Vraag & Antwoord

Beveiliging & privacy

virus in (Hoofd)opstartsector?

Anoniem
Abraham54
38 antwoorden
  • Selekteer en kopieer dan de tekst van dat document en plak die tekst in je volgende bericht.
  • [quote:415a5a7e47="Abraham54"]Selekteer en kopieer dan de tekst van dat document en plak die tekst in je volgende bericht.[/quote:415a5a7e47]

    Sorry, misverstand. Wat ik stuurde was de inhoud van het document. Verder niets gevonden.
  • Ik heb niks gezien wat jij verstuurd hebt.
  • Nogmaals.
    De inhoud van C:\Combofix\ComboFix.txt


    ComboFix 12-05-24.03 - Acer 27-05-2012 14:44:48.1.2 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2038.1497 [GMT 2:00]
    Gestart vanuit: C:\Documents and Settings\Acer\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
  • Oké, indien dat echt alls is, dan is een groot probleem ontstaan tijdens de scan!

    Doe nogmaals onderstaande:

    [b:a694d57df9]Welk programma[/b:a694d57df9]:
  • Wellicht niet van belang, maar ik krijg TDSSKStarter.exe als download.
  • Ja, en?
    Dat is ook de bedoeling!
    Lees anders de instrukties in het vorige bericht nogmaals na….
  • Daarin lees ik TDSSStarter, niet TDSSKStarter Maar ik begrijp nu dat deze hetzelfde zijn.
  • Oho, zal controleren of er een naamsverandering heeft plaatsgevonden!
  • Het rapport:

    .
    ==============================================
    System Restore Point Check:
    .
    TDSSKiller Starter Restore Point Created Succesfully
    ==============================================
    .
    ==============================================
    C:\TDSSStarter\Report_21-05-2012_1904_.log
    C:\TDSSKiller.2.7.35.0_21.05.2012_15.13.58_log.txt
    C:\TDSSKiller.2.7.35.0_21.05.2012_15.25.01_log.txt
    C:\TDSSKiller.2.7.35.0_21.05.2012_15.36.08_log.txt
    ==============================================
    Registry Export
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
    "445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
    "137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
    "138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
    "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
    "65533:TCP"="65533:TCP:*:Enabled:Services"
    "52344:TCP"="52344:TCP:*:Enabled:Services"
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
    "2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
    "139:TCP"="139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004"
    "445:TCP"="445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005"
    "137:UDP"="137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001"
    "138:UDP"="138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002"
    "3389:TCP"="3389:TCP:*:Enabled:Remote Desktop"
    "65533:TCP"="65533:TCP:*:Enabled:Services"
    "52344:TCP"="52344:TCP:*:Enabled:Services"
    ==============================================
    EOF
  • Wat jij nu gaat doen is het volgende:

    a) de oude Combofix.exe gooi je in de prullen bak en je download ComboFix opnieuw naar het bureaublad; [b:203ed982d9]Bleepingcomputer[/b:203ed982d9]

    b) je herstart daarna jouw PC naar Veilige modus met netwerkmogelijkheid.
    Weet je niet precies hoe dat te doen: http://users.telenet.be/marcvn/spyware/veilige-modus.html

    Ben je opnieuw opgestart in Veilige modus met netwerkmogelijkheid, doe je eerst het volgende: download [b:203ed982d9]Rkill.com Download Link[/b:203ed982d9] naar je bureaublad.

    [list:203ed982d9][*:203ed982d9] Nadat het tool op je bureaublad is geland, erop dubbelklikken, zo dat het zal proberen de processen van de rogue te stoppen!
    [*:203ed982d9] Wanneer het tool klaar is, zal het zwarte venster verdwijnen en kan je de volgende stap gaan doen!
    [*:203ed982d9] Krijg je de waarschuwing dat Rkill een infektie is, dan is deze waarschuwing afkomstig van de malware.
    [*:203ed982d9] Wordt Rkill echter gestopt, dan is het de truc de waarschuwing op hetscherm te laten staan en Rkill opnieuw op te starten.
    [*:203ed982d9] Dus blijf geduldig proberen Rkill zijn werk te laten doen - alleen dan kan je door met de volgende stap.[/list:u:203ed982d9]

    Indien je problemenen ondervindt om Rkill te laten werken, dan kan je [b:203ed982d9]iE explore.exe[/b:203ed982d9] (Klik) of [b:203ed982d9]eXplorer.exe[/b:203ed982d9] (Klik) downloaden - dit zijn hernoemde Rkill bestanden.

    Wanneer RKill klaar is start jij ComboFix op voor een nieuwe scanronde.
    En post aansluitend de inhoud van het nieuwe ComboFix-log.
  • ComboFix log

    ComboFix 12-05-28.04 - Acer 28-05-2012 19:26:32.2.2 - x86 NETWORK
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.2038.1645 [GMT 2:00]
    Gestart vanuit: c:\documents and settings\Acer\Bureaublad\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    (((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    —- Voorgaande Run ——-
    .
    c:\documents and settings\Acer\WINDOWS
    c:\documents and settings\All Users\Application Data\TEMP
    c:\windows\IsUn0413.exe
    c:\windows\system32\system32
    c:\windows\system32\system32\3DAudio.ax
    c:\windows\system32\system32\avrt.dll
    c:\windows\system32\system32\cis-2.4.dll
    c:\windows\system32\system32\issacapi_bs-2.3.dll
    c:\windows\system32\system32\issacapi_pe-2.3.dll
    c:\windows\system32\system32\issacapi_se-2.3.dll
    c:\windows\system32\system32\MACXMLProto.dll
    c:\windows\system32\system32\MaDRM.dll
    c:\windows\system32\system32\MaJGUILib.dll
    c:\windows\system32\system32\MAMACExtract.dll
    c:\windows\system32\system32\MASetupCleaner.exe
    c:\windows\system32\system32\MaXMLProto.dll
    c:\windows\system32\system32\mfplat.dll
    c:\windows\system32\system32\MK_Lyric.dll
    c:\windows\system32\system32\MSCLib.dll
    c:\windows\system32\system32\MSFLib.dll
    c:\windows\system32\system32\MSLUR71.dll
    c:\windows\system32\system32\msvcp60.dll
    c:\windows\system32\system32\MTTELECHIP.dll
    c:\windows\system32\system32\MTXSYNCICON.dll
    c:\windows\system32\system32\muzaf1.dll
    c:\windows\system32\system32\muzapp.dll
    c:\windows\system32\system32\muzapp.exe
    c:\windows\system32\system32\muzdecode.ax
    c:\windows\system32\system32\muzeffect.ax
    c:\windows\system32\system32\muzmp4sp.ax
    c:\windows\system32\system32\muzmpgsp.ax
    c:\windows\system32\system32\muzoggsp.ax
    c:\windows\system32\system32\muzwmts.dll
    c:\windows\system32\system32\psapi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ——-\Service_xcpip
    .
    .
    (((((((((((((((((((( Bestanden Gemaakt van 2012-04-28 to 2012-05-28 ))))))))))))))))))))))))))))))
    .
    .
    2012-05-28 16:42 . 2012-05-28 16:45 ——– d—–w- c:\documents and settings\Administrator
    2012-05-21 17:04 . 2012-05-28 14:01 ——– d—–w- C:\TDSSStarter
    2012-05-21 13:19 . 2012-05-21 13:27 ——– d—–w- C:\TDSSKiller_Quarantine
    2012-05-19 17:59 . 2012-05-19 17:59 388096 —-a-r- c:\documents and settings\Acer\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2012-05-19 17:59 . 2012-05-19 17:59 ——– d—–w- c:\program files\Trend Micro
    2012-05-19 09:10 . 2012-05-19 09:21 ——– d—–w- C:\uitzoeken uit doc and set
    2012-05-17 09:36 . 2012-05-17 09:36 ——– d—–w- C:\sj647
    2012-05-11 12:02 . 2012-05-19 06:09 ——– d—–w- C:\120511_001_data
    2012-04-29 06:07 . 2012-04-29 06:07 ——– d—–w- c:\documents and settings\Acer\Local Settings\Application Data\PCHealth
    2012-04-28 21:05 . 2012-04-28 21:05 ——– d—–w- c:\documents and settings\Acer\Application Data\AVG2012
    2012-04-28 21:04 . 2012-04-28 21:04 ——– d—–w- c:\documents and settings\Acer\Local Settings\Application Data\AVG Secure Search
    2012-04-28 21:03 . 2012-04-28 21:03 ——– d—–w- c:\documents and settings\Acer\Application Data\AVG Secure Search
    2012-04-28 21:03 . 2012-04-28 21:04 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG Secure Search
    2012-04-28 21:03 . 2012-04-28 21:03 ——– d—–w- c:\program files\Common Files\AVG Secure Search
    2012-04-28 21:03 . 2012-04-28 21:04 ——– d—–w- c:\program files\AVG Secure Search
    2012-04-28 21:02 . 2012-05-28 15:38 ——– d—–w- c:\windows\system32\drivers\AVG
    2012-04-28 21:02 . 2012-04-28 21:06 ——– d—–w- c:\documents and settings\All Users\Application Data\AVG2012
    2012-04-28 21:02 . 2012-04-28 21:02 ——– d—–w- C:\$AVG
    2012-04-28 21:01 . 2012-04-28 21:01 ——– d—–w- c:\program files\AVG
    2012-04-28 20:56 . 2012-04-28 20:56 ——– d–h–w- c:\documents and settings\All Users\Application Data\Common Files
    2012-04-28 20:56 . 2012-05-28 15:38 ——– d—–w- c:\documents and settings\All Users\Application Data\MFAData
    2012-04-28 20:15 . 2012-04-28 20:15 ——– d–h–r- c:\documents and settings\LocalService\Onlangs geopend
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-19 02:50 . 2012-04-19 02:50 24896 —-a-w- c:\windows\system32\drivers\avgidshx.sys
    2012-04-11 13:55 . 2008-04-14 22:11 2031104 —-a-w- c:\windows\system32\ntkrnlpa.exe
    2012-04-11 13:55 . 2008-04-14 22:11 2152960 —-a-w- c:\windows\system32\ntoskrnl.exe
    2012-04-11 13:55 . 2009-04-30 05:24 1862400 —-a-w- c:\windows\system32\win32k.sys
    2012-04-04 13:56 . 2011-05-29 12:34 22344 —-a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-31 20:34 . 2012-03-27 09:33 31232 —h–w- C:\~WRL0002.tmp
    2012-03-30 07:41 . 2012-03-27 09:33 24576 —h–w- C:\~WRL1995.tmp
    2012-03-28 17:31 . 2012-03-27 09:33 23552 —h–w- C:\~WRL0001.tmp
    2012-03-27 09:46 . 2012-03-27 09:33 20480 —h–w- C:\~WRL2837.tmp
    2012-03-27 09:44 . 2012-03-27 09:33 20480 —h–w- C:\~WRL2592.tmp
    2012-03-27 09:33 . 2012-03-27 09:33 19456 —h–w- C:\~WRL0003.tmp
    2012-03-23 09:29 . 2012-03-23 09:29 73728 —-a-w- c:\windows\system32\javacpl.cpl
    2012-03-23 09:29 . 2011-07-11 14:19 472808 —-a-w- c:\windows\system32\deployJava1.dll
    2012-03-19 03:17 . 2012-03-19 03:17 301248 —-a-w- c:\windows\system32\drivers\avgtdix.sys
    2012-03-05 00:15 . 2011-08-17 11:21 414368 —-a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-01 11:00 . 2009-04-30 05:24 916992 —-a-w- c:\windows\system32\wininet.dll
    2012-03-01 11:00 . 2009-04-30 05:24 43520 —-a-w- c:\windows\system32\licmgr10.dll
    2012-03-01 11:00 . 2009-04-30 05:24 1469440 —-a-w- c:\windows\system32\inetcpl.cpl
    2012-02-29 14:10 . 2009-04-30 05:24 177664 —-a-w- c:\windows\system32\wintrust.dll
    2012-02-29 14:10 . 2009-04-30 05:24 148480 —-a-w- c:\windows\system32\imagehlp.dll
    2012-02-29 12:17 . 2009-04-30 05:24 385024 —-a-w- c:\windows\system32\html.iec
    2012-04-26 07:05 . 2012-03-20 07:19 97208 —-a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-04-28 21:03 2067328 —-a-w- c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll" [2012-04-28 2067328]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Glary Memory Optimizer"="c:\program files\Glary Utilities\memdefrag.exe" [2009-03-23 89600]
    "KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-15 68856]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "M3000Mnt"="M3000Rmv.dll " [X]
    "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-15 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-15 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-15 455168]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-06 1430824]
    "RTHDCPL"="RTHDCPL.EXE" [2011-07-08 17531392]
    "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2011-07-08 53248]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-04-28 1116544]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
    Ime File REG_SZ PINYINPUT.IME
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Program Files\\Dialang\\Dialang.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\WINDOWS\\system32\\javaw.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
    "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3389:TCP"= 3389:TCP:Remote Desktop
    "65533:TCP"= 65533:TCP:Services
    "52344:TCP"= 52344:TCP:Services
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19-4-2012 4:50 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [31-1-2012 4:46 31952]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [19-3-2012 5:17 301248]
    S0 ltjvkrhx;ltjvkrhx;c:\windows\system32\drivers\xymqdr.sys –> c:\windows\system32\drivers\xymqdr.sys [?]
    S1 aswSP;avast! Self Protection; [x]
    S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [22-2-2012 5:25 235216]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys –> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [30-4-2012 9:44 5106744]
    S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14-2-2012 4:53 193288]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18-3-2010 13:16 130384]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [22-5-2011 12:50 21992]
    S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [13-5-2011 18:45 135664]
    S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [29-4-2009 23:14 237568]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29-2-2012 8:50 158856]
    S2 vToolbarUpdater11.0.2;vToolbarUpdater11.0.2;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe [28-4-2012 23:03 932736]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8-7-2011 5:11 1684736]
    S3 ampa;ampa;c:\windows\system32\ampa.sys [14-5-2011 18:46 10936]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [20-7-2011 11:16 30312]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23-12-2011 13:32 139856]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23-12-2011 13:32 24144]
    S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23-12-2011 13:32 17232]
    S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [19-7-2011 20:59 20032]
    S3 dum16.sys;dum16.sys;\??\c:\windows\system32\drivers\dum16.sys –> c:\windows\system32\drivers\dum16.sys [?]
    S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [23-10-2011 11:36 13192]
    S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [23-10-2011 11:36 8456]
    S3 GoogleDesktopManager-080708-050100;Google Desktop Manager 5.7.808.7150;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [29-4-2009 22:56 24064]
    S3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [13-5-2011 18:45 135664]
    S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [29-4-2009 22:31 38912]
    S3 M3000Srv;USB2.0 UVC WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [15-2-2011 20:29 145152]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [26-4-2012 9:05 129976]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys –> c:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys –> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [20-7-2011 11:16 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [20-7-2011 11:16 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [20-7-2011 11:16 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [20-7-2011 11:16 114280]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18-3-2010 13:16 753504]
    S3 xpsec;IPSEC-stuurprogramma;c:\windows\system32\drivers\xpsec.sys –> c:\windows\system32\drivers\xpsec.sys [?]
    .
    Inhoud van de 'Gedeelde Taken' map
    .
    2012-02-04 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2011-06-03 01:49]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 16:45]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-05-13 16:45]
    .
    .
    ——- Bijkomende Scan ——-
    .
    uStart Page = about:blank
    uInternet Connection Wizard,ShellNext = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0413&s=0&o=xph&d=0211&m=aspire_one_pro
    IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Translate with Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
    IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\AVG\AVG2012\avgdtiex.dll
    TCP: DhcpNameServer = 10.0.0.138
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll
    FF - ProfilePath - c:\documents and settings\Acer\Application Data\Mozilla\Firefox\Profiles\3t3ee5dq.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bd87759f7-d6f7-4270-815b-d2833651eb93%7D&mid=&ds=AVG&v=11.0.0.9&lang=nl&pr=fr&d=2012-04-28%2023%3A03%3A56&sap=ku&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS VERWIJDERD - - - -
    .
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0413.EXE
    AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
    AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
    AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
    AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
    AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
    AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
    AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
    AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
    AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
    AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
    AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
    AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
    AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
    AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
    AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
    AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
    AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
    AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
    AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-05-28 19:35
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scannen van verborgen processen …
    .
    scannen van verborgen autostart items …
    .
    scannen van verborgen bestanden …
    .
    Scan succesvol afgerond
    verborgen bestanden: 0
    .
    **************************************************************************
    .
    Voltooingstijd: 2012-05-28 19:37:35
    ComboFix-quarantined-files.txt 2012-05-28 17:37
    .
    Pre-Run: 54.296.887.296 bytes beschikbaar
    Post-Run: 54.245.064.704 bytes beschikbaar
    .
    - - End Of File - - 30824FA05B46025958F61326723DAD7C
  • Het log toont nog een aantal rare meldingen.

    Wil jij onderzoeken wat in de volgende twee mappen zit:

    [b:52eb60bf7f]C:\sj647[/b:52eb60bf7f]
    en
    C:\120511_001_data[b:52eb60bf7f][/b:52eb60bf7f]
  • C:\sj647 Update voor scanner
    C:\120511_001 Audacity bestanden
  • C:\sj647 Update voor scanner - welke scanner is dat dan?
  • [quote:21a01bd162="Abraham54"]C:\sj647 Update voor scanner - welke scanner is dat dan?[/quote:21a01bd162]
    HP3200C
  • Een optische scanner, akkoord.

    We gebruiken ComboFix nu middels een script.

    Open een nieuw kladblok (of anders: notepad) bestand, via "Start\Alle programma’s\Bureau-accessoires\[b:d242966b56]Kladblok (of Notepad)[/b:d242966b56]".

    Kopieer en plak de volgende (vetgedrukte, blauwe tekst) in het lege kladblokvenstervenster


    [b:d242966b56]
  • Ik zou deze .tmp's ook simpelweg kunnen verwijderen. Is dat niet veel eenvoudiger?

Beantwoord deze vraag

Dit is een gearchiveerde pagina. Antwoorden is niet meer mogelijk.