Threat melding :-(

[Juisterr]

Download dit en pak het uit en sla het op in je root > C:\files\

http://www.malwareinfo.nl/files/Files.rar

Open een kladblok kopieer en plak de onderstaande code:

Code:

Fcopy::
c:\files\winlogon.exe | c:\windows\system32\dllcache\winlogon.exe
c:\files\winlogon.exe | c:\windows\system32\winlogon.exe
c:\files\explorer.exe | c:\windows\system32\dllcache\explorer.exe 
c:\files\explorer.exe | c:\windows\explorer.exe

Sla dit op op je Bureaublad als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe zoals getoond in onderstaand voorbeeld :



Dit zal ComboFix doen herstarten, post het nieuwe Combofix logje in je volgende antwoord.

[Robbedoeske]

ComboFix 10-10-11.01 - leo 15-10-2010 16:42:12.8.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.253 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
gebruikte Opdracht switches :: c:\documents and settings\leo\Bureaublad\CFScript..txt
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
* Nieuw herstelpunt werd aangemaakt
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
--------------- FCopy ---------------

c:\files\winlogon.exe --> c:\windows\system32\dllcache\winlogon.exe
c:\files\winlogon.exe --> c:\windows\system32\winlogon.exe
c:\files\explorer.exe --> c:\windows\system32\dllcache\explorer.exe
c:\files\explorer.exe --> c:\windows\explorer.exe
.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-15 to 2010-10-15 ))))))))))))))))))))))))))))))
.

2010-10-15 14:33 . 2010-10-15 14:33 -------- d-----w- C:\Files
2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-15 . 290E0BB7732FC8CECB6C3AEF5D3385FF . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe

[-] 2008-04-15 . 3389FE7739162068206141F57ACA337E . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-15 16:56:10
ComboFix-quarantined-files.txt 2010-10-15 14:56
ComboFix2.txt 2010-10-14 14:27
ComboFix3.txt 2010-10-13 17:36
ComboFix4.txt 2010-10-13 16:07
ComboFix5.txt 2010-10-15 14:40

Pre-Run: 32.139.141.120 bytes beschikbaar
Post-Run: 32.125.763.584 bytes beschikbaar

- - End Of File - - 31EF467562BFA0AD68E9098F43A86667

[Juisterr]

Start je pc opnieuw op en doe dan een nieuw scan met combofix, plaats de nieuwe uitslag aub.

[Robbedoeske]

ComboFix 10-10-11.01 - leo 16-10-2010 6:54.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.31.1043.18.511.285 [GMT 2:00]
Gestart vanuit: c:\documents and settings\leo\Bureaublad\ComboFix.exe
AV: Smart Security *On-access scanning enabled* (Updated) {FEF35447-A250-4F74-9CD7-0287B42C4589}
FW: Smart Security *enabled* {7684DB6E-061A-4C47-9A52-FA4980B9E7BA}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\winlogon.exe . . . is geïnfecteerd!!

c:\windows\explorer.exe . . . is geïnfecteerd!!

.
(((((((((((((((((((( Bestanden Gemaakt van 2010-09-16 to 2010-10-16 ))))))))))))))))))))))))))))))
.

2010-10-15 14:33 . 2010-10-15 14:33 -------- d-----w- C:\Files
2010-10-12 15:19 . 2010-10-12 15:19 -------- d-----w- c:\documents and settings\Bennert\Local Settings\Application Data\Identities
2010-10-12 15:17 . 2010-10-12 15:17 -------- d-----w- c:\documents and settings\Bennert\Application Data\Malwarebytes
2010-10-12 07:51 . 2010-10-12 07:51 2256 ----a-w- c:\documents and settings\leo\Application Data\hyghghjhjghjhj.bat
2010-10-12 07:51 . 2010-10-12 07:51 168 ----a-w- c:\documents and settings\leo\Application Data\dsfsds.bat
2010-10-12 04:43 . 2010-10-12 04:43 -------- d-----w- c:\documents and settings\leo\Application Data\download
2010-10-08 06:48 . 2010-10-08 06:48 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMHAAKS
2010-10-02 19:31 . 2010-10-02 19:31 -------- d-----w- c:\documents and settings\leo\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-02 19:30 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 19:30 . 2010-10-02 19:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 17:21 . 2010-10-02 17:21 -------- d-----w- c:\program files\Trend Micro
2010-09-29 17:27 . 2010-09-29 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Fighters
2010-09-29 07:28 . 2010-09-29 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-29 07:28 . 2010-09-29 10:38 -------- d-----w- c:\program files\Spybot - Search & Destroy

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
.

------- Sigcheck -------

[-] 2008-04-15 . 290E0BB7732FC8CECB6C3AEF5D3385FF . 510464 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . 1247D4D5444E28519BBE31BE8AB4C029 . 510464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\winlogon.exe

[-] 2008-04-15 . 3389FE7739162068206141F57ACA337E . 1037312 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\260e3108a 35423121f4aaa9d90f9f113\explorer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-10-11_16.58.32 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-29 22:01 . 2010-10-12 14:43 313968 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-12-31 135664]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-12-31 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"VMail"="c:\program files\VMail\VMail\VMail.exe" [2001-01-30 373760]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\leo\Menu Start\Programma's\Opstarten\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-2-19 503808]

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\
Adobe Reader Snelle start.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31-12-2009 19:49 135664]
S3 MTK;Media Technology Kernel Driver;c:\windows\system32\Drivers\mtk.sys --> c:\windows\system32\Drivers\mtk.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhoud van de 'Gedeelde Taken' map

2010-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-31 17:49]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004Core.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-515967899-725345543-1004UA.job
- c:\documents and settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-31 15:14]
.
.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.google.be/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = http=127.0.0.1:25469
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
.
.
------- Bestandsassociaties -------
.
.scr=AutoCADScriptFile
.
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macrome d\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUt il10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63 A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F 2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Voltooingstijd: 2010-10-16 07:09:07
ComboFix-quarantined-files.txt 2010-10-16 05:09
ComboFix2.txt 2010-10-15 14:56
ComboFix3.txt 2010-10-14 14:27
ComboFix4.txt 2010-10-13 17:36
ComboFix5.txt 2010-10-16 04:53

Pre-Run: 32.011.231.232 bytes beschikbaar
Post-Run: 32.047.226.880 bytes beschikbaar

- - End Of File - - 19F76AA49FB32B13423B1D2C8CD5E5E1

[Juisterr]

En hoe werkt alles nu ?

[Robbedoeske]

Opstarten gaat razendsnel.
De problemen met IE lijken nog niet verholpen.
Wanneer ik met IE surf, word ik regelmatig doorgelinkt naar een of andere duistere site en krijg dan een melding van Windows Security Alert en wanneer ik dan ok klik, begint dat te scannen en dit is het resultaat: Shared Documents: 5 viruses found - Hard Drive C: 5 viruses found :-(
Ik krijg dan een lijst met de namen van die beestjes, moet ik die eens posten?
Of geven we het op en moet ik overgaan tot Format C?

[Juisterr]

formateren kan altijd nog !

Update de Malwarebytes (Mbma) scanner en voer een nieuwe scan uit, verwijder alles wat gevonden word en start opnieuw op. Plaats enkel een nieuw HijackThis logje aub.

[Robbedoeske]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:55:58, on 16-10-2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VMail\VMail\VMail.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.be/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = http=127.0.0.1:25469
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Aanmelden - Help - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\s wg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [VMail] C:\Program Files\VMail\VMail\VMail.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\leo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8 574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Toon of verberg HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1262357175000
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...Uploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updateservice (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)

--
End of file - 6784 bytes

[Juisterr]

Download HIER SP3. En installeer het.

Lukt het niet.
Brand het bestand op een cd en installeer daarna via die cd SP3.

[Robbedoeske]

Bestand op CD geschreven, gestart en alles verliep vlot tot zo ongeveer 1/4 voor voltooing.
Het balkje gaat niet meer vooruit (ongeveer 1 1/2 u gewacht)
Bij details staat : 'Opruimen' en daar blijft hij hangen. 3 maal opnieuw geprobeerd :-(