14:21 . 2009-06-12 14:17 ——– d—–w- c:\program files\Winamp
2009-06-11 20:33 . 2009-06-11 20:33 130 —-a-w- c:\documents and settings\Andreas\Local Settings\Application Data\fusioncache.dat
2009-06-11 17:26 . 2008-09-24 08:37 76487 —-a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2008-05-07 14:34 . 2008-09-24 09:30 15523560 —-a-w- c:\program files\U1 Setup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
2009-06-14 14:07 1004800 —-a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
“CTFMON.EXE”=“c:\windows\system32\ctfmon.exe”
“IgfxTray”=“c:\windows\system32\igfxtray.exe”
“HotKeysCmds”=“c:\windows\system32\hkcmd.exe”
“Persistence”=“c:\windows\system32\igfxpers.exe”
“AsusTray”=“c:\program files\EeePC\ACPI\AsTray.exe”
“AsusACPIServer”=“c:\program files\EeePC\ACPI\AsAcpiSvr.exe”
“AsusEPCMonitor”=“c:\program files\EeePC\ACPI\AsEPCMon.exe”
“ETDWare”=“c:\program files\Elantech\ETDCtrl.exe”
“ETDWareDetect”=“c:\program files\Elantech\ETDDect.exe”
“SunJavaUpdateSched”=“c:\program files\Java\jre6\bin\jusched.exe”
“WinampAgent”=“c:\program files\Winamp\winampa.exe”
“AVG8_TRAY”=“c:\progra~1\AVG\AVG8\avgtray.exe”
“RTHDCPL”=“RTHDCPL.EXE” - c:\windows\RTHDCPL.exe
“CTFMON.EXE”=“c:\windows\system32\CTFMON.EXE”
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Asus Power Management Utility.lnk - c:\program files\ASUS\EeePC\Asus Power Management Utility\Asus Power Management Utility.exe
2009-07-04 23:21 11952 —-a-w- c:\windows\system32\avgrsstx.dll
“%windir%\\Network Diagnostic\\xpnetdiag.exe”=
“%windir%\\system32\\sessmgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe”=
“c:\\Program Files\\Windows Live\\Messenger\\livecall.exe”=
“c:\\Program Files\\AVG\\AVG8\\avgemc.exe”=
“c:\\Program Files\\AVG\\AVG8\\avgupd.exe”=
“c:\\Program Files\\AVG\\AVG8\\avgnsx.exe”=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS
R3 Ktp;Elantech TouchPad;c:\windows\system32\drivers\ETD.sys
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys
R3 rtl8187Se;Realtek RTL8187SE Wireless LAN PCIE Network Adapter;c:\windows\system32\drivers\rtl8187Se.sys
.
Inhoud van de ‘Gedeelde Taken’ map
2009-07-07 c:\windows\Tasks\Controleren op updates voor Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE
.
.
——- Bijkomende Scan ——-
.
uStart Page = hxxp://eeepc.asus.com/global
IE: &SHOUTcast Search - c:\documents and settings\All Users\Application Data\SHOUTcast Radio Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
FF - ProfilePath - c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\l9wma6xm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-chromesbox-en-us&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mijnmaffia.nl/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50-ff-shoutcast-ab-en-us&query=
FF - component: c:\documents and settings\Andreas\Application Data\Mozilla\Firefox\Profiles\l9wma6xm.default\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}\components\WinampPlayer.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-07 12:47
Windows 5.1.2600 Service Pack 3 NTFS
scannen van verborgen processen …
scannen van verborgen autostart items …
scannen van verborgen bestanden …
Scan succesvol afgerond
verborgen bestanden: 0
**************************************************************************
.
Voltooingstijd: 2009-07-07 12:48
ComboFix-quarantined-files.txt 2009-07-07 10:48
Pre-Run: 77.280.526.336 bytes beschikbaar
Post-Run: 77.350.191.104 bytes beschikbaar
WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
c:\cmdcons\BOOTSECT.DAT=“Microsoft Windows Recovery Console” /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS=“Microsoft Windows XP Home Edition” /noexecute=optin /fastdetect
150
Ik kon geen enkel bestand meer openen, alleen internet werkte nog. Besmet met System Security 4.52 virus.
Onderstande Url. Opslaan op beraublad, downloaden was niet mogelijk (werd geblokkeerd).
http://www.malwarebytes.org
Start computer op in veilige modus. Afhandelijk van computer opstarten en F5 of F8 of Ctrl indrukken. Vervolgens met peiltjes veilige modus selecteren.
Installeer programma en draai een scan in de veilge modus.
Probleem verholpen!
Succes
MW
Doorzoek het forum
Zoeken met Startpagina
Startpagina Thema's
