Iemand raad ?

[Knip]

Hallo allemaal krijg de onderstaande melding bij opstarten van mijn computer:

Waarschuwing van VirusScan!

Naam: C:\Program Files\Internet Explorer\IEXPLORE.EXE:WS2_32.socket

Gedetecteerd als: Bufferoverloop:Schrijfbaar Bufferoverloop:Heap

Status: Geblokkeerd door Bufferoverloopbeveiliging

Is gekomen nadat ik succesvol ( dankzij jullie ) virus van antimale ware doctor heb verwijderd.

Alles werkt verder prima maar blijft deze melding geven.

[kape]

Laat je McAfee eens updaten !

[Knip]

klik op de M onder in de werkbalk en kan dan inderdaad beveiliging updaten maar gebeurd niets.

krijg ook melding Autoupdate dagelijks 17.00 uur: de update is mislukt ( onder all programs en mcAfee )

[kape]

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

Lees hier meer over correct gebruik van Combofix.

• Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen: Klik hier Als het je niet lukt om ze uit te schakelen, ga dan gewoon door naar de volgende stap.
  
• Dubbelklik op ComboFix.exe en volg de meldingen op het scherm.
  
• ComboFix zal controleren of dat de Microsoft Windows Recovery Console reeds is geïnstalleerd. Als deze Recovery Console al is geïnstalleerd zal ComboFix automatisch verder gaan met het scannen naar malware
  
• Volg anders de meldingen op het scherm om ComboFix de Microsoft Windows Recovery Console te laten downloaden en installeren. Wanneer de Recovery Console succesvol is geïnstalleerd, klik je op “JA” om verder te gaan met het scannen naar malware.
  

NOTA: Wanneer ComboFix start, kan het zijn dat je een foutmelding krijgt dat “De inhoud van het ComboFix pakket werd gewijzigd”. Ga dan niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer. Blijf je die melding krijgen dan meld je dit.

Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

[Knip]

Daar heeft hij gen trek in

2 x melding van vriscan zoals boven omschreven en dan sluit de computer zelf af.

Melding dat er een probleem is ontstaan etc . etc.

[kape]

Wijzig bij het downloaden van Combofix de naam van het bestand combofix.exe eens in scan.exe ... en probeer dan eens of het wél lukt.

Zo niet, probeer eens of je kan scannen in "veilige modus".

[Knip]

Ben een leek hoe doe ik dat in veilige modus ?

Met een dubbelklik begint eea meteen

[kape]

Bij het opstarten van de PC blijven tokkelen op de F8-toets en dan kom je in een omgeving waarin je "veilige modus" kan ingaan.

[Knip]

F 8 werkt inderdaad prima maar kan niet met mijn gewone inlog naam inloggen ???

Beetje vreemd

[Knip]

He heeeeee gelukt

ComboFix 10-07-30.04 - rokn01 31-07-2010 20:08:44.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.3.1252.31.1033.18.2038.1787 [GMT 2:00]

Gestart vanuit: c:\documents and settings\rokn01\Desktop\Scan.exe

AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users.\documents\settings

Besmet exemplaar van c:\windows\system32\drivers\amsint.sys werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - Kitty had a snack

.

(((((((((((((((((((( Bestanden Gemaakt van 2010-06-28 to 2010-07-31 ))))))))))))))))))))))))))))))

.

2010-07-31 17:16 . 2010-07-31 17:16 -------- d-----w- c:\program files\uTorrent

2010-07-31 15:53 . 2010-07-31 15:54 -------- d-----w- C:\Scan

2010-07-28 09:38 . 2010-07-28 11:09 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-07-27 11:23 . 2010-07-27 11:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-07-26 09:18 . 2010-07-26 09:18 -------- d-----w- c:\program files\Common Files\Java

2010-07-26 09:18 . 2010-07-26 09:18 61440 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33590cef-n\decora-sse.dll

2010-07-26 09:18 . 2010-07-26 09:18 503808 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32d78ff5-n\msvcp71.dll

2010-07-26 09:18 . 2010-07-26 09:18 499712 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32d78ff5-n\jmc.dll

2010-07-26 09:18 . 2010-07-26 09:18 348160 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-32d78ff5-n\msvcr71.dll

2010-07-26 09:18 . 2010-07-26 09:18 12800 ----a-w- c:\documents and settings\rokn01\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-33590cef-n\decora-d3d.dll

2010-07-26 09:18 . 2010-07-26 09:17 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-07-26 09:17 . 2010-07-26 09:17 -------- d-----w- c:\program files\Java

2010-07-26 08:36 . 2010-07-26 08:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google

2010-07-26 08:31 . 2010-07-26 08:31 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google

2010-07-26 08:31 . 2010-07-26 08:31 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\Google

2010-07-26 08:31 . 2010-07-26 08:31 -------- d-----w- c:\program files\Google

2010-07-24 17:49 . 2010-07-24 17:49 -------- d-----w- c:\program files\CCleaner

2010-07-24 16:25 . 2010-07-24 16:25 -------- d-----w- c:\documents and settings\rokn01\Application Data\Malwarebytes

2010-07-24 16:25 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-24 16:25 . 2010-07-24 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-24 16:25 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-07-24 16:25 . 2010-07-24 16:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-07-24 16:14 . 2010-07-24 16:14 388096 ----a-r- c:\documents and settings\rokn01\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-07-24 16:14 . 2010-07-24 16:14 -------- d-----w- c:\program files\Trend Micro

2010-07-24 14:40 . 2010-07-24 14:40 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-07-24 14:37 . 2010-07-24 14:37 202752 ----a-w- c:\windows\Xvahua.exe

2010-07-24 14:37 . 2010-07-31 14:34 -------- d-----w- C:\QUARANTINE

2010-07-24 14:37 . 2010-07-24 14:37 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\tdlmbyjbq

2010-07-05 16:26 . 2010-07-05 16:42 -------- d-----w- c:\documents and settings\rokn01\Local Settings\Application Data\ApplicationHistory

2010-07-05 16:26 . 2010-07-05 16:26 6766 ----a-r- c:\documents and settings\rokn01\Application Data\Microsoft\Installer\{DB527AF3-93DE-400E-BC8D-9ABB3C458F7A}\_69525f90.exe

2010-07-05 16:26 . 2010-07-05 16:26 6766 ----a-r- c:\documents and settings\rokn01\Application Data\Microsoft\Installer\{DB527AF3-93DE-400E-BC8D-9ABB3C458F7A}\_16496df1.exe

2010-07-05 16:26 . 2010-07-05 16:26 -------- d-----w- c:\program files\Frontwave

2010-07-03 11:00 . 2010-07-03 11:00 -------- d-----w- c:\program files\Maxis

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-31 18:00 . 2009-11-13 12:31 836 ----a-w- c:\windows\bthservsdp.dat

2010-07-31 17:41 . 2010-06-13 17:52 -------- d-----w- c:\documents and settings\rokn01\Application Data\uTorrent

2010-07-31 16:26 . 2010-05-17 18:24 -------- d-----w- c:\program files\PokerStars

2010-07-31 16:11 . 2010-05-31 08:58 -------- d-----w- c:\documents and settings\rokn01\Application Data\vlc

2010-07-16 06:27 . 2010-05-17 11:53 -------- d-----w- c:\program files\Microsoft Silverlight

2010-07-13 08:55 . 2010-05-31 13:08 74080680 ----a-w- c:\documents and settings\All Users\Application Data\AGNS\NetClient\agnc_laptopconnect.exe

2010-06-24 08:32 . 2010-06-24 08:32 -------- d-----w- c:\documents and settings\rokn01\Application Data\dvdcss

2010-06-17 10:59 . 2010-06-17 10:59 -------- d-----w- c:\documents and settings\All Users\Application Data\MSScanAppDataDir

2010-06-12 07:46 . 2010-05-20 08:54 144184 ----a-w- c:\windows\hpwins10.dat

2010-05-27 13:43 . 2010-05-27 13:43 1956808 ----a-w- c:\documents and settings\rokn01\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe

2010-05-17 20:47 . 2010-05-17 20:47 268435456 --sha-w- C:\WinPEpge.sys

2010-05-17 16:04 . 2010-05-17 16:04 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe

2010-05-17 16:04 . 2010-05-17 16:04 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe

2010-05-17 16:04 . 2010-05-17 16:04 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe

2010-05-17 16:04 . 2010-05-17 16:04 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe

2010-05-17 12:19 . 2010-05-17 12:19 30344 ----a-w- c:\documents and settings\rokn01\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-05-17 12:09 . 2010-05-17 12:09 8464 ----a-w- c:\windows\system32\SpOrder.dll

2010-05-17 11:41 . 2010-05-17 11:41 5273759 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\EPOAGENT3000\Install\0409\FramePkg.exe

.

((((((((((((((((((((((((((((( SnapShot@2010-07-24_18.09.25 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-06-30 23:00 . 2010-07-31 17:54 74004 c:\windows\system32\perfc009.dat

- 2009-06-30 23:00 . 2010-07-24 17:57 74004 c:\windows\system32\perfc009.dat

+ 2010-07-26 08:31 . 2010-07-26 08:31 22528 c:\windows\Installer\1ad9b1.msi

+ 2010-07-26 08:31 . 2010-07-26 08:31 24064 c:\windows\Installer\1ad9ac.msi

- 2009-06-30 23:00 . 2010-07-24 17:57 448302 c:\windows\system32\perfh009.dat

+ 2009-06-30 23:00 . 2010-07-31 17:54 448302 c:\windows\system32\perfh009.dat

+ 2010-07-26 09:18 . 2010-07-26 09:17 153376 c:\windows\system32\javaws.exe

+ 2010-07-26 09:18 . 2010-07-26 09:17 145184 c:\windows\system32\javaw.exe

+ 2010-07-26 09:18 . 2010-07-26 09:17 145184 c:\windows\system32\java.exe

+ 2010-07-26 09:18 . 2010-07-26 09:18 180224 c:\windows\Installer\43930c.msi

+ 2010-07-26 09:17 . 2010-07-26 09:17 677376 c:\windows\Installer\439307.msi

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NetSP - restore settings on power failure"="c:\program files\AT&T Global Network Client\NetSP.exe" [2009-10-08 53600]

"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]

"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe" [2009-10-26 753664]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-26 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-12-02 176128]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-09 134656]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-09 166912]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-09 135680]

"Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2002-05-07 20530]

"Client Access Help Update"="c:\program files\IBM\Client Access\cwbinhlp.exe" [2002-05-07 24626]

"Client Access Check Version"="c:\program files\IBM\Client Access\cwbckver.exe" [2002-05-07 45056]

"Client Access Express Welcome"="c:\program files\IBM\Client Access\cwbwlwiz.exe" [2002-05-07 20530]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-02-18 136512]

"MobileConnect"="c:\program files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe" [2008-11-04 2087424]

"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-06-08 111952]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2007-3-22 40048]

Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-3-22 734872]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]

"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\AT&T Global Network Client\\SwiApiMux.exe"=

R1 dwvkbd;DameWare Virtual Keyboard 32 bit Driver;c:\windows\system32\drivers\dwvkbd.sys [15-2-2007 20:00 26624]

S2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26-7-2010 10:31 136176]

S2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Global Network Client\NetClientSvc.exe [8-10-2009 13:48 342368]

S2 VMCService;Vodafone Mobile Connect Service;c:\program files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [4-11-2008 11:39 14336]

S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [30-6-2009 17:22 96256]

S3 DwMirror;DwMirror;c:\windows\system32\drivers\DamewareMini.sys [7-2-2007 20:00 3712]

S3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [8-6-2007 8:36 81280]

S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [17-5-2010 14:10 7680]

S3 NetLogSvc;NetLogSvc;c:\progra~1\AT&TGL~1\NETLOG~1.EXE [8-10-2009 13:48 75616]

S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [30-6-2009 17:22 65664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08

.

Inhoud van de 'Gedeelde Taken' map

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 08:31]

2010-07-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-26 08:31]

2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{72015A0F-3E0B-49A9-825D-746A296A2E24}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{8D4D68DF-33A1-4E5E-AEC5-902CCC0E324C}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

2010-07-31 c:\windows\Tasks\User_Feed_Synchronization-{F1EB52EA-AF37-4D99-A556-1A1E11AA03D9}.job

- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://hands-online.cardo.net/Pages/Default.aspx

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html

LSP: bmnet.dll

.

- - - - ORPHANS VERWIJDERD - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-07-31 20:12

Windows 5.1.2600 Service Pack 3 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond

verborgen bestanden: 0

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

- - - - - - - > 'lsass.exe'(1728)

c:\windows\system32\bmnet.dll

.

Voltooingstijd: 2010-07-31 20:13:34

ComboFix-quarantined-files.txt 2010-07-31 18:13

ComboFix2.txt 2010-07-24 18:13

Pre-Run: 63.144.697.856 bytes free

Post-Run: 63.175.106.560 bytes free

- - End Of File - - 656D1F7D978A0A715071B11ED905E299