Ukash-virus (610)

[kape]

Kan je bij de foutmelding van McAfee ook doorklikken om Combofix verder te laten runnen ?

[Dankbare]

beste kape,

uit angst voor conflikten durf ik dat niet

[kape]

beste kape,

uit angst voor conflikten durf ik dat niet

Conflicten hoef je niet te vrezen. Het enige dat kan gebeuren is dat Combofix NIET werkt, of dat McAfee de bestanden van Combofix opslokt of verwijderd naar de quarantaine. Meer niet.

[Dankbare]

beste kape,

heb dan maar de stap gewaagd.mcafee heeft inderdaad melding gemaakt dat ze een besmette file in quarentaine hebben gezet.het proces van combofix is wel tot het einde doorgegaan met volgend rapport :

c:\users\daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3 .lnk

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-08-13 to 2012-09-13 ))))))))))))))))))))))))))))))

.

.

2012-09-13 09:56 . 2012-09-13 09:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-09-07 04:00 . 2012-09-07 04:00 -------- d-----w- c:\users\daniel\AppData\Roaming\Malwarebytes

2012-09-07 03:59 . 2012-09-07 03:59 -------- d-----w- c:\programdata\Malwarebytes

2012-09-07 03:59 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-07 03:59 . 2012-09-07 03:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-09-07 03:37 . 2012-09-07 03:37 -------- d-----w- c:\users\daniel\AppData\Local\ElevatedDiagnostics

2012-09-06 02:06 . 2012-09-07 04:06 -------- d-----w- c:\users\daniel\AppData\Roaming\Yvifx

2012-09-06 02:06 . 2012-09-06 02:06 -------- d-----w- c:\users\daniel\AppData\Roaming\Suiwa

2012-08-22 01:28 . 2012-08-22 01:43 -------- d-----w- c:\windows\Microsoft Antimalware

2012-08-21 16:01 . 2012-08-21 16:01 388096 ----a-r- c:\users\daniel\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-08-21 16:01 . 2012-08-21 16:01 -------- d-----w- c:\program files\Trend Micro

2012-08-21 15:56 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys

2012-08-16 01:21 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll

2012-08-16 01:21 . 2012-07-18 17:47 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-08-16 01:21 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll

2012-08-16 01:21 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-16 01:21 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll

2012-08-16 01:21 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll

2012-08-16 01:20 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll

2012-08-15 01:27 . 2012-08-15 01:54 -------- d-----w- c:\programdata\lbbvqvmdqqftbvm

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-04 06:59 . 2012-05-05 18:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-04 06:59 . 2012-01-21 04:38 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

"BrowserChoice"="c:\windows\System32\browserchoice.exe" [2010-02-11 293376]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-01 9398888]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-11-01 1873192]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1318816]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2011-02-15 2757312]

"PMBVolumeWatcher"="c:\program files\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-26 648032]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-01-03 13:10 35736 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

R2 gupdate;Google Update-service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]

R3 DCDhcpService;DCDhcpService;c:\program files\Sony\VAIO Smart Network\WFDA\DCDhcpService.exe [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6032.sys [x]

R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]

R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 SOHCImp;VAIO Content Importer;c:\program files\Common Files\Sony Shared\SOHLib\SOHCImp.exe [x]

R3 SOHDs;VAIO Device Searcher;c:\program files\Common Files\Sony Shared\SOHLib\SOHDs.exe [x]

R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]

R3 VCFw;VAIO Content Folder Watcher;c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [x]

R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [x]

R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [x]

R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [x]

R3 WatAdminSvc;Windows Activation Technologies-service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [x]

S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]

S2 AntUpdaterService;Ant Toolbar updater service;c:\program files\Ant.com\IE add-on\AntUpdaterService.exe [x]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [x]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [x]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [x]

S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [x]

S2 uCamMonitor;CamMonitor;c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [x]

S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [x]

S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]

S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [x]

.

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - mfeavfk01

.

Inhoud van de 'Gedeelde Taken' map

.

2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-28 07:45]

.

2012-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-28 07:45]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.google.be/ig?hl=nl&source=webhp

uInternet Settings,ProxyOverride = *.local;<local>

TCP: DhcpNameServer = 192.168.1.1

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]

"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Voltooingstijd: 2012-09-13 12:06:10

ComboFix-quarantined-files.txt 2012-09-13 10:06

.

Pre-Run: 401.276.854.272 bytes beschikbaar

Post-Run: 401.850.073.088 bytes beschikbaar

.

- - End Of File - - 816ED99F40A8BA8D10C4B0BEE610D2B8

[kape]

Verwijder manueel volgende vetgedrukte mappen :

c:\users\daniel\AppData\Roaming\Yvifx

c:\users\daniel\AppData\Roaming\Suiwa

c:\programdata\lbbvqvmdqqftbvm

En dan mag je Combofix terug verwijderen via Start -> Uitvoeren/Zoekopdracht/Programma’s en bestanden zoeken en typ daar: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Dan zou je probleem helemaal opgelost moeten zijn. Is dat ook zo ?

[Dankbare]

beste kape,

heb uitgevoerd wat u vroeg en hoop dat nu alles ok is.

Wat moet ik doen met MBAM?Mag dat in de pc blijven staan? Mijn McAfee is permanent ingeschakeld.zijn ok hier geen conflicten mogelijk.Misschien een domme vraag?

[kape]

Malwarebytes is een aanbevolen programma. Mag je dus op de PC laten staan en zelfs met enige regelmaat eens laten scannen. Doe dan wel steeds een update, zodat je met de meest recente database werkt. Werkt perfect samen met een antivirusprogramma, indien je de realtime-bescherming van Malwarebytes niet gebruikt.