Ga naar inhoud

Antimalware Doctor


Aanbevolen berichten

Gedaan...alleen kon die geen internetverbinding maken op een of andere manier, dus of het nou helemaal goed is gegaan weet ik niet. Zag wel dat hij het een en ander verwijderde en opnieuw installeerde dus...

Logje:

ComboFix 11-03-31.04 - Administrator 01-04-2011 16:21:39.1.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1291 [GMT 2:00]

Gestart vanuit: e:\documents and settings\Administrator\Bureaublad\ComboFix.exe

.

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\explorer.exe

e:\documents and settings\Administrator\Application Data\Adobe\plugs

e:\documents and settings\Administrator\Application Data\Adobe\shed

e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4

e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4\enemies-names.txt

e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4\local.ini

e:\documents and settings\Administrator\Application Data\D85023B5B3169575836CA5F003E746C4\lsrslt.ini

e:\documents and settings\NetworkService\Local Settings\Application Data\gmecoss.dll

E:\install.exe

e:\windows\system\WINSPOOL.DRV

.

e:\windows\regedit.exe . . . is geïnfecteerd!!

.

e:\windows\system32\msgsvc.dll . . . is geïnfecteerd!!

.

e:\windows\NOTEPAD.EXE . . . is geïnfecteerd!!

.

e:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\ahui.exe . . . is geïnfecteerd!!

.

e:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\cmd.exe . . . is geïnfecteerd!!

.

e:\windows\system32\logonui.exe . . . is geïnfecteerd!!

.

e:\windows\system32\sndrec32.exe . . . is geïnfecteerd!!

.

e:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\taskmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\usmt\migwiz.exe . . . is geïnfecteerd!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_SSHNAS

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-01 to 2011-04-01 ))))))))))))))))))))))))))))))

.

.

2011-03-05 15:14 . 2011-04-01 11:56 -------- d-----r- E:\Program Files

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-05 16:18 . 2003-02-14 15:30 348480 ----a-w- e:\windows\system32\drivers\Cap7134.sys

2011-03-05 16:18 . 2003-01-29 10:49 110592 ----a-w- e:\windows\system32\34com.dll

2011-03-05 16:18 . 2003-01-29 10:45 90112 ----a-w- e:\windows\system32\Prop7134.dll

2011-03-05 16:18 . 2003-01-29 10:40 23552 ----a-w- e:\windows\system32\34ds.dll

2011-03-05 16:18 . 2003-01-29 10:40 94208 ----a-w- e:\windows\system32\34dialog.dll

2011-03-05 16:18 . 2003-01-29 10:39 73728 ----a-w- e:\windows\system32\34TvCtrl.dll

2011-03-05 16:18 . 2003-01-29 10:36 282624 ----a-w- e:\windows\system32\34dlg2.dll

2011-03-05 16:18 . 2003-01-29 10:33 135168 ----a-w- e:\windows\system32\34api.dll

2011-03-05 16:18 . 2003-01-29 10:32 77824 ----a-w- e:\windows\system32\34dd.dll

2011-03-05 16:18 . 2003-03-04 09:56 145408 ----a-w- e:\windows\system32\drivers\e100b325.sys

2011-03-05 16:18 . 2003-03-03 13:26 118784 ----a-w- e:\windows\system32\Prounstl.exe

2011-03-05 16:18 . 2003-02-03 03:26 12288 ----a-w- e:\windows\system32\e100bmsg.dll

2011-03-05 16:18 . 2002-12-29 02:00 24064 ----a-w- e:\windows\system32\IntelNic.dll

2011-03-05 16:16 . 2004-07-22 13:50 1268234 ----a-w- e:\windows\system32\drivers\AGRSM.sys

2011-03-05 16:16 . 2004-07-22 12:38 88361 ----a-w- e:\windows\AGRSMMSG.exe

2011-03-05 16:16 . 2004-04-05 09:49 64512 ----a-w- e:\windows\agrsmdel.exe

2011-03-05 14:38 . 2007-02-05 16:08 219136 ----a-w- e:\windows\system32\uxtheme.dll

2011-03-05 12:35 . 2011-03-05 12:35 715248 ----a-w- e:\windows\system32\drivers\sptd.svs

2011-03-18 18:03 . 2011-03-31 19:11 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . e:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe

[-] 2007-08-16 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . e:\windows\explorer.exe

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD}]

2011-03-30 19:51 739328 ----a-w- e:\windows\system32\aoigwerg.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]

"SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"AGRSMMSG"="AGRSMMSG.exe" [2011-03-05 88361]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"WinampAgent"="e:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"HitmanPro35"="e:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-04-01 6449984]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"PackNoVs"="e:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304]

.

e:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Sweex WiFi Utility.lnk - e:\program files\Sweex\Installer\WINXP\SWU.exe [2011-3-12 598016]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"SetVisualStyle"= e:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc E 1

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Winamp\\winamp.exe"=

"e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"e:\\Program Files\\SopCast\\SopCast.exe"=

"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

.

R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5-3-2011 16:35 715248]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [16-3-2011 22:30 218688]

S0 hpnebafs;hpnebafs;e:\windows\system32\drivers\hpnebafs.sys --> e:\windows\system32\drivers\hpnebafs.sys [?]

S2 HitmanPro35CrusaderBoot;Hitman Pro 3.5 Crusader (Boot);e:\documents and settings\Administrator\Bureaublad\HitmanPro35.exe [1-4-2011 13:55 6449984]

S2 tlnasxhj;Microsoft USB 2.0 Enhanced Host Controller Miniport Helper;e:\windows\System32\svchost.exe -k netsvcs [31-12-2002 8:00 14336]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

tlnasxhj

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.fr12.nl/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: e:\program files\common files\pc tools\lsp\pctlsp.dll

FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3fhmyps.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.fr12.nl/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-4E3E0230AEBB4E96 - e:\recycle.bin\Recycle.Bin.exe

HKCU-Run-Kraxuquga - e:\windows\usysg3dp.dll

HKLM_ActiveSetup-{D58F39FF-953E-4F45-898F-59F243B9A523} - e:\windows\system32\hidec

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-01 16:32

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HitmanPro35CrusaderBoot]

"ImagePath"="\"e:\documents and settings\Administrator\Bureaublad\HitmanPro35.exe\" /crusader:boot"

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\

.

[HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\SecuROM\License information*]

"datasecu"=hex:d2,b5,ba,7a,50,dd,32,37,ee,18,af,f9,e1,ce,83,f8,83,e6,5a,0b,65,

da,d8,64,fe,ad,4f,42,30,bd,2b,8a,c0,2b,76,9c,61,11,61,c4,ff,8e,e0,98,05,33,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(792)

e:\windows\system32\sfc_os.dll

e:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(1944)

e:\windows\system32\ntshrui.dll

e:\windows\system32\browselc.dll

e:\windows\system32\portabledeviceapi.dll

e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

e:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.NLD

.

Voltooingstijd: 2011-04-01 16:36:21 - machine werd herstart

ComboFix-quarantined-files.txt 2011-04-01 14:36

.

Pre-Run: 11.398.017.024 bytes beschikbaar

Post-Run: 11.526.295.552 bytes beschikbaar

.

- - End Of File - - 9B6161D1E8E650C375A08C6184F4C482

nieuw logje HiJackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:42:07, on 1-4-2011

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

E:\WINDOWS\System32\smss.exe

E:\WINDOWS\system32\winlogon.exe

E:\WINDOWS\system32\services.exe

E:\WINDOWS\system32\lsass.exe

E:\WINDOWS\system32\Ati2evxx.exe

E:\WINDOWS\system32\svchost.exe

E:\WINDOWS\System32\svchost.exe

E:\WINDOWS\system32\spoolsv.exe

E:\Program Files\Java\jre6\bin\jqs.exe

E:\WINDOWS\system32\svchost.exe

E:\Program Files\UPHClean\uphclean.exe

E:\WINDOWS\Explorer.EXE

E:\WINDOWS\system32\wuauclt.exe

E:\WINDOWS\system32\rundll32.exe

E:\Program Files\Desktop Tray Clock\DTClock.exe

E:\WINDOWS\AGRSMMSG.exe

E:\WINDOWS\system32\wscntfy.exe

E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

E:\Program Files\DivX\DivX Update\DivXUpdate.exe

E:\Program Files\Common Files\Java\Java Update\jusched.exe

E:\Program Files\Sweex\Installer\WINXP\SWU.exe

E:\Program Files\Mozilla Firefox\firefox.exe

E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

E:\WINDOWS\system32\wuauclt.exe

E:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = FR12.nl - Waar Feyenoord is zijn wij!

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, Messenger, nieuws en entertainment vind je op MSN.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - E:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

O2 - BHO: (no name) - {A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD} - e:\windows\system32\aoigwerg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe

O4 - HKLM\..\Run: [startCCC] "E:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [DivXUpdate] "E:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [HitmanPro35] "E:\Program Files\Hitman Pro 3.5\HitmanPro35.exe" /scan:boot

O4 - HKCU\..\Run: [skinClock] E:\Program Files\Desktop Tray Clock\DTClock.exe

O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "E:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [PackNoVs] "E:\WINDOWS\BricoPacks\Vista Inspirat 2\pack-it.exe" --unsetvs (User 'Default user')

O4 - Global Startup: Microsoft Office.lnk = E:\Program Files\Microsoft Office\Office\OSA9.EXE

O4 - Global Startup: Sweex WiFi Utility.lnk = E:\Program Files\Sweex\Installer\WINXP\SWU.exe

O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O22 - SharedTaskScheduler: Preloader van browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Cache-daemon voor onderdeelcategorieën - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe

O23 - Service: Hitman Pro 3.5 Crusader (Boot) (HitmanPro35CrusaderBoot) - SurfRight B.V. - E:\Documents and Settings\Administrator\Bureaublad\HitmanPro35.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe

--

End of file - 5488 bytes

Wanneer is het nou eindelijk over ??

Grt

Kevin

Link naar reactie
Delen op andere sites

  • Reacties 25
  • Aangemaakt
  • Laatste reactie

Beste reacties in dit topic

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

e:\windows\system32\drivers\hpnebafs.sys

FCOPY:: e:\windows\ServicePackFiles\i386\regedit.exe | e:\windows\regedit.exe

e:\windows\ServicePackFiles\i386\msgsvc.dll | e:\windows\system32\msgsvc.dll

e:\windows\ServicePackFiles\i386\NOTEPAD.EXE | e:\windows\NOTEPAD.EXE

e:\windows\ServicePackFiles\i386\HelpCtr.exe | e:\windows\pchealth\helpctr\binaries\HelpCtr.exe

e:\windows\ServicePackFiles\i386\ahui.exe | e:\windows\system32\ahui.exe

e:\windows\ServicePackFiles\i386\cleanmgr.exe | e:\windows\system32\cleanmgr.exe

e:\windows\ServicePackFiles\i386\cmd.exe | e:\windows\system32\cmd.exe

e:\windows\ServicePackFiles\i386\logonui.exe | e:\windows\system32\logonui.exe

e:\windows\ServicePackFiles\i386\sndrec32.exe | e:\windows\system32\sndrec32.exe

e:\windows\ServicePackFiles\i386\sysocmgr.exe | e:\windows\system32\sysocmgr.exe

e:\windows\ServicePackFiles\i386\taskmgr.exe | e:\windows\system32\taskmgr.exe

e:\windows\ServicePackFiles\i386\wiaacmgr.exe | e:\windows\system32\wiaacmgr.exe

e:\windows\ServicePackFiles\i386\migwiz.exe | e:\windows\system32\usmt\migwiz.exe

Registry::

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A2F4369D-ACB7-EE88-86A5-3D8E4226F8FD}]

Driver::

hpnebafs

Sla dit bestand op je bureaublad op als CFScript.txt.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

Link naar reactie
Delen op andere sites

Ok, ook dit weer gedaan.

Logje

ComboFix 11-03-31.04 - Administrator 02-04-2011 12:57:53.2.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1282 [GMT 2:00]

Gestart vanuit: e:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: e:\documents and settings\Administrator\Bureaublad\CFScript.txt

.

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

FILE ::

"e:\windows\system32\drivers\hpnebafs.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

e:\windows\regedit.exe . . . is geïnfecteerd!!

.

Besmet exemplaar van e:\windows\system32\msgsvc.dll werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - e:\windows\ERDNT\cache\msgsvc.dll

.

e:\windows\NOTEPAD.EXE . . . is geïnfecteerd!!

.

e:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\ahui.exe . . . is geïnfecteerd!!

.

e:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\cmd.exe . . . is geïnfecteerd!!

.

e:\windows\system32\logonui.exe . . . is geïnfecteerd!!

.

e:\windows\system32\sndrec32.exe . . . is geïnfecteerd!!

.

e:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\taskmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\usmt\migwiz.exe . . . is geïnfecteerd!!

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_HPNEBAFS

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-02 to 2011-04-02 ))))))))))))))))))))))))))))))

.

.

2011-03-05 15:14 . 2011-04-01 11:56 -------- d-----r- E:\Program Files

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-05 16:18 . 2003-02-14 15:30 348480 ----a-w- e:\windows\system32\drivers\Cap7134.sys

2011-03-05 16:18 . 2003-01-29 10:49 110592 ----a-w- e:\windows\system32\34com.dll

2011-03-05 16:18 . 2003-01-29 10:45 90112 ----a-w- e:\windows\system32\Prop7134.dll

2011-03-05 16:18 . 2003-01-29 10:40 23552 ----a-w- e:\windows\system32\34ds.dll

2011-03-05 16:18 . 2003-01-29 10:40 94208 ----a-w- e:\windows\system32\34dialog.dll

2011-03-05 16:18 . 2003-01-29 10:39 73728 ----a-w- e:\windows\system32\34TvCtrl.dll

2011-03-05 16:18 . 2003-01-29 10:36 282624 ----a-w- e:\windows\system32\34dlg2.dll

2011-03-05 16:18 . 2003-01-29 10:33 135168 ----a-w- e:\windows\system32\34api.dll

2011-03-05 16:18 . 2003-01-29 10:32 77824 ----a-w- e:\windows\system32\34dd.dll

2011-03-05 16:18 . 2003-03-04 09:56 145408 ----a-w- e:\windows\system32\drivers\e100b325.sys

2011-03-05 16:18 . 2003-03-03 13:26 118784 ----a-w- e:\windows\system32\Prounstl.exe

2011-03-05 16:18 . 2003-02-03 03:26 12288 ----a-w- e:\windows\system32\e100bmsg.dll

2011-03-05 16:18 . 2002-12-29 02:00 24064 ----a-w- e:\windows\system32\IntelNic.dll

2011-03-05 16:16 . 2004-07-22 13:50 1268234 ----a-w- e:\windows\system32\drivers\AGRSM.sys

2011-03-05 16:16 . 2004-07-22 12:38 88361 ----a-w- e:\windows\AGRSMMSG.exe

2011-03-05 16:16 . 2004-04-05 09:49 64512 ----a-w- e:\windows\agrsmdel.exe

2011-03-05 14:38 . 2007-02-05 16:08 219136 ----a-w- e:\windows\system32\uxtheme.dll

2011-03-05 12:35 . 2011-03-05 12:35 715248 ----a-w- e:\windows\system32\drivers\sptd.svs

2011-03-18 18:03 . 2011-03-31 19:11 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . e:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe

[-] 2007-08-16 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . e:\windows\explorer.exe

.

((((((((((((((((((((((((((((( SnapShot@2011-04-01_14.33.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-04-02 11:06 . 2011-04-02 11:06 16384 e:\windows\temp\Perflib_Perfdata_6b4.dat

- 2002-12-31 06:00 . 2011-04-01 14:23 90642 e:\windows\system32\perfc013.dat

+ 2002-12-31 06:00 . 2011-04-02 10:58 90642 e:\windows\system32\perfc013.dat

- 2002-12-31 06:00 . 2011-04-01 14:23 71002 e:\windows\system32\perfc009.dat

+ 2002-12-31 06:00 . 2011-04-02 10:58 71002 e:\windows\system32\perfc009.dat

- 2011-04-01 11:56 . 2011-04-01 12:36 16968 e:\windows\system32\drivers\hitmanpro35.sys

+ 2011-04-01 11:56 . 2011-04-02 07:22 16968 e:\windows\system32\drivers\hitmanpro35.sys

+ 2002-12-31 06:00 . 2011-04-02 10:58 508570 e:\windows\system32\perfh013.dat

- 2002-12-31 06:00 . 2011-04-01 14:23 508570 e:\windows\system32\perfh013.dat

- 2002-12-31 06:00 . 2011-04-01 14:23 440684 e:\windows\system32\perfh009.dat

+ 2002-12-31 06:00 . 2011-04-02 10:58 440684 e:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]

"SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"AGRSMMSG"="AGRSMMSG.exe" [2011-03-05 88361]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"WinampAgent"="e:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"HitmanPro35"="e:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-04-01 6449984]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"PackNoVs"="e:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304]

.

e:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Sweex WiFi Utility.lnk - e:\program files\Sweex\Installer\WINXP\SWU.exe [2011-3-12 598016]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"SetVisualStyle"= e:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc E 1

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Winamp\\winamp.exe"=

"e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"e:\\Program Files\\SopCast\\SopCast.exe"=

"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

.

R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5-3-2011 16:35 715248]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [16-3-2011 22:30 218688]

S2 tlnasxhj;Microsoft USB 2.0 Enhanced Host Controller Miniport Helper;e:\windows\System32\svchost.exe -k netsvcs [31-12-2002 8:00 14336]

.

--- Andere Services/Drivers In Geheugen ---

.

*Deregistered* - uphcleanhlp

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

tlnasxhj

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.fr12.nl/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: e:\program files\common files\pc tools\lsp\pctlsp.dll

FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3fhmyps.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.fr12.nl/

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-02 13:06

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, GMER - Rootkit Detector and Remover

Windows 5.1.2600 Disk: WDC_WD1200BB-22DWA0 rev.15.05R15 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4

.

device: opened successfully

user: MBR read successfully

.

Disk trace:

called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x899141F8]<<

_asm { MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX; PUSH 0x89914008; MOV EAX, 0xf74e93b8; CALL EAX; }

1 nt!IofCallDriver[0x804E13B9] -> \Device\Harddisk0\DR0[0x89873AB8]

3 CLASSPNP[0xF765805B] -> nt!IofCallDriver[0x804E13B9] -> \Device\0000006e[0x898E4A00]

5 ACPI[0xF7497620] -> nt!IofCallDriver[0x804E13B9] -> \Device\Ide\IdeDeviceP0T0L0-4[0x89809940]

\Driver\atapi[0x89852F38] -> IRP_MJ_CREATE -> 0x899141F8

kernel: MBR read successfully

_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [bP+0x0], CH; JL 0x2e; JNZ 0x3a; }

detected disk devices:

\Device\Ide\IdeDeviceP0T1L0-c -> \??\IDE#DiskWDC_WD300BB-00AUA1______________________18.20D18#4457572d414d5736333131373231_031_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

detected hooks:

\Driver\atapi DriverStartIo -> 0x89721AF1

\Driver\atapi -> 0x899141f8

user & kernel MBR OK

Warning: possible TDL3 rootkit infection !

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\

.

[HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\SecuROM\License information*]

"datasecu"=hex:d2,b5,ba,7a,50,dd,32,37,ee,18,af,f9,e1,ce,83,f8,83,e6,5a,0b,65,

da,d8,64,fe,ad,4f,42,30,bd,2b,8a,c0,2b,76,9c,61,11,61,c4,ff,8e,e0,98,05,33,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(888)

e:\windows\system32\sfc_os.dll

e:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'lsass.exe'(944)

e:\program files\common files\pc tools\lsp\pctlsp.dll

.

- - - - - - - > 'explorer.exe'(3848)

e:\windows\system32\ntshrui.dll

e:\program files\Desktop Tray Clock\Clock.dll

e:\windows\system32\wpdshserviceobj.dll

e:\windows\system32\webcheck.dll

e:\windows\system32\portabledevicetypes.dll

e:\windows\system32\portabledeviceapi.dll

e:\windows\system32\NETSHELL.dll

e:\windows\system32\credui.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

e:\windows\system32\Ati2evxx.exe

e:\windows\system32\Ati2evxx.exe

e:\program files\Java\jre6\bin\jqs.exe

e:\program files\UPHClean\uphclean.exe

e:\windows\system32\wscntfy.exe

e:\windows\system32\rundll32.exe

e:\windows\AGRSMMSG.exe

e:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

e:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe

e:\\?\e:\windows\system32\WBEM\WMIADAP.EXE

.

**************************************************************************

.

Voltooingstijd: 2011-04-02 13:10:14 - machine werd herstart

ComboFix-quarantined-files.txt 2011-04-02 11:10

ComboFix2.txt 2011-04-01 14:36

.

Pre-Run: 11.461.570.560 bytes beschikbaar

Post-Run: 11.536.068.608 bytes beschikbaar

.

- - End Of File - - 608F19E03E14814DB9A1CAC48F0CC4AA

Is het normaal dat ik dit elke keer in veilige modus moet doen? In normale modus doet hij het niet, komt dit misschien door het virus?

Link naar reactie
Delen op andere sites

Download TDSSKiller.zip en plaats het op je bureaublad.

Pak de bestanden uit.

Open een kladblokbestand.

Kopieer onderstaande code in dit kladblokbestand.

Code:

@ECHO OFF

TDSSKiller.exe -l report.txt -v

DEL %0

Ga naar Bestand - Opslaan als.

Bij "Opslaan in" kies je: de map waarin TDSSKiller.exe staat.

Bij "Bestandsnaam" zet je: start.bat

Bij "Opslaan als type" selecteer je: Alle bestanden (*.*).

Klik op de knop Opslaan.

Dubbelklik op start.bat

Dit zal de TDSSKiller.exe starten en een logfile (report.txt) maken in dezelfde map.

Wanneer TDSSKiller.exe klaar is post je de inhoud van report.txt.

Herstart daarna je computer.

Na de herstart maak je een nieuw logje met Combofix en deze post je ook hier in dit topic ter controle.

Link naar reactie
Delen op andere sites

Ok, is tie!

ComboFix 11-04-05.02 - Administrator 06-04-2011 13:14:00.3.2 - x86 NETWORK

Microsoft Windows XP Professional 5.1.2600.2.1252.31.1043.18.1535.1282 [GMT 2:00]

Gestart vanuit: e:\documents and settings\Administrator\Bureaublad\ComboFix.exe

.

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

e:\windows\regedit.exe . . . is geïnfecteerd!!

.

Besmet exemplaar van e:\windows\system32\msgsvc.dll werd aangetroffen en gedesinfecteerd

Hersteld exemplaar van - e:\windows\ERDNT\cache\msgsvc.dll

.

e:\windows\NOTEPAD.EXE . . . is geïnfecteerd!!

.

e:\windows\pchealth\helpctr\binaries\HelpCtr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\ahui.exe . . . is geïnfecteerd!!

.

e:\windows\system32\cleanmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\cmd.exe . . . is geïnfecteerd!!

.

e:\windows\system32\logonui.exe . . . is geïnfecteerd!!

.

e:\windows\system32\sndrec32.exe . . . is geïnfecteerd!!

.

e:\windows\system32\sysocmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\taskmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\wiaacmgr.exe . . . is geïnfecteerd!!

.

e:\windows\system32\usmt\migwiz.exe . . . is geïnfecteerd!!

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2011-03-06 to 2011-04-06 ))))))))))))))))))))))))))))))

.

.

2011-04-01 11:56 . 2011-04-04 19:45 16968 ----a-w- e:\windows\system32\drivers\hitmanpro35.sys

2011-04-01 11:56 . 2011-04-01 11:56 -------- d-----w- e:\program files\Hitman Pro 3.5

2011-04-01 11:56 . 2011-04-01 12:01 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro

2011-04-01 09:20 . 2011-04-01 09:20 -------- d-s---w- e:\documents and settings\LocalService\Favorieten

2011-03-31 19:21 . 2011-04-06 07:56 -------- d-sh--w- e:\documents and settings\Administrator\Onlangs geopend

2011-03-31 19:12 . 2011-03-31 19:12 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Mozilla

2011-03-31 19:04 . 2011-03-31 19:09 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Google

2011-03-31 19:03 . 2011-03-31 19:04 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Deployment

2011-03-31 17:48 . 2011-03-31 17:48 -------- d-----w- e:\program files\Belastingdienst

2011-03-31 17:47 . 2011-03-31 17:47 -------- d-----w- e:\program files\Common Files\Java

2011-03-31 17:47 . 2011-03-31 17:46 73728 ----a-w- e:\windows\system32\javacpl.cpl

2011-03-31 17:47 . 2011-03-31 17:46 472808 ----a-w- e:\windows\system32\deployJava1.dll

2011-03-31 17:46 . 2011-03-31 17:46 -------- d-----w- e:\program files\Java

2011-03-31 17:40 . 2011-04-01 05:44 -------- d-----w- e:\documents and settings\Administrator\Application Data\Winamp

2011-03-31 17:35 . 2011-03-31 18:05 -------- d-----w- e:\documents and settings\Administrator\Application Data\Belastingdienst

2011-03-31 15:28 . 2011-03-31 15:28 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\ATI

2011-03-31 15:28 . 2011-03-31 15:28 -------- d-----w- e:\documents and settings\NetworkService\Application Data\ATI

2011-03-31 15:04 . 2011-03-31 15:28 -------- d-s---w- e:\documents and settings\NetworkService\Mijn documenten

2011-03-31 14:47 . 2011-03-31 15:28 -------- d-sh--w- e:\documents and settings\NetworkService\Onlangs geopend

2011-03-31 14:47 . 2011-03-31 14:47 -------- d-----w- e:\documents and settings\NetworkService\Menu Start

2011-03-31 14:47 . 2011-03-31 14:47 -------- d-----w- e:\documents and settings\NetworkService\Bureaublad

2011-03-31 14:09 . 2011-03-31 14:09 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Temp

2011-03-31 14:09 . 2011-03-31 14:09 -------- d-----w- e:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-03-30 21:07 . 2011-03-30 21:07 388096 ----a-r- e:\documents and settings\Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-03-30 21:07 . 2011-03-30 21:07 -------- d-----w- e:\program files\Trend Micro

2011-03-30 21:05 . 2011-03-30 21:05 -------- d-----w- e:\documents and settings\Administrator\Application Data\Malwarebytes

2011-03-30 21:05 . 2010-12-20 16:09 38224 ----a-w- e:\windows\system32\drivers\mbamswissarmy.sys

2011-03-30 21:05 . 2011-03-30 21:05 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2011-03-30 21:05 . 2011-03-30 21:05 -------- d-----w- e:\program files\Malwarebytes' Anti-Malware

2011-03-30 21:05 . 2010-12-20 16:08 20952 ----a-w- e:\windows\system32\drivers\mbam.sys

2011-03-30 20:56 . 2011-04-01 12:03 -------- d-----w- e:\program files\PC Tools Security

2011-03-30 20:56 . 2011-04-01 12:03 -------- d-----w- e:\program files\Common Files\PC Tools

2011-03-30 20:56 . 2011-04-01 11:58 -------- d---a-w- e:\documents and settings\All Users.WINDOWS\Application Data\TEMP

2011-03-30 20:53 . 2011-04-01 11:58 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\PC Tools

2011-03-30 19:58 . 2011-03-30 19:58 -------- d-sh--w- e:\documents and settings\LocalService\IETldCache

2011-03-30 19:51 . 2011-03-30 19:51 739328 ----a-w- e:\windows\system32\aoigwerg.dll

2011-03-30 19:42 . 2011-03-30 19:42 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Threat Expert

2011-03-30 17:17 . 2011-03-31 15:28 -------- d-s---w- e:\documents and settings\NetworkService\Favorieten

2011-03-30 17:15 . 2011-03-30 17:15 -------- d-----w- e:\windows\Sun

2011-03-17 19:39 . 2004-08-04 00:03 159232 ----a-w- e:\windows\system32\ptpusd.dll

2011-03-17 19:39 . 2001-09-06 20:27 5632 ----a-w- e:\windows\system32\ptpusb.dll

2011-03-17 19:39 . 2004-08-03 21:58 15104 ----a-w- e:\windows\system32\drivers\usbscan.sys

2011-03-16 20:58 . 2001-08-17 21:02 9600 ----a-w- e:\windows\system32\drivers\hidusb.sys

2011-03-16 20:47 . 2011-03-16 20:47 -------- d--h--r- e:\documents and settings\Administrator\Application Data\SecuROM

2011-03-16 20:42 . 2011-03-16 20:42 -------- d-----w- e:\program files\KONAMI

2011-03-16 20:42 . 2011-03-16 20:42 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\KONAMI

2011-03-16 20:30 . 2011-03-16 20:30 218688 ----a-w- e:\windows\system32\drivers\dtsoftbus01.sys

2011-03-16 20:30 . 2011-03-16 20:31 -------- d-----w- e:\program files\DAEMON Tools Pro

2011-03-16 20:30 . 2011-03-16 20:32 -------- d-----w- e:\documents and settings\Administrator\Application Data\DAEMON Tools Pro

2011-03-16 20:30 . 2011-03-16 20:30 -------- d-----w- e:\documents and settings\All Users.WINDOWS\Application Data\DAEMON Tools Pro

2011-03-14 11:41 . 2008-07-06 12:06 89088 ----a-w- e:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll

2011-03-14 11:38 . 2011-03-14 11:38 -------- d-sh--w- e:\documents and settings\NetworkService\IETldCache

2011-03-12 19:00 . 2006-01-18 12:55 290918 ----a-w- e:\windows\system32\Install7x.dll

2011-03-12 19:00 . 2005-11-30 10:33 2048 ----a-w- e:\windows\system32\drivers\rt73.bin

2011-03-12 19:00 . 2005-10-17 18:50 245376 ----a-w- e:\windows\system32\drivers\rt2500usb.SYS

2011-03-12 19:00 . 2005-05-17 15:24 311296 ----a-w- e:\windows\system32\AegisI5.exe

2011-03-12 19:00 . 2011-03-12 19:00 20747 ----a-w- e:\windows\system32\drivers\AegisP.sys

2011-03-12 18:59 . 2005-11-13 22:19 5632 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2011-03-12 18:59 . 2011-03-12 19:00 -------- d-----w- e:\program files\Sweex

2011-03-12 18:59 . 2006-02-07 14:45 757760 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll

2011-03-12 18:59 . 2006-02-07 14:40 204800 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll

2011-03-12 18:59 . 2006-02-07 14:40 69715 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll

2011-03-12 18:59 . 2006-02-07 14:40 274432 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll

2011-03-12 18:59 . 2011-03-12 18:59 331908 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll

2011-03-12 18:59 . 2011-03-12 18:59 200836 ----a-w- e:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll

2011-03-12 18:50 . 2007-03-13 12:53 252928 ----a-r- e:\windows\system32\rt73.sys

2011-03-12 10:26 . 2011-03-12 10:26 -------- d-----w- e:\windows\ServicePackFiles

2011-03-12 10:25 . 2011-03-12 10:25 -------- d-----w- e:\program files\MSXML 6.0

2011-03-12 10:19 . 2011-03-12 10:19 -------- d-----w- e:\program files\MSXML 4.0

2011-03-12 08:51 . 2011-03-12 09:01 -------- d-----w- e:\windows\system32\CatRoot_bak

2011-03-09 20:17 . 2010-02-12 04:36 100864 -c----w- e:\windows\system32\dllcache\6to4svc.dll

2011-03-09 20:15 . 2009-12-31 15:06 352640 -c----w- e:\windows\system32\dllcache\srv.sys

2011-03-09 20:13 . 2010-02-24 12:48 457216 -c----w- e:\windows\system32\dllcache\mrxsmb.sys

2011-03-09 20:08 . 2009-11-21 16:46 470528 -c----w- e:\windows\system32\dllcache\aclayers.dll

2011-03-09 20:08 . 2010-06-14 14:30 743936 -c----w- e:\windows\system32\dllcache\helpsvc.exe

2011-03-09 20:07 . 2009-10-15 16:57 81920 -c----w- e:\windows\system32\dllcache\fontsub.dll

2011-03-09 20:07 . 2009-10-15 16:57 119808 -c----w- e:\windows\system32\dllcache\t2embed.dll

2011-03-09 20:06 . 2009-06-09 15:09 1871872 -c----w- e:\windows\system32\dllcache\mstscax.dll

2011-03-09 20:04 . 2010-02-16 19:27 2148352 -c----w- e:\windows\system32\dllcache\ntkrnlmp.exe

2011-03-09 20:02 . 2009-06-21 22:07 153088 -c----w- e:\windows\system32\dllcache\triedit.dll

2011-03-09 20:02 . 2009-10-23 14:27 3555328 -c----w- e:\windows\system32\dllcache\moviemk.exe

2011-03-09 19:51 . 2008-05-08 12:14 203008 -c----w- e:\windows\system32\dllcache\rmcast.sys

2011-03-09 19:51 . 2008-05-01 14:33 331776 -c----w- e:\windows\system32\dllcache\msadce.dll

2011-03-09 19:48 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe

2011-03-09 19:38 . 2008-10-15 16:56 339456 -c----w- e:\windows\system32\dllcache\netapi32.dll

2011-03-09 19:38 . 2009-07-31 04:37 1172480 -c----w- e:\windows\system32\dllcache\msxml3.dll

2011-03-09 19:31 . 2008-04-21 21:28 218624 -c----w- e:\windows\system32\dllcache\wordpad.exe

2011-03-09 19:28 . 2011-03-09 19:28 -------- d-----w- e:\program files\SopCast

2011-03-09 10:47 . 2011-03-09 10:47 -------- d-----w- e:\program files\CyberLink

2011-03-08 19:45 . 2011-03-31 19:05 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Temp

2011-03-08 19:45 . 2011-03-08 19:45 -------- d-----w- e:\documents and settings\Administrator\Local Settings\Application Data\Adobe

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-05 16:18 . 2003-02-14 15:30 348480 ----a-w- e:\windows\system32\drivers\Cap7134.sys

2011-03-05 16:18 . 2003-01-29 10:49 110592 ----a-w- e:\windows\system32\34com.dll

2011-03-05 16:18 . 2003-01-29 10:45 90112 ----a-w- e:\windows\system32\Prop7134.dll

2011-03-05 16:18 . 2003-01-29 10:40 23552 ----a-w- e:\windows\system32\34ds.dll

2011-03-05 16:18 . 2003-01-29 10:40 94208 ----a-w- e:\windows\system32\34dialog.dll

2011-03-05 16:18 . 2003-01-29 10:39 73728 ----a-w- e:\windows\system32\34TvCtrl.dll

2011-03-05 16:18 . 2003-01-29 10:36 282624 ----a-w- e:\windows\system32\34dlg2.dll

2011-03-05 16:18 . 2003-01-29 10:33 135168 ----a-w- e:\windows\system32\34api.dll

2011-03-05 16:18 . 2003-01-29 10:32 77824 ----a-w- e:\windows\system32\34dd.dll

2011-03-05 16:18 . 2003-03-04 09:56 145408 ----a-w- e:\windows\system32\drivers\e100b325.sys

2011-03-05 16:18 . 2003-03-03 13:26 118784 ----a-w- e:\windows\system32\Prounstl.exe

2011-03-05 16:18 . 2003-02-03 03:26 12288 ----a-w- e:\windows\system32\e100bmsg.dll

2011-03-05 16:18 . 2002-12-29 02:00 24064 ----a-w- e:\windows\system32\IntelNic.dll

2011-03-05 16:16 . 2011-03-05 14:56 64512 ------w- e:\windows\system32\agrsmdel.exe

2011-03-05 16:16 . 2004-07-22 13:50 1268234 ----a-w- e:\windows\system32\drivers\AGRSM.sys

2011-03-05 16:16 . 2004-07-22 12:38 88361 ----a-w- e:\windows\AGRSMMSG.exe

2011-03-05 16:16 . 2004-04-05 09:49 64512 ----a-w- e:\windows\agrsmdel.exe

2011-03-05 14:42 . 2011-03-05 14:42 25992 ----a-w- e:\windows\system32\pgdfgsvc.exe

2011-03-05 14:38 . 2011-03-05 14:38 54926 ----a-w- e:\windows\BricoPackUninst.cmd

2011-03-05 14:38 . 2011-03-05 14:35 6128 ----a-w- e:\windows\BricoPackFoldersDelete.cmd

2011-03-05 14:38 . 2007-02-05 16:08 219136 ----a-w- e:\windows\system32\uxtheme.dll

2011-03-05 12:35 . 2011-03-05 14:35 715248 ----a-w- e:\windows\system32\drivers\sptd.sys

2011-03-05 12:35 . 2011-03-05 12:35 715248 ----a-w- e:\windows\system32\drivers\sptd.svs

2011-03-18 18:03 . 2011-03-31 19:11 142296 ----a-w- e:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

.

[-] 2008-04-14 . AA04F042A820BF1868E643575887E1A6 . 1037312 . . [6.00.2900.5512] . . e:\windows\SoftwareDistribution\Download\260e3108a35423121f4aaa9d90f9f113\explorer.exe

[-] 2007-08-16 . F40B20B7EAAA306AC1CC95B7165A848A . 979456 . . [6.00.2900.3156] . . e:\windows\explorer.exe

.

((((((((((((((((((((((((((((( SnapShot@2011-04-01_14.33.03 )))))))))))))))))))))))))))))))))))))))))

.

- 2002-12-31 06:00 . 2011-04-01 14:23 90642 e:\windows\system32\perfc013.dat

+ 2002-12-31 06:00 . 2011-04-06 11:15 90642 e:\windows\system32\perfc013.dat

- 2002-12-31 06:00 . 2011-04-01 14:23 71002 e:\windows\system32\perfc009.dat

+ 2002-12-31 06:00 . 2011-04-06 11:15 71002 e:\windows\system32\perfc009.dat

+ 2002-12-31 06:00 . 2011-04-06 11:15 508570 e:\windows\system32\perfh013.dat

- 2002-12-31 06:00 . 2011-04-01 14:23 508570 e:\windows\system32\perfh013.dat

+ 2002-12-31 06:00 . 2011-04-06 11:15 440684 e:\windows\system32\perfh009.dat

- 2002-12-31 06:00 . 2011-04-01 14:23 440684 e:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"DAEMON Tools Pro Agent"="e:\program files\DAEMON Tools Pro\DTAgent.exe" [2011-01-13 840000]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BluetoothAuthenticationAgent"="bthprops.cpl" [2002-12-31 110592]

"SkinClock"="e:\program files\Desktop Tray Clock\DTClock.exe" [2007-10-22 563519]

"StartCCC"="e:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-10 61440]

"AGRSMMSG"="AGRSMMSG.exe" [2011-03-05 88361]

"Adobe Reader Speed Launcher"="e:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]

"Adobe ARM"="e:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]

"WinampAgent"="e:\program files\Winamp\winampa.exe" [2011-03-22 74752]

"DivXUpdate"="e:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-02-15 1230704]

"SunJavaUpdateSched"="e:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="e:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"PackNoVs"="e:\windows\BricoPacks\Vista Inspirat 2\pack-it.exe" [2007-04-22 98304]

.

e:\documents and settings\All Users.WINDOWS\Menu Start\Programma's\Opstarten\

Microsoft Office.lnk - e:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

Sweex WiFi Utility.lnk - e:\program files\Sweex\Installer\WINXP\SWU.exe [2011-3-12 598016]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"SetVisualStyle"= e:\windows\Resources\Themes\Inspirat2\Inspirat2.msstyles

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc E 1

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"e:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"e:\\Program Files\\Sports Interactive\\Football Manager 2011\\fm.exe"=

"e:\\Program Files\\uTorrent\\uTorrent.exe"=

"e:\\Program Files\\Winamp\\winamp.exe"=

"e:\\Program Files\\SopCast\\adv\\SopAdver.exe"=

"e:\\Program Files\\SopCast\\SopCast.exe"=

"e:\\Program Files\\KONAMI\\Pro Evolution Soccer 2011\\pes2011.exe"=

.

R0 sptd;sptd;e:\windows\system32\drivers\sptd.sys [5-3-2011 16:35 715248]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;e:\windows\system32\drivers\dtsoftbus01.sys [16-3-2011 22:30 218688]

S2 tlnasxhj;Microsoft USB 2.0 Enhanced Host Controller Miniport Helper;e:\windows\System32\svchost.exe -k netsvcs [31-12-2002 8:00 14336]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

tlnasxhj

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}]

2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}]

2004-08-03 16:07 11776 ----a-w- e:\program files\Windows Sidebar\regsvr32.exe

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.fr12.nl/

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

LSP: e:\program files\common files\pc tools\lsp\pctlsp.dll

FF - ProfilePath - e:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r3fhmyps.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.fr12.nl/

FF - prefs.js: network.proxy.type - 0

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2011-04-06 13:22

Windows 5.1.2600 Service Pack 2 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fe,4f,b2,e2,58,22,33,4e,95,9a,8c,\

.

[HKEY_USERS\S-1-5-21-57989841-602609370-1801674531-500\Software\SecuROM\License information*]

"datasecu"=hex:d2,b5,ba,7a,50,dd,32,37,ee,18,af,f9,e1,ce,83,f8,83,e6,5a,0b,65,

da,d8,64,fe,ad,4f,42,30,bd,2b,8a,c0,2b,76,9c,61,11,61,c4,ff,8e,e0,98,05,33,\

"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(792)

e:\windows\system32\sfc_os.dll

e:\windows\system32\Ati2evxx.dll

.

- - - - - - - > 'explorer.exe'(252)

e:\windows\system32\ntshrui.dll

.

Voltooingstijd: 2011-04-06 13:25:50 - machine werd herstart

ComboFix-quarantined-files.txt 2011-04-06 11:25

ComboFix2.txt 2011-04-02 11:10

ComboFix3.txt 2011-04-01 14:36

.

Pre-Run: 11.413.745.664 bytes beschikbaar

Post-Run: 11.448.803.328 bytes beschikbaar

.

- - End Of File - - 450162496F72CA9694F435F3473DE040

Link naar reactie
Delen op andere sites

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten) door systeemherstel tijdelijk uit te schakelen. Doe dit via Start -> Configuratiescherm -> Prestaties en Onderhoud -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.

×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.