Mededeling

Collapse
No announcement yet.

Votre ordinateur est bloqué....... (Ukash)

Collapse
X
  •  
  • Filter
  • Tijd
  • Show
Clear All
new posts

  • Votre ordinateur est bloqué....... (Ukash)

    Beste,
    mn laptop is geblokkeerd door een virus-achtig programma. Als ik hem opzet, blokkeert hij na opstarten dadelijk met een scherm zogezegd van de politie, met de vraag om 100 euro te betalen, via Ukash of paysafecard.
    Via een andere PC heb ik jullie programma's gedownload en op een CD gezet. De besmette PC heb ik opgestart in veilige modus, en de volgende programma's uitgevoerd:
    GridinSoft Trojan Killer (heb ik eerst geprobeerd maar kon niets vinden)
    Defogger: OK
    mbam, kon niet updaten, maar met snelle scan niets gevonden
    DDS: logje gemaakt, maar kan dit niet copieren naar deze PC (USB stick kan besmet worden?)
    GMER: logje heb ik opgeslagen (regel heb ik overgetypt...)
    Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!~!j!~!m!~!\22!t!t!r!j!r!s!f! 19583823

    Kunnen jullie helpen?

  • #2
    Hallo,

    Met de "Windowsunlocker" van de Kaspersky Rescue CD / USB stick kan je dit soort infecties verwijderen.

    Op onderstaande links wordt beschreven hoe je een Kaspersky Rescue CD of USB stick kunt aanmaken en hoe je hiervan kunt opstarten.
    1. Kaspersky Rescue USB stick.
    2. Kaspersky Rescue CD.

    Start vervolgens de computer van de Kaspesky Rescue CD of van de USB stick.
    • Als de computer is opgestart van de Kaspersky Rescue CD klik dan op de start (KDE) knop in de taakbalk en klik op "Terminal"


    • Geef in de terminal het commando windowsunlocker in en druk daarna op "enter".
    • Via de terminal zullen nu de registerwaarden die door de ransomware infectie zijn aangemaakt hersteld worden.
    • Herstart de computer.


    Vervolgens voer je de instructies uit die hier gegeven worden:

    Comment


    • #3
      Hallo Marckie,
      ik heb de Kaspersky cd gebruikt om te booten, maar na het gebruiken van de windowsunlocker is Windows nog steeds gelocked. Ik heb dan nog eens de bijkomende optie gekozen om bootsector copies te saven, maar ook dit hielp niet. Ik heb foto's van het scherm toegevoegd in bijlage.
      Bijgevoegde Bestanden

      Comment


      • #4
        Oorspronkelijk geplaatst door Marckie Bekijk Berichten

        Vervolgens voer je de instructies uit die hier gegeven worden:
        http://www.nucia.eu/forum/showthread.php?t=12
        Kan je dat ook uitvoeren Johan?

        Comment


        • #5
          Neen, als ik opstart met Windows krijg ik nog steeds het 'politie scherm' en kan ik niets doen.

          Comment


          • #6
            Na enkele keren rebooten lijkt window toch vrij te zijn. Ben nu bezig met de scans.

            Comment


            • #7
              Hallo Marckie,

              Hierbij de logjes:

              Malwarebytes Anti-Malware 1.61.0.1400
              Protect your home and business PCs, Macs, iOS and Android devices from malware, viruses & cyber threats with our comprehensive cyber security solutions. Free trials available.


              Databaseversie: v2012.07.08.01

              Windows Vista Service Pack 2 x86 NTFS
              Internet Explorer 9.0.8112.16421
              Frans :: PC_VAN_FRANS [administrator]

              8/07/2012 11:40:35
              mbam-log-2012-07-08 (11-40-35).txt

              Scantype: Snelle scan
              Ingeschakelde scanopties: Geheugen | Opstartitems | Register | Bestanden en mappen | Heuristiek/Extra | Heuristiek/Shuriken | PUP | PUM
              Uitgeschakelde scanopties: P2P
              Objecten gescand: 201286
              Verstreken tijd: 8 minuut/minuten, 13 seconde(n)

              Geheugenprocessen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Geheugenmodulen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registersleutels gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registerwaarden gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Registerdata gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Mappen gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              Bestanden gedetecteerd: 0
              (Geen kwaadaardige objecten gedetecteerd)

              (einde)

              .
              DDS (Ver_2011-08-26.01) - NTFSx86
              Internet Explorer: 9.0.8112.16421
              Run by Frans at 12:35:21 on 2012-07-08
              Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2037.969 [GMT 2:00]
              .
              AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
              SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
              SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
              .
              ============== Running Processes ===============
              .
              C:\Windows\system32\wininit.exe
              C:\Windows\system32\lsm.exe
              C:\Windows\system32\svchost.exe -k DcomLaunch
              C:\Windows\system32\svchost.exe -k rpcss
              c:\Program Files\Microsoft Security Client\MsMpEng.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
              C:\Windows\system32\svchost.exe -k netsvcs
              C:\Windows\system32\svchost.exe -k GPSvcGroup
              C:\Windows\system32\SLsvc.exe
              C:\Windows\system32\svchost.exe -k LocalService
              C:\Windows\system32\svchost.exe -k NetworkService
              C:\Windows\System32\spoolsv.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
              C:\Windows\system32\Dwm.exe
              C:\Windows\Explorer.EXE
              C:\Windows\system32\taskeng.exe
              C:\Windows\RtHDVCpl.exe
              C:\Windows\system32\taskeng.exe
              C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
              C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
              C:\Program Files\Common Files\LightScribe\LSSrvc.exe
              C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
              C:\Windows\system32\svchost.exe -k imgsvc
              C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
              C:\Windows\System32\svchost.exe -k WerSvcGroup
              C:\Windows\system32\SearchIndexer.exe
              C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
              C:\Program Files\Launch Manager\LaunchAp.exe
              C:\Program Files\Launch Manager\HotkeyApp.exe
              C:\Program Files\Launch Manager\OSD.exe
              C:\Program Files\Launch Manager\WButton.exe
              C:\Windows\System32\igfxtray.exe
              C:\Windows\System32\hkcmd.exe
              C:\Windows\System32\igfxpers.exe
              C:\Program Files\Common Files\Java\Java Update\jusched.exe
              C:\Program Files\Microsoft Security Client\msseces.exe
              C:\Windows\ehome\ehtray.exe
              C:\Program Files\Launch Manager\WisLMSvc.exe
              C:\Windows\system32\igfxsrvc.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              C:\Windows\ehome\ehmsas.exe
              C:\Program Files\Windows Media Player\wmpnscfg.exe
              C:\Program Files\Windows Media Player\wmpnetwk.exe
              C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Program Files\Internet Explorer\iexplore.exe
              C:\Windows\system32\conime.exe
              C:\Windows\system32\SearchProtocolHost.exe
              C:\Windows\system32\SearchFilterHost.exe
              C:\Windows\system32\DllHost.exe
              C:\Windows\system32\DllHost.exe
              C:\Windows\system32\wbem\wmiprvse.exe
              .
              ============== Pseudo HJT Report ===============
              .
              uStart Page = hxxp://www.google.com/
              uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
              BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
              BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
              BHO: Windows Live Aanmelden - Help: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
              BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
              uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
              mRun: [RtHDVCpl] RtHDVCpl.exe
              mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
              mRun: [LaunchAp] "c:\program files\launch manager\LaunchAp.exe"
              mRun: [HotkeyApp] "c:\program files\launch manager\HotkeyApp.exe"
              mRun: [LMgrOSD] "c:\program files\launch manager\OSD.exe"
              mRun: [Wbutton] "c:\program files\launch manager\Wbutton.exe"
              mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
              mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
              mRun: [Persistence] c:\windows\system32\igfxpers.exe
              mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
              mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
              mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
              mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
              IE: E&xporteren naar Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
              IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
              IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
              IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
              DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
              DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
              DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
              DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
              TCP: DhcpNameServer = 192.168.1.254
              TCP: Interfaces\{57760E0F-7BBA-4266-80A2-B6897C47CE0F} : DhcpNameServer = 192.168.1.254
              Notify: igfxcui - igfxdev.dll
              .
              ============= SERVICES / DRIVERS ===============
              .
              R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
              R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-4 21504]
              R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2010-3-31 350720]
              R3 WisLMSvc;WisLMSvc;c:\program files\launch manager\WisLMSvc.exe [2007-7-20 118784]
              S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
              S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 257224]
              S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 74112]
              S3 NisSrv;Microsoft Netwerkinspectie;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
              S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-1-4 16128]
              S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
              .
              =============== Created Last 30 ================
              .
              2012-07-08 10:06:34 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
              2012-07-08 09:34:26 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c23de22d-6a62-4c31-9576-cf099ec8dc3c}\offreg.dll
              2012-07-08 09:02:37 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a6c4850e-4324-4855-8465-b4976bf9e6b8}\gapaengine.dll
              2012-07-08 09:00:05 6762896 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c23de22d-6a62-4c31-9576-cf099ec8dc3c}\mpengine.dll
              2012-07-08 08:40:03 -------- d-sh--w- C:\found.000
              2012-07-03 18:13:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
              2012-07-03 17:35:26 -------- d-----w- c:\program files\GridinSoft Trojan Killer
              2012-07-03 00:00:49 6762896 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
              2012-06-21 16:56:48 2422272 ----a-w- c:\windows\system32\wucltux.dll
              2012-06-21 16:56:21 88576 ----a-w- c:\windows\system32\wudriver.dll
              2012-06-21 16:56:08 33792 ----a-w- c:\windows\system32\wuapp.exe
              2012-06-21 16:56:08 171904 ----a-w- c:\windows\system32\wuwebv.dll
              2012-06-14 18:28:34 984064 ----a-w- c:\windows\system32\crypt32.dll
              2012-06-14 18:28:34 133120 ----a-w- c:\windows\system32\cryptsvc.dll
              2012-06-14 18:28:33 98304 ----a-w- c:\windows\system32\cryptnet.dll
              2012-06-14 18:27:42 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
              2012-06-14 18:27:40 2045440 ----a-w- c:\windows\system32\win32k.sys
              2012-06-13 11:48:24 713784 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\nisbackup\gapaengine.dll
              .
              ==================== Find3M ====================
              .
              2012-06-21 16:55:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
              2012-06-21 16:55:44 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
              2012-05-17 22:45:37 1800192 ----a-w- c:\windows\system32\jscript9.dll
              2012-05-17 22:35:47 1129472 ----a-w- c:\windows\system32\wininet.dll
              2012-05-17 22:35:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
              2012-05-17 22:29:45 142848 ----a-w- c:\windows\system32\ieUnatt.exe
              2012-05-17 22:24:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
              .
              ============= FINISH: 12:35:50,30 ===============



              GMER 1.0.15.15641 - http://www.gmer.net
              Rootkit scan 2012-07-08 13:25:58
              Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD16 rev.04.0
              Running: gmer.exe; Driver: C:\Users\Frans\AppData\Local\Temp\ugdcikob.sys


              ---- Kernel code sections - GMER 1.0.15 ----

              ? C:\Users\Frans\AppData\Local\Temp\mbr.sys Het systeem kan het opgegeven bestand niet vinden. !

              ---- User code sections - GMER 1.0.15 ----

              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] kernel32.dll!CreateThread 76D4CB2E 5 Bytes JMP 702F75CB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!SetWindowsHookExW 76F587AD 5 Bytes JMP 703325AC C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!CallNextHookEx 76F58E3B 5 Bytes JMP 70357FDF C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!UnhookWindowsHookEx 76F598DB 5 Bytes JMP 7037ECE0 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!EnableWindow 76F5CD8B 5 Bytes JMP 70339EAC C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DefWindowProcA 76F5DB88 7 Bytes JMP 702F97F5 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!CreateWindowExA 76F5DC2A 5 Bytes JMP 7030362B C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!CreateWindowExW 76F61305 5 Bytes JMP 703603B7 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DefWindowProcW 76F703B4 7 Bytes JMP 70358042 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxParamW 76F810B0 5 Bytes JMP 7029187B C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxIndirectParamW 76F82EF5 5 Bytes JMP 70488D86 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxParamA 76F98152 5 Bytes JMP 70488D21 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!DialogBoxIndirectParamA 76F9847D 5 Bytes JMP 70488DEB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxIndirectA 76FAD4D9 5 Bytes JMP 70488CA8 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxIndirectW 76FAD5D3 5 Bytes JMP 70488C2F C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxExA 76FAD639 5 Bytes JMP 70488BCB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] USER32.dll!MessageBoxExW 76FAD65D 5 Bytes JMP 70488B67 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1080] ole32.dll!OleLoadFromStream 773B1E80 5 Bytes JMP 7048955F C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] kernel32.dll!CreateThread 76D4CB2E 5 Bytes JMP 702F75CB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!SetWindowsHookExW 76F587AD 5 Bytes JMP 703325AC C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!CallNextHookEx 76F58E3B 5 Bytes JMP 70357FDF C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!UnhookWindowsHookEx 76F598DB 5 Bytes JMP 7037ECE0 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!EnableWindow 76F5CD8B 5 Bytes JMP 70339EAC C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DefWindowProcA 76F5DB88 7 Bytes JMP 702F97F5 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!CreateWindowExA 76F5DC2A 5 Bytes JMP 7030362B C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!CreateWindowExW 76F61305 5 Bytes JMP 703603B7 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DefWindowProcW 76F703B4 7 Bytes JMP 70358042 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxParamW 76F810B0 5 Bytes JMP 7029187B C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxIndirectParamW 76F82EF5 5 Bytes JMP 70488D86 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxParamA 76F98152 5 Bytes JMP 70488D21 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!DialogBoxIndirectParamA 76F9847D 5 Bytes JMP 70488DEB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectA 76FAD4D9 5 Bytes JMP 70488CA8 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxIndirectW 76FAD5D3 5 Bytes JMP 70488C2F C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxExA 76FAD639 5 Bytes JMP 70488BCB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] USER32.dll!MessageBoxExW 76FAD65D 5 Bytes JMP 70488B67 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1240] ole32.dll!OleLoadFromStream 773B1E80 5 Bytes JMP 7048955F C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!EnableWindow 76F5CD8B 5 Bytes JMP 70339EAC C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!DialogBoxParamW 76F810B0 5 Bytes JMP 7029187B C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!DialogBoxIndirectParamW 76F82EF5 5 Bytes JMP 70488D86 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!DialogBoxParamA 76F98152 5 Bytes JMP 70488D21 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!DialogBoxIndirectParamA 76F9847D 5 Bytes JMP 70488DEB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!MessageBoxIndirectA 76FAD4D9 5 Bytes JMP 70488CA8 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!MessageBoxIndirectW 76FAD5D3 5 Bytes JMP 70488C2F C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!MessageBoxExA 76FAD639 5 Bytes JMP 70488BCB C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)
              .text C:\Program Files\Internet Explorer\iexplore.exe[1320] USER32.dll!MessageBoxExW 76FAD65D 5 Bytes JMP 70488B67 C:\Windows\system32\IEFRAME.dll (Internetbrowser/Microsoft Corporation)

              ---- Devices - GMER 1.0.15 ----

              AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
              AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
              AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)
              AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Bestandssysteemfilterbeheer/Microsoft Corporation)

              ---- Registry - GMER 1.0.15 ----

              Reg HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@c!s!f!`!j!`!m!`!\22!t!t!r!j!r!s!f! 19583823

              ---- EOF - GMER 1.0.15 ----

              Comment


              • #8
                Download combofix.exe van deze site: http://www.bleepingcomputer.com/comb...uikt-te-worden .
                ComboFix zal wanneer de Recovery Console niet geïnstalleerd is, voorstellen om deze te downloaden en te installeren. Sta dit toe.
                Wanneer de Recovery Console geïnstalleerd is, laat je ComboFix de computer scannen.
                Wanneer ComboFix start, kan het zijn dat je een Error melding krijgt dat de "contents of the ComboFix package has been compromised".
                Ga niet verder met de instructies, maar download ComboFix opnieuw. Deze melding kan verschijnen wanneer een file-infector (Virut) actief is op de computer.
                Krijg je deze melding dan meld je dit.
                Wanneer ComboFix klaar is met scannen, dit kan eventueel na een reboot zijn, opent er een logfile (combofix.txt).
                Post de inhoud van dit bestandje.

                Comment


                • #9
                  Hierbij het logje:

                  ComboFix 12-07-07.04 - Frans 08/07/2012 15:43:30.2.2 - x86
                  Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.32.1043.18.2037.1271 [GMT 2:00]
                  Gestart vanuit: c:\users\Frans\Desktop\ComboFix.exe
                  AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
                  SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
                  SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
                  .
                  .
                  (((((((((((((((((((( Bestanden Gemaakt van 2012-06-08 to 2012-07-08 ))))))))))))))))))))))))))))))
                  .
                  .
                  2012-07-08 13:49 . 2012-07-08 13:49 -------- d-----w- c:\users\Frans\AppData\Local\temp
                  2012-07-08 13:49 . 2012-07-08 13:49 -------- d-----w- c:\users\Public\AppData\Local\temp
                  2012-07-08 13:49 . 2012-07-08 13:49 -------- d-----w- c:\users\Default\AppData\Local\temp
                  2012-07-08 13:29 . 2012-07-08 13:29 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C23DE22D-6A62-4C31-9576-CF099EC8DC3C}\MpKsl7b8f438a.sys
                  2012-07-08 13:21 . 2012-07-08 13:21 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C23DE22D-6A62-4C31-9576-CF099EC8DC3C}\offreg.dll
                  2012-07-08 13:18 . 2012-07-08 13:18 -------- d-----w- c:\program files\Common Files\Java
                  2012-07-08 13:17 . 2012-07-08 13:17 -------- d-----w- c:\program files\Oracle
                  2012-07-08 13:16 . 2012-05-04 17:29 772504 ----a-w- c:\windows\system32\npDeployJava1.dll
                  2012-07-08 13:16 . 2012-07-08 13:16 -------- d-----w- c:\program files\Java
                  2012-07-08 10:06 . 2012-07-08 10:28 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
                  2012-07-08 09:02 . 2012-04-02 16:29 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6C4850E-4324-4855-8465-B4976BF9E6B8}\gapaengine.dll
                  2012-07-08 09:00 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C23DE22D-6A62-4C31-9576-CF099EC8DC3C}\mpengine.dll
                  2012-07-08 08:40 . 2012-07-08 08:40 -------- d-----w- C:\found.000
                  2012-07-03 18:13 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
                  2012-07-03 17:35 . 2012-07-03 17:47 -------- d-----w- c:\program files\GridinSoft Trojan Killer
                  2012-07-03 00:00 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
                  2012-06-21 16:56 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
                  2012-06-21 16:56 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
                  2012-06-21 16:56 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
                  2012-06-21 16:56 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
                  2012-06-21 16:56 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
                  2012-06-21 16:56 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
                  2012-06-21 16:56 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
                  2012-06-21 16:56 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
                  2012-06-21 16:56 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
                  2012-06-14 18:28 . 2012-04-23 16:00 984064 ----a-w- c:\windows\system32\crypt32.dll
                  2012-06-14 18:28 . 2012-04-23 16:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
                  2012-06-14 18:28 . 2012-04-23 16:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
                  2012-06-14 18:27 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
                  2012-06-14 18:27 . 2012-05-15 19:51 2045440 ----a-w- c:\windows\system32\win32k.sys
                  2012-06-13 11:48 . 2012-04-02 16:29 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
                  .
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  2012-06-21 16:55 . 2012-04-02 13:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
                  2012-06-21 16:55 . 2012-04-02 13:58 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
                  2012-05-04 17:29 . 2011-01-17 19:08 687504 ----a-w- c:\windows\system32\deployJava1.dll
                  2012-04-20 19:49 . 2012-04-20 19:49 658512 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
                  .
                  .
                  ((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
                  .
                  .
                  *Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond
                  REGEDIT4
                  .
                  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
                  .
                  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
                  "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
                  "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 857648]
                  "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
                  "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-14 192512]
                  "LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
                  "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
                  "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
                  "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
                  "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
                  "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
                  "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
                  "EnableUIADesktopToggle"= 0 (0x0)
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
                  @="Service"
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
                  2006-12-23 16:05 143360 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
                  2007-03-21 11:00 174872 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
                  2006-01-12 13:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
                  2006-11-22 16:31 630784 ----a-w- c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\toolbar_eula_launcher]
                  2007-02-09 14:54 16896 ----a-w- c:\program files\GoogleEULA\EULALauncher.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS10 Preload]
                  2006-08-10 01:27 36864 ----a-w- c:\program files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
                  2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
                  .
                  R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
                  .
                  .
                  --- Andere Services/Drivers In Geheugen ---
                  .
                  *NewlyCreated* - MPKSL7B8F438A
                  .
                  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
                  LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
                  .
                  Inhoud van de 'Gedeelde Taken' map
                  .
                  2012-07-08 c:\windows\Tasks\Adobe Flash Player Updater.job
                  - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 16:55]
                  .
                  .
                  ------- Bijkomende Scan -------
                  .
                  uStart Page = hxxp://www.google.com/
                  uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
                  IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
                  IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
                  TCP: DhcpNameServer = 192.168.1.254
                  .
                  .
                  **************************************************************************
                  .
                  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
                  Rootkit scan 2012-07-08 15:49
                  Windows 6.0.6002 Service Pack 2 NTFS
                  .
                  scannen van verborgen processen ...
                  .
                  scannen van verborgen autostart items ...
                  .
                  scannen van verborgen bestanden ...
                  .
                  Scan succesvol afgerond
                  verborgen bestanden: 0
                  .
                  **************************************************************************
                  .
                  --------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------
                  .
                  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
                  @Denied: (A) (Users)
                  @Denied: (A) (Everyone)
                  @Allowed: (B 1 2 3 4 5) (S-1-5-20)
                  "BlindDial"=dword:00000000
                  "MSCurrentCountry"=dword:000000b5
                  .
                  Voltooingstijd: 2012-07-08 15:52:24
                  ComboFix-quarantined-files.txt 2012-07-08 13:52
                  ComboFix2.txt 2012-04-03 06:58
                  .
                  Pre-Run: 71.110.389.760 bytes beschikbaar
                  Post-Run: 71.264.178.176 bytes beschikbaar
                  .
                  - - End Of File - - 643E0B7C359BDB86E157D1CF007D0387

                  Comment


                  • #10
                    Dit lijkt mij ok. Geef een update van de problemen.

                    Comment


                    • #11
                      Volgens mij geen problemen meer, alles lijkt normaal te werken.

                      Comment


                      • #12
                        Mooi. Dan gaan we afsluiten Johan.
                        Deïnstalleer ComboFix. Ga naar "Start" - "Uitvoeren" en tik in: Combofix /Uninstall
                        (Let op de spatie tussen Combofix en /Uninstall)
                        Druk daarna op Enter.
                        Dit zal Combofix en ook alle gerelateerde mappen en bestanden verwijderen.

                        Voer de instructies uit die hier gegeven worden: De computer is malware-vrij, wat nu te doen?

                        Meer info over hoe je een nieuwe infectie kan voorkomen vind je hier.
                        Lees ook dit artikel even door: Niets voor niets.

                        De status van deze thread zet ik op opgelost.
                        Indien er niet meer gereageerd wordt, zal binnen een 3-tal dagen deze thread automatisch verplaatst worden naar de sectie Opgeloste hijackthislogs en is een reactie niet meer mogelijk. Dit om het forum netjes en overzichtelijk te houden.
                        Blijkt dat er toch nog problemen zijn, en je wil weer reageren in dit topic, dan stuur je me een privé bericht met verzoek om heropening.

                        Happy surfing again.

                        Comment


                        • #13
                          DANKJEWEL !!

                          Comment


                          • #14
                            Graag gedaan hoor.

                            Comment

                            Sorry, you are not authorized to view this page
                            Working...
                            X