Hey Juisterr,
Ik durf het bijna niet meer te schrijven maar IE werkt terug.
Ik heb de pc nog eens laten scannen met MalWarebytes en nadien deed IE het weer.
Nu moet ik een andere procedure volgen zeker?
't Is blijkbaar een heel taai beestje. Pffffff.
Ik prijs me gelukkig dat ik deskundige hulp krijg van jou.
1000 x bedankt al en sorry voor zoveel last.
Weergegeven resultaten: 21 t/m 30 van 49
Discussie: Threat melding :-(
-
13 October 2010, 15:41 #21Up-to-date
- Geregistreerd
- 7 July 2005
- Locatie
- Temse
- Berichten
- 80
- Bedankjes
- 31
- Bedankt
- 2 keer in 2 posts
Laatst gewijzigd door Robbedoeske; 13 October 2010 om 15:43
-
13 October 2010, 15:57 #22Erelid
- Geregistreerd
- 31 July 2006
- Locatie
- kotje aan de kust
- Berichten
- 3.653
- Bedankjes
- 1.008
- Bedankt
- 2.268 keer in 1.411 posts
Dit is zeker een taaie, wil je combofix eens laten runnen aub en de volledige uitslag weer neerzetten.
"
"
-
13 October 2010, 18:23 #23Up-to-date
- Geregistreerd
- 7 July 2005
- Locatie
- Temse
- Berichten
- 80
- Bedankjes
- 31
- Bedankt
- 2 keer in 2 posts
ComboFix 10-10-11.01 - leo 13-10-2010 17:51:31.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.280 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!
c:\windows\explorer.exe . . . is geïnfecteerd!!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-13 to 2010-10-13 ))))))))))))))))))))))))))))))
.
2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
------- Sigcheck -------
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-13 05:46 . 2010-10-13 05:46 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-13 18:07:14
ComboFix-quarantined-files.txt 2010-10-13 16:07
ComboFix2.txt 2010-10-12 17:03
ComboFix3.txt 2010-10-11 17:04
Pre-Run: 32.623.366.144 bytes beschikbaar
Post-Run: 32.639.229.952 bytes beschikbaar
- - End Of File - - 822534A914E33BA6F69C1AC9C3963C02
-
13 October 2010, 18:46 #24Erelid
- Geregistreerd
- 31 July 2006
- Locatie
- kotje aan de kust
- Berichten
- 3.653
- Bedankjes
- 1.008
- Bedankt
- 2.268 keer in 1.411 posts
Het wil nog niet erg lukken.
We gaan wat proberen.
Start de computer opnieuw.
Je ziet een keuzemenu waarin je de mogelijkheid hebt om je windows te starten of de Recovery Console.
Start de Recovery Console.
In het zwarte scherm dat verschijnt druk je op Enter om je toetsenbordindeling te kiezen (standaard wordt een US-indeling gekozen). Met de pijltjes-toetsen kan je eventueel de juiste toetsenbordlayout kiezen. Bevestig je keuze met Enter.
Je krijgt een lijstje van de windows installaties die aanwezig zijn op je computer.
Op de vraag 'Bij welke Windows-installatie wilt u zich aanmelden?', kies je de juiste installatie door het nummer in te tikken dat er voor staat. (meestal 1).
Daarna kan het zijn dat gevraagd wordt om het Administrator wachtwoord in te tikken. Doe dit. Indien je dit niet weet kan het zijn dat dit blanco gelaten is en dan druk je gewoon op Enter.
Achter de command prompt tik je dit commando in: fixmbr
Druk daarna op Enter.
Herstart de computer.
Zodra de computer is herstart voer je meteen Combofix uit (zonder CFScript) en plaats het logje van Combofix in je volgende antwoord."
"
-
13 October 2010, 19:39 #25Up-to-date
- Geregistreerd
- 7 July 2005
- Locatie
- Temse
- Berichten
- 80
- Bedankjes
- 31
- Bedankt
- 2 keer in 2 posts
ComboFix 10-10-11.01 - leo 13-10-2010 19:21:05.6.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.286 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!
c:\windows\explorer.exe . . . is geïnfecteerd!!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-13 to 2010-10-13 ))))))))))))))))))))))))))))))
.
2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
------- Sigcheck -------
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-10-13 05:46 . 2010-10-13 05:46 16384 c:\windows\Temp\Perflib_Perfdata_65c.dat
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-13 19:36:53
ComboFix-quarantined-files.txt 2010-10-13 17:36
ComboFix2.txt 2010-10-13 16:07
ComboFix3.txt 2010-10-12 17:03
ComboFix4.txt 2010-10-11 17:04
Pre-Run: 32.648.384.512 bytes beschikbaar
Post-Run: 32.634.802.176 bytes beschikbaar
- - End Of File - - BF0D6D36467AE3258269FDCBF055BF15
-
13 October 2010, 19:50 #26Erelid
- Geregistreerd
- 31 July 2006
- Locatie
- kotje aan de kust
- Berichten
- 3.653
- Bedankjes
- 1.008
- Bedankt
- 2.268 keer in 1.411 posts
1. Ga naar Start -> Configuratiescherm -> Software (Add or remove programms).
Deinstalleer alle Java onderdelen die zich in de lijst bevinden. Bijvoorbeeld: Java (TM) 6 Update 18.
Dit omdat de malware zich in Java heeft genesteld.
2. Download het Windows XP Service Pack 3 en sla het op op je D schijf (of andere externe harde schijf). Indien dit niet mogelijk is op de C schijf.
Dubbelklik op de installer. Deze begint zichzelf nu uit te pakken. Zodra deze volledig is uitgepakt laat je het setup schermpje voor wat het is. Deze gebruiken we later.
Indien je usb sticks hebt gebruikt in de periode van de besmetting plaats je deze in de computer. Deze zijn zeer waarschijnlijk besmet en gaan we proberen te desinfecteren.
Herstart nu je computer
Start combofix en doe een nieuwe scan, plaats de uitslag aub."
"
-
13 October 2010, 21:28 #27Up-to-date
- Geregistreerd
- 7 July 2005
- Locatie
- Temse
- Berichten
- 80
- Bedankjes
- 31
- Bedankt
- 2 keer in 2 posts
Alles van Java verwijderd.
En dan..... :-(
Windows XP Service Pack 3 opgeslagen op externe harde schrijf - dubbelklik - het pakt uit en dan krijg ik het volgende :-(
Setup cannot update your windows XP files because the language installed on your system is different from the update language.
'k Heb English en Dutch geprobeerd.
-
14 October 2010, 12:51 #28Erelid
- Geregistreerd
- 31 July 2006
- Locatie
- kotje aan de kust
- Berichten
- 3.653
- Bedankjes
- 1.008
- Bedankt
- 2.268 keer in 1.411 posts
Probeer het downloaden van de update handmatig http://www.downloadonline.nl/Windows...ce-Pack-3.html
"
"
-
14 October 2010, 16:32 #29Up-to-date
- Geregistreerd
- 7 July 2005
- Locatie
- Temse
- Berichten
- 80
- Bedankjes
- 31
- Bedankt
- 2 keer in 2 posts
Via die link lukte het wel - alles uitgevoerd zoals beschreven en hieronder de log van Combofix.
1 ding is al opgelost.... de pc startte tergend traag op en is nu terug supersnel in het opstarten.
Dat is al iets hé :-)
ComboFix 10-10-11.01 - leo 14-10-2010 16:11:53.7.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.277 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.
(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!
c:\windows\explorer.exe . . . is geïnfecteerd!!
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-14 to 2010-10-14 ))))))))))))))))))))))))))))))
.
2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.
------- Sigcheck -------
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe
[-] 2004-08-04 . 146289E864457D60B8D409CA80DF58C5 . 504832 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
[-] 2004-08-04 . 65F13FE1BF83B287E499631CACEC0410 . 1035776 . . [6.00.2900.2180] . . c:\windows\explorer.exe
[-] 2004-08-04 . 4EA419B6765344608E0C7D29E2F46C2D . 1035776 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]
c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map
2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
2010-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-14 16:27:13
ComboFix-quarantined-files.txt 2010-10-14 14:27
ComboFix2.txt 2010-10-13 17:36
ComboFix3.txt 2010-10-13 16:07
ComboFix4.txt 2010-10-12 17:03
ComboFix5.txt 2010-10-14 14:10
Pre-Run: 32.184.123.392 bytes beschikbaar
Post-Run: 32.177.819.648 bytes beschikbaar
- - End Of File - - D2D5B679B8E3E6BBE2DDCD466A1A16D8
-
14 October 2010, 17:02 #30Erelid
- Geregistreerd
- 31 July 2006
- Locatie
- kotje aan de kust
- Berichten
- 3.653
- Bedankjes
- 1.008
- Bedankt
- 2.268 keer in 1.411 posts
Ok dat is dus al iets, ik kijk zo wel even hoe we die twee besmette bestanden moeten vervangen.
"
"
Discussie informatie
Users Browsing this Thread
Momenteel bekijken 1 gebruikers deze discussie. (0 leden en 1 gasten)
Soortgelijke discussies
-
e-mail melding
Door gabriel in forum WindowsReacties: 7Laatste bericht: 3 February 2008, 18:05 -
NOD32 melding ??
Door g_man in forum MalwareReacties: 2Laatste bericht: 22 December 2007, 17:50 -
Melding in Hotmail
Door Bartmen in forum FeedbackReacties: 11Laatste bericht: 25 November 2007, 13:54 -
xml melding ? hmm
Door teken in forum InternetReacties: 3Laatste bericht: 3 November 2006, 19:24
Regels voor berichten
- Copyright © 2004 - 2019, Minatica.be
-
Powered by vBulletin®, versie 4.2.2
Copyright © 2024 vBulletin Solutions, Inc. - Design door Gert Bangels
Favorieten/bladwijzers