Politie Ukash virus

[Nona]

Mijn virusscanner kon niet opgestart in veilige modus dus ik kon hem niet uitschakelen en dacht dat ie gewoon uit was, maar ComboFix gaf wel een melding om hem uit te schakelen. Dit is dus niet gelukt. Daarna heb ik gewoon de scan gedaan zoals aangeraden en dit is het log:

ComboFix 12-06-26.02 - Administrator 27-06-2012 13:04:31.1.4 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3323.2992 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\dhtowfuc.exe

c:\documents and settings\All Users\Application Data\loyjzhta.exe

c:\documents and settings\All Users\Application Data\nkuhlvvo.exe

c:\documents and settings\All Users\Application Data\qaphhnaydeqtqws

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\1C678466.TMP

c:\documents and settings\All Users\Application Data\TEMP\94F0FAE0.TMP

c:\documents and settings\All Users\Application Data\TEMP\AF2F4B57.TMP

c:\documents and settings\All Users\Application Data\TEMP\B58DB468.TMP

c:\documents and settings\All Users\Application Data\TEMP\BF3D0EA3.TMP

c:\documents and settings\All Users\Application Data\TEMP\C1B5E244.TMP

c:\documents and settings\All Users\Application Data\TEMP\C81E3C9C.TMP

c:\documents and settings\All Users\Application Data\TEMP\C9EC3958.TMP

c:\documents and settings\All Users\Application Data\vzcbtjmj.exe

c:\documents and settings\beheerder\Application Data\.#

c:\documents and settings\beheerder\Application Data\vso_ts_preview.xml

c:\windows\IsUn0413.exe

c:\windows\system32\drivers\etc\hosts.ics

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))

.

.

2012-06-26 17:21 . 2012-06-26 17:21 -------- d-----w- C:\backups

2012-06-26 13:03 . 2012-06-26 13:03 388608 ----a-w- C:\HijackThis.exe

2012-06-26 12:35 . 2012-06-26 12:38 -------- d-----w- c:\documents and settings\Administrator

2012-06-26 10:06 . 2012-06-26 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\kklagndhrueoame

2012-06-24 10:14 . 2012-06-24 10:16 -------- d-----w- c:\documents and settings\beheerder\Application Data\4Sync

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\McAfee Security Scan

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\4shared Toolbar

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\beheerder\LocalLow

2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\4Sync

2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\program files\4Sync

2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\beheerder\Application Data\SYSTEMAX Software Development

2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development

2012-06-22 20:01 . 2012-06-22 20:01 -------- d-----w- c:\program files\HobbyWare

2012-06-15 18:15 . 2012-06-15 18:25 -------- d-----w- c:\documents and settings\All Users\Application Data\B7E85889008624A056477F04D151FC84

2012-06-14 14:13 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-05-28 19:53 . 2012-05-28 19:53 -------- d-----w- c:\program files\Google

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-22 20:01 . 2011-12-31 01:39 17408 ----a-w- C:\psapi.dll

2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-03-26 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2009-03-26 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2009-03-26 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-03-26 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2009-03-26 08:57 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2008-04-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2009-03-26 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2009-03-26 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2008-10-16 13:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2009-03-26 15:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2009-03-26 15:24 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:55 . 2008-04-15 12:00 1863296 ------w- c:\windows\system32\win32k.sys

2012-05-11 14:44 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 06:25 . 2012-04-02 22:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 06:25 . 2012-04-02 22:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 03:15 . 2008-04-15 12:00 2152960 ------w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2008-04-14 22:11 2031104 ------w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2009-03-26 08:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 13:56 . 2009-12-17 15:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-08-25 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]

@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"

[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-22 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-22 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.229\SSScheduler.exe [2011-9-20 272528]

Registratiesoftware starten.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2011-2-8 1175552]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-15 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]

1998-11-30 16:04 497376 ----a-w- c:\windows\p_981116.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-01-24 11:32 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]

2008-06-20 00:40 442433 ----a-w- c:\program files\IDT\WDM\sttray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\iWin Games\\iWinGames.exe"=

"c:\\Program Files\\iWin Games\\WebUpdater.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24941:TCP"= 24941:TCP:BitComet 24941 TCP

"24941:UDP"= 24941:UDP:BitComet 24941 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18-5-2010 14:14 715248]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9-4-2009 16:21 94360]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25-8-2008 13:11 244368]

S0 sxymyk;sxymyk;c:\windows\system32\drivers\numchq.sys --> c:\windows\system32\drivers\numchq.sys [?]

S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9-4-2009 16:18 107256]

S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14-5-2009 17:07 759048]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9-4-2009 16:19 731840]

S2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [8-4-2011 17:17 176848]

S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5-10-2010 11:27 4497704]

S2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [5-10-2010 11:28 113448]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3-4-2012 0:33 257696]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.229\McCHSvc.exe [20-9-2011 22:15 237008]

S3 UXDCMN;UXDCMN;\??\f:\winstress\UXDCMN.SYS --> f:\winstress\UXDCMN.SYS [?]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5-10-2010 11:28 16168]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - DCFS2K

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-01-24 11:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:25]

.

2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

.

------- Bijkomende Scan -------

.

mSearch Bar = hxxp://www.google.com

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\beheerder\Menu Start\Programma's\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.1.254 195.241.77.51 195.241.77.52

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://46.129.32.33/codebase/DVM_IPCam2.ocx

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKLM-Run-QuickTime Task - d:\program files\QuickTime\qttask.exe

HKLM-Run-iTunesHelper - d:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-iTunesHelper - d:\program files\iTunes\iTunesHelper.exe

MSConfigStartUp-QuickTime Task - d:\program files\QuickTime\qttask.exe

AddRemove-3 Days: Amulet Secret - d:\program files\iWin.com\3 Days Amulet Secret\Uninstall.exe

AddRemove-4shared Toolbar - c:\program files\4shared Toolbar\uninstall.exe

AddRemove-Aboo - d:\program files\iWin.com\Aboo\Uninstall.exe

AddRemove-Adobe Photoshop 7.0 - d:\program files\Adobe\Photoshop 7.0\Uninst.isu

AddRemove-Adventures of Mary Ann - d:\program files\iWin.com\Adventures of Mary Ann\Uninstall.exe

AddRemove-Aladdin and the Enchanted Lamp -- Extended Edition - d:\program files\iWin.com\Aladdin and the Enchanted Lamp -- Extended Edition\Uninstall.exe

AddRemove-Alice in Wonderland - d:\program files\iWin.com\Alice in Wonderland\Uninstall.exe

AddRemove-Anka - d:\program files\iWin.com\Anka\Uninstall.exe

AddRemove-Art of Murder FBI Confidential - d:\program files\iWin.com\Art of Murder FBI Confidential\Uninstall.exe

AddRemove-Artist Colony - d:\program files\iWin.com\Artist Colony\Uninstall.exe

AddRemove-Avalon - d:\program files\iWin.com\Avalon\Uninstall.exe

AddRemove-Avalon Legends Solitaire - d:\program files\iWin.com\Avalon Legends Solitaire\Uninstall.exe

AddRemove-Avenue Flo: Special Delivery - d:\program files\iWin.com\Avenue Flo Special Delivery\Uninstall.exe

AddRemove-Aveyond Lord of Twilight - d:\program files\iWin.com\Aveyond Lord of Twilight\Uninstall.exe

AddRemove-Aveyond: Gates of Night - d:\program files\iWin.com\Aveyond Gates of Night\Uninstall.exe

AddRemove-Awakening: The Dreamless Castle - d:\program files\iWin.com\Awakening The Dreamless Castle\Uninstall.exe

AddRemove-Banana Bugs - d:\program files\iWin.com\Banana Bugs\Uninstall.exe

AddRemove-BitComet - d:\program files\BitComet\uninst.exe

AddRemove-Broken Hearts: A Soldier's Duty - d:\program files\iWin.com\Broken Hearts A Soldier's Duty\Uninstall.exe

AddRemove-BumbleBee Jewel - d:\program files\iWin.com\BumbleBee Jewel\Uninstall.exe

AddRemove-Cassandra's Journey 2: The Fifth Sun of Nostradamus - d:\program files\iWin.com\Cassandra's Journey 2 The Fifth Sun of Nostradamus\Uninstall.exe

AddRemove-Catan - c:\windows\IsUn0413.exe

AddRemove-Catan Online Welt - d:\program files\Catan GmbH\Catan Online World 2\uninst.exe

AddRemove-City Style - d:\program files\iWin.com\City Style\Uninstall.exe

AddRemove-Coconut Queen Beta - d:\program files\iWin.com\Coconut Queen Beta\Uninstall.exe

AddRemove-Coffee Break - d:\program files\iWin.com\Coffee Break\Uninstall.exe

AddRemove-Cookie Domination - d:\program files\iWin.com\Cookie Domination\Uninstall.exe

AddRemove-Core FTP LE 2.1 - d:\progra~1\CoreFTP\UNWISE.EXE

AddRemove-Deadtime Stories - d:\program files\iWin.com\Deadtime Stories\Uninstall.exe

AddRemove-Deep Blue Sea 2 - d:\program files\iWin.com\Deep Blue Sea 2\Uninstall.exe

AddRemove-Destination Treasure Island - d:\program files\iWin.com\Destination Treasure Island\Uninstall.exe

AddRemove-Detective Agency - d:\program files\iWin.com\Detective Agency\Uninstall.exe

AddRemove-Dolphins Dice Slots - d:\program files\iWin.com\Dolphins Dice Slots\Uninstall.exe

AddRemove-Dr. Despicable's Dastardly Deeds - d:\program files\iWin.com\Dr. Despicable's Dastardly Deeds\Uninstall.exe

AddRemove-Drawn: The Painted Tower - d:\program files\iWin.com\Drawn The Painted Tower\Uninstall.exe

AddRemove-Dream Chronicles The Chosen Child - d:\program files\iWin.com\Dream Chronicles The Chosen Child\Uninstall.exe

AddRemove-Dream Chronicles: The Book of Air - d:\program files\iWin.com\Dream Chronicles The Book of Air\Uninstall.exe

AddRemove-Elixir of Immortality - d:\program files\iWin.com\Elixir of Immortality\Uninstall.exe

AddRemove-Enchanted Katya - d:\program files\iWin.com\Enchanted Katya\Uninstall.exe

AddRemove-Escape from Paradise 2 - d:\program files\iWin.com\Escape from Paradise 2\Uninstall.exe

AddRemove-Eternity - d:\program files\iWin.com\Eternity\Uninstall.exe

AddRemove-Evoly - d:\program files\iWin.com\Evoly\Uninstall.exe

AddRemove-Faerie Solitaire - d:\program files\iWin.com\Faerie Solitaire\Uninstall.exe

AddRemove-Family Feud: Battle of the Sexes - d:\program files\iWin.com\Family Feud Battle of the Sexes\Uninstall.exe

AddRemove-Fashionallia - d:\program files\iWin.com\Fashionallia\Uninstall.exe

AddRemove-Fiction Fixers: The Curse of Oz - d:\program files\iWin.com\Fiction Fixers The Curse of Oz\Uninstall.exe

AddRemove-Fiction Fixers: Adventures in Wonderland - d:\program files\iWin.com\Fiction Fixers Adventures in Wonderland\Uninstall.exe

AddRemove-Fiona Finch and the Finest Flowers - d:\program files\iWin.com\Fiona Finch and the Finest Flowers\Uninstall.exe

AddRemove-Fishdom - d:\program files\iWin.com\Fishdom\Uninstall.exe

AddRemove-Fishdom 2: Premium Edition - d:\program files\iWin.com\Fishdom 2 Premium Edition\Uninstall.exe

AddRemove-Fishdom: Frosty Splash - d:\program files\iWin.com\Fishdom Frosty Splash\Uninstall.exe

AddRemove-Fishdom: Spooky Splash - d:\program files\iWin.com\Fishdom Spooky Splash\Uninstall.exe

AddRemove-Flower Paradise - d:\program files\iWin.com\Flower Paradise\Uninstall.exe

AddRemove-Free WMA to MP3 Converter_is1 - d:\muziek\Dad\Opa\unins000.exe

AddRemove-FreeCell Wonderland - d:\program files\iWin.com\FreeCell Wonderland\Uninstall.exe

AddRemove-Girls Inc. TeamUp - d:\program files\iWin.com\Girls Inc. TeamUp\Uninstall.exe

AddRemove-Globey On the Roll - d:\program files\iWin.com\Globey On the Roll\Uninstall.exe

AddRemove-Governor of Poker 2 - d:\program files\iWin.com\Governor of Poker 2\Uninstall.exe

AddRemove-Great Adventures: Xmas Edition - d:\program files\iWin.com\Great Adventures Xmas Edition\Uninstall.exe

AddRemove-Grimms Hatchery_is1 - d:\program files\Grimms Hatchery\ReflexiveArcade\unins000.exe

AddRemove-Gwen the Magic Nanny - d:\program files\iWin.com\Gwen the Magic Nanny\Uninstall.exe

AddRemove-Habitat Rescue: Lion's Pride - d:\program files\iWin.com\Habitat Rescue Lion's Pride\Uninstall.exe

AddRemove-Heartwild Solitaire: Book Two - d:\program files\iWin.com\Heartwild Solitaire Book Two\Uninstall.exe

AddRemove-Heroes of Hellas 2: Olympia - d:\program files\iWin.com\Heroes of Hellas 2 Olympia\Uninstall.exe

AddRemove-Heroes of Kalevala - d:\program files\iWin.com\Heroes of Kalevala\Uninstall.exe

AddRemove-Home Sweet Home - d:\program files\iWin.com\Home Sweet Home\Uninstall.exe

AddRemove-Home Sweet Home 2: Kitchens and Baths - d:\program files\iWin.com\Home Sweet Home 2 Kitchens and Baths\Uninstall.exe

AddRemove-Home Sweet Home Christmas Edition - d:\program files\iWin.com\Home Sweet Home Christmas Edition\Uninstall.exe

AddRemove-Hotel: Collector's Edition - d:\program files\iWin.com\Hotel Collector's Edition\Uninstall.exe

AddRemove-Hoyle Solitaire - d:\program files\iWin.com\Hoyle Solitaire\Uninstall.exe

AddRemove-HP PSC 1200 Series - d:\program files\Hewlett-Packard\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe

AddRemove-Huru Beach Party - d:\program files\iWin.com\Huru Beach Party\Uninstall.exe

AddRemove-Inkscape - d:\program files\Inkscape\Uninstall.exe

AddRemove-Insaniquarium - d:\program files\iWin.com\Insaniquarium\Uninstall.exe

AddRemove-Island Realms - d:\program files\iWin.com\Island Realms\Uninstall.exe

AddRemove-Jane's Zoo - d:\program files\iWin.com\Jane's Zoo\Uninstall.exe

AddRemove-Jojos Fashion Show: World Tour - d:\program files\iWin.com\Jojos Fashion Show World Tour\Uninstall.exe

AddRemove-King's Smith - d:\program files\iWin.com\King's Smith\Uninstall.exe

AddRemove-Kitten Sanctuary - d:\program files\iWin.com\Kitten Sanctuary\Uninstall.exe

AddRemove-LimeWire - d:\program files\LimeWire\uninstall.exe

AddRemove-Little Folk of Faery - d:\program files\iWin.com\Little Folk of Faery\Uninstall.exe

AddRemove-Love & Death: Bitten - d:\program files\iWin.com\Love & Death Bitten\Uninstall.exe

AddRemove-LyricsSeeker plugins - d:\program files\LyricsSeeker\uninst.exe

AddRemove-Magic Farm - d:\program files\iWin.com\Magic Farm\Uninstall.exe

AddRemove-Magic Farm Ultimate Flower - d:\program files\iWin.com\Magic Farm Ultimate Flower\Uninstall.exe

AddRemove-Magic Life - d:\program files\iWin.com\Magic Life\Uninstall.exe

AddRemove-Magicville: Art of Magic - d:\program files\iWin.com\Magicville Art of Magic\Uninstall.exe

AddRemove-Mahjong Memoirs - d:\program files\iWin.com\Mahjong Memoirs\Uninstall.exe

AddRemove-Memory Wiz - d:\program files\iWin.com\Memory Wiz\Uninstall.exe

AddRemove-Monopoly 3 - d:\program files\iWin.com\Monopoly 3\Uninstall.exe

AddRemove-Monopoly voor Windows_is1 - d:\program files\Parkeerbonnen Monopoly\unins000.exe

AddRemove-My Life Story - d:\program files\iWin.com\My Life Story\Uninstall.exe

AddRemove-My Tribe - d:\program files\iWin.com\My Tribe\Uninstall.exe

AddRemove-Mystery P.I. Stolen in SF - d:\program files\iWin.com\Mystery P.I. Stolen in SF\Uninstall.exe

AddRemove-Namco All-Stars -- Pac-Man - d:\program files\iWin.com\Namco All-Stars -- Pac-Man\Uninstall.exe

AddRemove-Nertz Solitaire - d:\program files\iWin.com\Nertz Solitaire\Uninstall.exe

AddRemove-Origin - d:\program files\Origin\OriginUninstall.exe

AddRemove-Pahelika Secret Legends - d:\program files\iWin.com\Pahelika Secret Legends\Uninstall.exe

AddRemove-Pakoombo - d:\program files\iWin.com\Pakoombo\Uninstall.exe

AddRemove-Pet Playground - d:\program files\iWin.com\Pet Playground\Uninstall.exe

AddRemove-Picket Fences - d:\program files\iWin.com\Picket Fences\Uninstall.exe

AddRemove-Plants Vs Zombies - d:\program files\iWin.com\Plants Vs Zombies\Uninstall.exe

AddRemove-Plumeboom Park - d:\program files\iWin.com\Plumeboom Park\Uninstall.exe

AddRemove-Plumeboom: The First Chapter - d:\program files\iWin.com\Plumeboom The First Chapter\Uninstall.exe

AddRemove-Pretty Good Solitaire_is1 - d:\program files\goodsol\unins000.exe

AddRemove-3D V6 TRIAL - d:\progra~1\PUNCH!~1\VIACAD~1\UNWISE.EXE

AddRemove-Purrfect Pet Shop - d:\program files\iWin.com\Purrfect Pet Shop\Uninstall.exe

AddRemove-Puzzle Solitaire - d:\program files\iWin.com\Puzzle Solitaire\Uninstall.exe

AddRemove-Quilting Time - d:\program files\iWin.com\Quilting Time\Uninstall.exe

AddRemove-Rachel's Retreat - d:\program files\iWin.com\Rachel's Retreat\Uninstall.exe

AddRemove-Real Detectives: Murder in Miami - d:\program files\iWin.com\Real Detectives Murder in Miami\Uninstall.exe

AddRemove-Risk - d:\program files\iWin.com\Risk\Uninstall.exe

AddRemove-Roads of Rome - d:\program files\iWin.com\Roads of Rome\Uninstall.exe

AddRemove-Sally's Studio Premium Edition - d:\program files\iWin.com\Sally's Studio Premium Edition\Uninstall.exe

AddRemove-Shopping Blocks - d:\program files\iWin.com\Shopping Blocks\Uninstall.exe

AddRemove-SKIP¯BO Castaway Caper - d:\program files\iWin.com\SKIP¯BO Castaway Caper\Uninstall.exe

AddRemove-Sky Taxi - d:\program files\iWin.com\Sky Taxi\Uninstall.exe

AddRemove-Slingo Mystery 2: The Golden Escape - d:\program files\iWin.com\Slingo Mystery 2 The Golden Escape\Uninstall.exe

AddRemove-Slingo Quest Amazon - d:\program files\iWin.com\Slingo Quest Amazon\Uninstall.exe

AddRemove-Slingo Quest Egypt - d:\program files\iWin.com\Slingo Quest Egypt\Uninstall.exe

AddRemove-Snapshot Adventures - d:\program files\iWin.com\Snapshot Adventures\Uninstall.exe

AddRemove-Snark Busters Welcome to Club - d:\program files\iWin.com\Snark Busters Welcome to Club\Uninstall.exe

AddRemove-Solitaire for Dummies - d:\program files\iWin.com\Solitaire for Dummies\Uninstall.exe

AddRemove-Sprouts Adventure - d:\program files\iWin.com\Sprouts Adventure\Uninstall.exe

AddRemove-Sprouts Adventure_is1 - d:\program files\Sprouts Adventure\ReflexiveArcade\unins000.exe

AddRemove-Still Life - d:\program files\iWin.com\Still Life\Uninstall.exe

AddRemove-Super Granny 5 - d:\program files\iWin.com\Super Granny 5\Uninstall.exe

AddRemove-Super Smasher - d:\program files\iWin.com\Super Smasher\Uninstall.exe

AddRemove-Supple: Episode 2 - d:\program files\iWin.com\Supple Episode 2\Uninstall.exe

AddRemove-The Enchanted Kingdom: Elisa's Adventure - d:\program files\iWin.com\The Enchanted Kingdom Elisa's Adventure\Uninstall.exe

AddRemove-The Game of Life - d:\program files\iWin.com\The Game of Life\Uninstall.exe

AddRemove-Tic A Tac Royale - d:\program files\iWin.com\Tic A Tac Royale\Uninstall.exe

AddRemove-Tradewinds Odyssey - d:\program files\iWin.com\Tradewinds Odyssey\Uninstall.exe

AddRemove-Tropix 2: The Quest for the Golden Banana - d:\program files\iWin.com\Tropix 2 The Quest for the Golden Banana\Uninstall.exe

AddRemove-Twistingo - d:\program files\iWin.com\Twistingo\Uninstall.exe

AddRemove-Virtual Villagers 4: The Tree of Life - d:\program files\iWin.com\Virtual Villagers 4 The Tree of Life\Uninstall.exe

AddRemove-Virtual Villagers 4: The Tree of Life - Premium Edition - d:\program files\iWin.com\Virtual Villagers 4 The Tree of Life - Premium Edition\Uninstall.exe

AddRemove-Westward - d:\program files\iWin.com\Westward\Uninstall.exe

AddRemove-Winemaker Extraordinaire - d:\program files\iWin.com\Winemaker Extraordinaire\Uninstall.exe

AddRemove-Wizard's Hat - d:\program files\iWin.com\Wizard's Hat\Uninstall.exe

AddRemove-World Mosaics - d:\program files\iWin.com\World Mosaics\Uninstall.exe

AddRemove-World Mosaics 2 - d:\program files\iWin.com\World Mosaics 2\Uninstall.exe

AddRemove-World Mosaics 3: Fairy Tales - d:\program files\iWin.com\World Mosaics 3 Fairy Tales\Uninstall.exe

AddRemove-Youda Sushi Chef - d:\program files\iWin.com\Youda Sushi Chef\Uninstall.exe

AddRemove-{314AD191-596F-40C0-ACED-3AD78C9649F1}_is1 - d:\muziek\Dad\Opa\WMA MP3 Converter 4\unins000.exe

AddRemove-{BFFD3331-0B0B-4703-947B-264C4315DEFB}_is1 - d:\program files\Download Manager\unins000.exe

AddRemove-{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1 - d:\program files\VSO\ConvertX\4\unins000.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-27 13:11

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-796845957-583907252-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,af,9d,c6,5d,37,e7,41,ab,b8,2d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f2,af,9d,c6,5d,37,e7,41,ab,b8,2d,\

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(616)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

Voltooingstijd: 2012-06-27 13:13:47

ComboFix-quarantined-files.txt 2012-06-27 11:13

.

Pre-Run: 226.142.982.144 bytes beschikbaar

Post-Run: 228.525.051.904 bytes beschikbaar

.

WindowsXP-KB310994-SP2-Home-BootDisk-NLD.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 9E79B78338760CA0B1F3E02253501875

[kape]

Open een kladblokbestand.

Kopieer en plak daarin de onderstaande vetgedrukte tekst.

File::

c:\windows\system32\drivers\numchq.sys

Folder::

c:\documents and settings\All Users\Application Data\B7E85889008624A056477F04D151FC84

c:\program files\iWin Games

Driver::

iWinTrusted

sxymyk

Sla dit bestand op je bureaublad op als CFScript.

Sleep CFScript.txt in ComboFix.exe

Dit zal ComboFix doen herstarten. Start opnieuw op als dat gevraagd wordt.

Post na herstart de inhoud van de Combofix.txt in je volgende bericht.

[Nona]

CombiFix startte de pc automatisch opnieuw op in normale modus, dus daar zit ik nu in ipv veilige modus. Betekent dat dat het opgelost is? =D

Hierbij het log:

ComboFix 12-06-26.02 - Administrator 27-06-2012 14:26:44.2.4 - x86 NETWORK

Microsoft Windows XP Home Edition 5.1.2600.3.1252.31.1043.18.3323.2975 [GMT 2:00]

Gestart vanuit: c:\documents and settings\Administrator\Bureaublad\ComboFix.exe

gebruikte Opdracht switches :: c:\documents and settings\Administrator\Bureaublad\CFScript.txt

AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

.

FILE ::

"c:\windows\system32\drivers\numchq.sys"

.

.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\B7E85889008624A056477F04D151FC84

c:\documents and settings\All Users\Application Data\B7E85889008624A056477F04D151FC84\B7E85889008624A056477F04D151FC84

c:\program files\iWin Games

c:\program files\iWin Games\AdminWorker.exe

c:\program files\iWin Games\firefox\chrome.manifest

c:\program files\iWin Games\firefox\chrome\iwinarcade.jar

c:\program files\iWin Games\firefox\install.rdf

c:\program files\iWin Games\firefox\iWinArcadeLauncher.exe

c:\program files\iWin Games\firefox\version

c:\program files\iWin Games\ftdownload.dat

c:\program files\iWin Games\gamepage\buynow.html

c:\program files\iWin Games\gamepage\common.js

c:\program files\iWin Games\gamepage\css\offline.css

c:\program files\iWin Games\gamepage\disconnected-upsell.html

c:\program files\iWin Games\gamepage\end.html

c:\program files\iWin Games\gamepage\expired.html

c:\program files\iWin Games\gamepage\images\alert32x32.gif

c:\program files\iWin Games\gamepage\images\bg_header.gif

c:\program files\iWin Games\gamepage\images\buttons\close-blue-28.gif

c:\program files\iWin Games\gamepage\images\buttons\continue-orange-132.gif

c:\program files\iWin Games\gamepage\images\buttons\yesiwantabackupcd-orange-197.gif

c:\program files\iWin Games\gamepage\images\common\header-bg.gif

c:\program files\iWin Games\gamepage\images\common\header-small-bg.gif

c:\program files\iWin Games\gamepage\images\common\loading.gif

c:\program files\iWin Games\gamepage\images\continuefreetrial-32.gif

c:\program files\iWin Games\gamepage\images\global\logo-invis.gif

c:\program files\iWin Games\gamepage\images\global\logo.gif

c:\program files\iWin Games\gamepage\images\global\page-bg-swirly.gif

c:\program files\iWin Games\gamepage\images\global\page-bg.gif

c:\program files\iWin Games\gamepage\images\global\page-header-small-bg.jpg

c:\program files\iWin Games\gamepage\images\logo.jpg

c:\program files\iWin Games\gamepage\images\misc\blue-bottom-triangle.gif

c:\program files\iWin Games\gamepage\images\misc\information.gif

c:\program files\iWin Games\gamepage\images\ous\divider.gif

c:\program files\iWin Games\gamepage\images\ous\eus.jpg

c:\program files\iWin Games\gamepage\images\ous\hotel-bg.gif

c:\program files\iWin Games\gamepage\images\ous\hotel-iwin.gif

c:\program files\iWin Games\gamepage\images\ous\opal.gif

c:\program files\iWin Games\gamepage\images\ous\opalbox.jpg

c:\program files\iWin Games\gamepage\images\ous\ous-promo-banner.jpg

c:\program files\iWin Games\gamepage\images\plans\plan1.gif

c:\program files\iWin Games\gamepage\images\plans\plan2.gif

c:\program files\iWin Games\gamepage\images\plans\plan3.gif

c:\program files\iWin Games\gamepage\images\product\feature.jpg

c:\program files\iWin Games\gamepage\open.html

c:\program files\iWin Games\gamepage\operationfailed.html

c:\program files\iWin Games\gamepage\scripts\disconnected-upsell.js

c:\program files\iWin Games\gamepage\scripts\popups.js

c:\program files\iWin Games\gamepage\scripts\prototype-1.6.js

c:\program files\iWin Games\gamepage\styles\base.css

c:\program files\iWin Games\gamepage\styles\disconnected-upsell.css

c:\program files\iWin Games\gamepage\styles\shoppingcart.css

c:\program files\iWin Games\gamepage\success.html

c:\program files\iWin Games\host.cfg

c:\program files\iWin Games\iWinGames.exe

c:\program files\iWin Games\iWinInfo.dll

c:\program files\iWin Games\iWinTrusted.exe

c:\program files\iWin Games\pages\alert32x32.gif

c:\program files\iWin Games\pages\arcadeCheck.js

c:\program files\iWin Games\pages\blank.html

c:\program files\iWin Games\pages\blank2.html

c:\program files\iWin Games\pages\error.html

c:\program files\iWin Games\pages\error404.css

c:\program files\iWin Games\pages\iwin_logo.gif

c:\program files\iWin Games\pages\login.html

c:\program files\iWin Games\pages\maintenance.html

c:\program files\iWin Games\pages\offline.css

c:\program files\iWin Games\pages\offline.html

c:\program files\iWin Games\pages\offline.jpg

c:\program files\iWin Games\pages\offline_tag.gif

c:\program files\iWin Games\pages\offlineBg.gif

c:\program files\iWin Games\pages\orange-im-connected-60.gif

c:\program files\iWin Games\pages\terrie404.gif

c:\program files\iWin Games\pages\test.html

c:\program files\iWin Games\sounds\animation.wav

c:\program files\iWin Games\sounds\animationBack.wav

c:\program files\iWin Games\sounds\button_click.wav

c:\program files\iWin Games\sounds\coins.wav

c:\program files\iWin Games\sounds\download_completed.wav

c:\program files\iWin Games\sounds\slidebackin.wav

c:\program files\iWin Games\sounds\slideout.wav

c:\program files\iWin Games\sounds\start.wav

c:\program files\iWin Games\Uninstall.exe

c:\program files\iWin Games\WebInstaller.exe

c:\program files\iWin Games\WebUpdater.bmp

c:\program files\iWin Games\WebUpdater.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_IWINTRUSTED

-------\Service_iWinTrusted

-------\Service_sxymyk

.

.

(((((((((((((((((((( Bestanden Gemaakt van 2012-05-27 to 2012-06-27 ))))))))))))))))))))))))))))))

.

.

2012-06-26 17:21 . 2012-06-26 17:21 -------- d-----w- C:\backups

2012-06-26 13:03 . 2012-06-26 13:03 388608 ----a-w- C:\HijackThis.exe

2012-06-26 12:35 . 2012-06-26 12:38 -------- d-----w- c:\documents and settings\Administrator

2012-06-26 10:06 . 2012-06-26 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\kklagndhrueoame

2012-06-24 10:14 . 2012-06-24 10:16 -------- d-----w- c:\documents and settings\beheerder\Application Data\4Sync

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\McAfee Security Scan

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\program files\4shared Toolbar

2012-06-24 10:14 . 2012-06-24 10:14 -------- d-----w- c:\documents and settings\beheerder\LocalLow

2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\documents and settings\All Users\Application Data\4Sync

2012-06-24 10:13 . 2012-06-24 10:13 -------- d-----w- c:\program files\4Sync

2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\beheerder\Application Data\SYSTEMAX Software Development

2012-06-24 07:50 . 2012-06-24 07:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development

2012-06-22 20:01 . 2012-06-22 20:01 -------- d-----w- c:\program files\HobbyWare

2012-06-14 14:13 . 2012-05-11 14:44 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll

2012-05-28 19:53 . 2012-05-28 19:53 -------- d-----w- c:\program files\Google

.

.

.

((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-22 20:01 . 2011-12-31 01:39 17408 ----a-w- C:\psapi.dll

2012-06-02 13:19 . 2008-10-16 13:07 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 13:19 . 2009-03-26 08:57 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 13:19 . 2009-03-26 08:57 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 13:19 . 2009-03-26 08:57 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 13:19 . 2009-03-26 08:57 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 13:19 . 2009-03-26 08:57 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 13:19 . 2008-10-16 13:09 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 13:19 . 2008-04-15 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 13:19 . 2009-03-26 08:57 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 13:19 . 2008-10-16 13:08 15896 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 13:19 . 2009-03-26 08:57 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 13:19 . 2008-10-16 13:09 24088 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 13:19 . 2009-03-26 15:24 18160 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-06-02 13:18 . 2009-03-26 15:24 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 13:18 . 2008-10-16 13:07 214256 ----a-w- c:\windows\system32\muweb.dll

2012-05-31 13:22 . 2008-04-15 12:00 602624 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:09 . 2008-04-15 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-15 13:55 . 2008-04-15 12:00 1863296 ------w- c:\windows\system32\win32k.sys

2012-05-11 14:44 . 2008-04-15 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll

2012-05-11 14:44 . 2008-04-15 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:39 . 2008-04-15 12:00 385024 ----a-w- c:\windows\system32\html.iec

2012-05-05 06:25 . 2012-04-02 22:33 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-05 06:25 . 2012-04-02 22:33 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-05-05 03:15 . 2008-04-15 12:00 2152960 ------w- c:\windows\system32\ntoskrnl.exe

2012-05-05 03:14 . 2008-04-14 22:11 2031104 ------w- c:\windows\system32\ntkrnlpa.exe

2012-05-02 13:47 . 2009-03-26 08:55 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-04 13:56 . 2009-12-17 15:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-08-25 . 497BEF5C5FAD126CA16437C1682F64EA . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll

.

((((((((((((((((((((((((((((( SnapShot@2012-06-27_11.11.56 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-06-27 12:34 . 2012-06-27 12:34 16384 c:\windows\temp\Perflib_Perfdata_13c.dat

.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{95080B13-AA71-4EE8-B951-7E98221E1ED5}"= "c:\program files\4shared Toolbar\4sharedbar32.dll" [2012-03-07 214016]

.

[HKEY_CLASSES_ROOT\clsid\{95080b13-aa71-4ee8-b951-7e98221e1ed5}]

[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj.1]

[HKEY_CLASSES_ROOT\TypeLib\{50F22041-08AC-484B-BB6F-4DDB2CF8B693}]

[HKEY_CLASSES_ROOT\4sharedBar.4sharedBarObj]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay1]

@="{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}"

[HKEY_CLASSES_ROOT\CLSID\{2012DE06-50C0-48BD-ACDE-88F95D4CAD1F}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay2]

@="{C72C6188-BEF2-46E5-A89A-52F0ED75219E}"

[HKEY_CLASSES_ROOT\CLSID\{C72C6188-BEF2-46E5-A89A-52F0ED75219E}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay3]

@="{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}"

[HKEY_CLASSES_ROOT\CLSID\{C92F6BC2-AF61-4C0E-80E0-939B8282DDB7}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4SyncOverlay4]

@="{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}"

[HKEY_CLASSES_ROOT\CLSID\{CB1EFEF8-D5E0-49D1-B768-41B48B1D7803}]

2012-05-25 13:32 1338880 ----a-w- c:\program files\4Sync\ShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"EPSON SX125 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE" [2009-09-14 200704]

"4Sync"="c:\program files\4Sync\4Sync.exe" [2012-06-06 10821664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-04-09 2029640]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-22 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-22 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"nltide_3"="advpack.dll" [2009-03-08 128512]

.

c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\

Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-10-21 113664]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.229\SSScheduler.exe [2011-9-20 272528]

Registratiesoftware starten.lnk - c:\program files\WiFiConnector\NintendoWFCReg.exe [2011-2-8 1175552]

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"ForceClassicControlPanel"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Start^Programma's^Opstarten^Kodak EasyShare software.lnk]

path=c:\documents and settings\All Users\Menu Start\Programma's\Opstarten\Kodak EasyShare software.lnk

backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2012-03-27 12:41 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-06-27 17:03 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]

2008-04-15 12:00 15360 ------w- c:\windows\system32\ctfmon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DXM6Patch_981116]

1998-11-30 16:04 497376 ----a-w- c:\windows\p_981116.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-01-24 11:32 2289664 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 13:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]

2008-06-20 00:40 442433 ----a-w- c:\program files\IDT\WDM\sttray.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\Epson Software\\Event Manager\\EEventManager.exe"=

"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"24941:TCP"= 24941:TCP:BitComet 24941 TCP

"24941:UDP"= 24941:UDP:BitComet 24941 UDP

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18-5-2010 14:14 715248]

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [9-4-2009 16:18 107256]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [9-4-2009 16:21 94360]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [14-5-2009 17:07 759048]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [9-4-2009 16:19 731840]

R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [5-10-2010 11:27 4497704]

R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [5-10-2010 11:28 113448]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [25-8-2008 13:11 244368]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3-4-2012 0:33 257696]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.229\McCHSvc.exe [20-9-2011 22:15 237008]

S3 UXDCMN;UXDCMN;\??\f:\winstress\UXDCMN.SYS --> f:\winstress\UXDCMN.SYS [?]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [5-10-2010 11:28 16168]

.

--- Andere Services/Drivers In Geheugen ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-01-24 11:30 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhoud van de 'Gedeelde Taken' map

.

2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 06:25]

.

2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

.

.

------- Bijkomende Scan -------

.

uStart Page = hxxp://www.secundi.net/

mSearch Bar = hxxp://www.google.com

uInternet Settings,ProxyOverride = *.local

IE: &4shared Search - c:\program files\4shared Toolbar\4sharedbar32.dll/MENUSEARCH.HTM

IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\beheerder\Menu Start\Programma's\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.1.254 195.241.77.51 195.241.77.52

DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://46.129.32.33/codebase/DVM_IPCam2.ocx

.

- - - - ORPHANS VERWIJDERD - - - -

.

HKCU-Run-AdobeBridge - (no file)

HKCU-Run-dhtowfucwzldule - c:\documents and settings\All Users\Application Data\dhtowfuc.exe

AddRemove-iWinArcade - c:\program files\iWin Games\Uninstall.exe

AddRemove-Binqy.com - d:\program files\Binqy.com\uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-06-27 14:36

Windows 5.1.2600 Service Pack 3 NTFS

.

scannen van verborgen processen ...

.

scannen van verborgen autostart items ...

.

scannen van verborgen bestanden ...

.

Scan succesvol afgerond

verborgen bestanden: 0

.

**************************************************************************

.

--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

.

[HKEY_USERS\S-1-5-21-796845957-583907252-1801674531-1004\Software\SecuROM\License information*]

"datasecu"=hex:c2,5b,83,43,51,b1,19,e6,16,73,1d,ec,78,fe,ee,5d,62,1a,2c,61,fc,

c1,5e,fa,b1,92,88,3d,98,70,8d,37,bf,be,b0,90,98,0f,c8,c7,f5,09,02,4d,5c,a0,\

"rkeysecu"=hex:09,a8,17,d7,9e,a2,39,7f,c1,2d,fe,3d,9c,9a,02,90

.

--------------------- DLLs Geladen Onder Lopende Processen ---------------------

.

- - - - - - - > 'winlogon.exe'(748)

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

.

- - - - - - - > 'explorer.exe'(1312)

c:\program files\4Sync\ShellExt.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\program files\4Sync\ShellCp.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Andere Aktieve Processen ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\idt\intelxpv_v100\wdm\STacSV.exe

c:\program files\WTouch\WTouchUser.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\RUNDLL32.EXE

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Voltooingstijd: 2012-06-27 14:43:21 - machine werd herstart

ComboFix-quarantined-files.txt 2012-06-27 12:43

ComboFix2.txt 2012-06-27 11:13

.

Pre-Run: 228.499.468.288 bytes beschikbaar

Post-Run: 228.409.294.848 bytes beschikbaar

.

- - End Of File - - 5A184765EA95683979CD41F9B82D2C9C

[kape]

Als je nu in normale modus opgestart bent - zonder het vervelende politievirus - betekent dit inderdaad dat het opgelost is. Dan mag je aan de opruiming beginnen :

Verwijder Combofix: Start -> Uitvoeren/Zoekopdracht en typ: ComboFix /Uninstall

Dit zal Combofix verwijderen + gerelateerde mappen en bestanden, herstelt de klokinstellingen opnieuw, verbergt de bestandsextensies, gaat verborgen bestanden en systeembestanden terug verbergen en maakt een nieuw herstelpunt.

Indien aanwezig mag je de map C:\Qoobox manueel verwijderen.

Download CCleaner.

Klik op “Download Latest Version” en dan start de download van CCleaner automatisch en gratis op.

Installeer het en start CCleaner op. Klik in de linkse kolom op “Cleaner”. Klik achtereenvolgens op ‘Analyseren’ en 'Schoonmaken'. Soms is 1 analyse niet voldoende. Deze procedure mag je herhalen tot de analyse geen fouten meer aangeeft. Klik vervolgens in de linkse kolom op “Register” en klik op ‘Scan naar problemen”. Als er fouten gevonden worden klik je op ”Herstel geselecteerde problemen” en ”OK”. Dan krijg je de vraag om een back-up te maken. Klik op “JA”. Kies dan “Herstel alle geselecteerde fouten”. Sluit hierna CCleaner terug af.

Wil je dit uitgebreid in beeld bekijken, klik dan hier voor de handleiding.

Het is aangewezen om de bestaande herstelpunten te verwijderen (daar zitten besmette herstelpunten tussen die je eventueel zou kunnen terugzetten). In XP doe je dit via Start -> Configuratiescherm -> Systeem -> Systeemherstel -> "Systeemherstel op alle stations uitschakelen" aanvinken. Toepassen en OK. PC herstarten en het vinkje terug weg halen.

Indien dit allemaal probleemloos verlopen is, mag je hieronder op "markeer als opgelost" tokkelen !

[Nona]

Alles was weg en nu zit er weer één, argh. BUMA STEMRA politie virus ipv ukash politie virus dit keer.

[kape]

Alles was weg en nu zit er weer één, argh. BUMA STEMRA politie virus ipv ukash politie virus dit keer.

Graag nieuw logje van HijackThis dan ?

[Nona]

Dat gaat niet, de pc start niet op, ook niet via veilige modus, nadat ik veilige modus kies start ie zichzelf opnieuw op en dat blijft zich herhalen, ik kom niet voorbij het zwarte beginscherm waarbij je kan kiezen tussen veilige modus met en zonder netwerk (beide geven trouwens hetzelfde resultaat)

(ik ben nu trouwens online via mijn iPod)

[kape]

Stap 1

Download op een andere niet geïnfecteerde computer de kaspersky Rescue CD en sla deze op je bureaublad op.

Download daarna IMG Burn, unzip en installeer dit programma. Standaard worden deze bestanden geplaatst in de map C:\Program Files\ImgBurn. Klik daar op ImgBurn.exe om het programma op te starten. Gebruikers van Vista en Windows 7 moeten dit “uitvoeren als administrator”.

• Start "IMG burn" en klik op "Schrijf image bestand naar schijf"
  
• Selecteer het image bestand van de Kaspersky Rescue CD en klik op de knop "Schrijf"
  

Stap 2

Voer dit uit op de geïnfecteerde computer.

• Stop de Kaspersky Rescue CD, in de PC.
  
• Start die PC opnieuw op.
  

3. Opstarten van de Kaspersky Rescue CD.

Info:

Als u problemen heeft met het opstarten vanaf de rescue cd controleer dan de instellingen in de BIOS voor het opstarten vanaf een bootable CD.

:>: Hier staat beschreven hoe u de CD / DVD drive als first boot device kunt instellen.

Druk op bovenstaande venster op een willekeurige "toets" om van de Kaspersky Rescue CD te starten.

Kies is het bovenstaande scherm de de gewenste taal wat standaard op Engels staat ingesteld en druk op "Enter"

Druk in het bovenstaande op "1" en om door te gaan.

Kies in het volgende scherm de optie "Kaspersky Rescue Disk - Grafische modus" en druk op enter.

Windowsunlocker

• Als de computer is opgestart van de Kaspersky Rescue CD klik dan op de start (KDE) knop in de taakbalk en klik op "Terminal"
  
  
• Geef in de terminal het commando windowsunlocker op gevolgd door enter.
  
• Via de terminal zullen nu de registerwaarden die door de ransomware infectie zijn aangemaakt hersteld worden.
  
• In het rode en groene kader hieronder kunt u zien dat de registerwaarden zijn hersteld.
  
  
• Herstart de computer.
  

[Nona]

Ik heb geen beschikking tot een andere pc voor in ieder geval een paar dagen, dit kan dus best een tijd duren. Raak ik hiermee ook bestanden kwijt?

[kape]

Ik heb geen beschikking tot een andere pc voor in ieder geval een paar dagen, dit kan dus best een tijd duren. Raak ik hiermee ook bestanden kwijt?

Neen, die blijven op de PC intact.