Ga naar inhoud

Olmarik.AJL trojan


Aanbevolen berichten

Eset smart security 4 heeft de bovenstaande virus gevonden in MBR sector of the 1. physical disk, maar kan hem niet verwijderen.

Ik heb een tijdje gezocht op google maar kan geen manier vinden die werkt bij mij.

De waarschuwing verschijnt elke keer dat mijn pc opstart.

Link naar reactie
Delen op andere sites

Download HijackThis

Klik bij "HijackThis Downloads" op "Installer".

Bestand HijackThis.msi opslaan. Daarna kiezen voor "uitvoeren".

Hijackthis wordt nu op je PC geïnstalleerd, een snelkoppeling wordt op je bureaublad geplaatst.

Klik op de snelkoppeling om HijackThis te starten

Klik ofwel op "Do a systemscan and save a logfile", ofwel eerst op "Scan" en dan op "Savelog".

Er opent een kladblokvenster, hou gelijktijdig de CTRL en A-toets ingedrukt, nu is alles geselecteerd. Hou gelijktijdig de CTRL en C-toets ingedrukt, nu is alles gekopieerd. Plak nu het HJT logje in je bericht door CTRL en V-toets.

Krijg je een melding ""For some reason your system denied writing to the Host file ....", klik dan gewoon door op de OK-toets.

Let op : Windows Vista & 7 gebruikers dienen HijackThis als “administrator” uit te voeren via rechtermuisknop “als administrator uitvoeren". Indien dit via de snelkoppeling niet lukt voer je HijackThis als administrator uit in de volgende map : C:\Program Files\Trend Micro\HiJackThis of C:\Program Files (x86)\Trend Micro\HiJackThis.

Link naar reactie
Delen op andere sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:16, on 25/03/2011
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Drekes\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Program Files (x86)\stunnel\stunnel.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
D:\games\Steam\Steam.exe
C:\Program Files (x86)\Java\jre6\bin\javaw.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [startCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKCU\..\Run: [steam] "D:\games\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = C:\Users\Drekes\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Steam.lnk = D:\games\Steam\Steam.exe
O4 - Startup: stunnel.exe - Shortcut.lnk = D:\Program Files (x86)\stunnel\stunnel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - D:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6998 bytes

Link naar reactie
Delen op andere sites

Dit geeft geen negatieve aanduidingen. Download Malwarebytes.

Dubbelklik op mbam-setup.exe om het programma te installeren.

Zorg ervoor dat er een vinkje geplaatst is voor Update Malwarebytes' Anti-Malware en Start Malwarebytes' Anti-Malware, Klik daarna op "Voltooien".

Indien een update gevonden werd, zal die gedownload en geïnstalleerd worden.

Wanneer het programma volledig up to date is, selecteer dan in het tabblad Scanner : "Snelle Scan", daarna klik op Scan.

Het scannen kan een tijdje duren, dus wees geduldig.

Wanneer de scan voltooid is, klik op OK, daarna "Bekijk Resultaten" om de resultaten te zien.

Zorg ervoor dat daar alles aangevinkt is, daarna klik op: Verwijder geselecteerde.

Na het verwijderen zal een log openen en zal er gevraagd worden om de computer opnieuw op te starten. (Zie verder).

Indien er de rootkit (TDSS) aanwezig is, zal MBAM vragen te herstarten. Doe dit dan ook.

MBAM zal na de herstart opnieuw scannen en de rootkit verwijderen.

Het log wordt automatisch bewaard door MBAM en kan je terugvinden door op de "Logs" tab te klikken in het programma.

Indien MBAM moeilijkheden heeft met het verwijderen van bepaalde bestanden zal het enkele meldingen geven waar je OK moet klikken. Daarna zal het vragen om de computer opnieuw op te starten... dus sta toe dat MBAM de computer opnieuw opstart.

Plak de inhoud van het logje in je volgende bericht.

Link naar reactie
Delen op andere sites

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6170

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

25/03/2011 19:19:17
mbam-log-2011-03-25 (19-19-17).txt

Scan type: Quick scan
Objects scanned: 162613
Time elapsed: 2 minute(s), 2 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Link naar reactie
Delen op andere sites

Download ComboFix van één van deze locaties:

Link 1

Link 2

* BELANGRIJK !!! Sla ComboFix.exe op je Bureaublad op

1. Schakel alle antivirus- en antispywareprogramma's uit, want anders kunnen ze misschien conflicteren met ComboFix. Hier is een handleiding over hoe je ze kan uitschakelen:

Klik hier

2. Het kan voorkomen dat de computer meerdere malen opnieuw gestart moet worden, dit is normaal.

3. Dubbelklik op "Combofix.exe" om de tool te starten.

4. Klik niet in het scherm van Combofix als deze actief is, hierdoor kan de 'tool' vastlopen.

Noot !!! Als er een error wordt getoond met de melding "Illegal operation attempted on a registery key that has been marked for deletion", herstart dan de computer.

5. Wanneer ComboFix klaar is, zal het het een logbestand voor je maken. Post de inhoud van dit logbestand (te vinden als C:\ComboFix.txt) in je volgende bericht.

Link naar reactie
Delen op andere sites

Ik had eset smart security uitgeschakeld, maar deze stond automatisch weer aan nadat de pc gereboot had.

log:

ComboFix 11-03-24.06 - Drekes 25/03/2011  19:57:16.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.1.1033.18.4095.2349 [GMT -7:00]
Running from: d:\drekes\Downloads\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET Personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Drekes\AppData\Local\Temp\~4761.tmp
.
.
(((((((((((((((((((((((((   Files Created from 2011-02-26 to 2011-03-26  )))))))))))))))))))))))))))))))
.
.
2011-03-26 03:00 . 2011-03-26 03:00    --------    d-----w-    c:\users\Default\AppData\Local\temp
2011-03-25 21:24 . 2011-03-25 21:24    --------    d-----w-    c:\programdata\Malwarebytes
2011-03-25 10:03 . 2011-03-25 10:03    --------    d-----w-    c:\users\Default\AppData\Local\Microsoft Help
2011-03-25 08:53 . 2007-04-11 07:35    414632    ------w-    c:\windows\difxapi.dll
2011-03-25 08:53 . 2011-03-25 08:53    --------    d-----w-    c:\program files (x86)\Common Files\InstallShield
2011-03-25 07:20 . 1998-09-02 08:28    38160    ----a-w-    c:\windows\SysWow64\LMRTREND.dll
2011-03-25 07:20 . 1998-09-02 08:28    155408    ----a-w-    c:\windows\SysWow64\LMRT.dll
2011-03-25 07:20 . 1998-08-20 11:02    140800    ----a-w-    c:\windows\SysWow64\tm20dec.ax
2011-03-25 07:20 . 1998-08-27 04:51    182032    ----a-w-    c:\windows\SysWow64\dxtmsft3.dll
2011-03-25 07:20 . 1998-09-02 08:28    63488    ----a-w-    c:\windows\SysWow64\unam4ie.exe
2011-03-25 07:20 . 1998-08-20 10:38    217984    ----a-w-    c:\windows\SysWow64\strmdll.dll
2011-03-25 07:20 . 1998-09-02 08:02    194320    ----a-w-    c:\windows\SysWow64\qcut.dll
2011-03-25 07:20 . 1998-08-17 09:21    10240    ----a-w-    c:\windows\SysWow64\vidx16.dll
2011-03-25 07:20 . 1998-08-17 09:21    11776    ----a-w-    c:\windows\SysWow64\mciqtz.drv
2011-03-25 07:20 . 2011-03-25 07:20    4608    ----a-w-    c:\windows\SysWow64\w95inf32.dll
2011-03-25 07:20 . 2011-03-25 07:20    2272    ----a-w-    c:\windows\SysWow64\w95inf16.dll
2011-03-25 07:18 . 1998-01-23 19:22    304128    ----a-w-    c:\windows\IsUninst.exe
2011-03-25 04:40 . 2011-03-25 04:40    --------    d-----w-    c:\windows\Sun
2011-03-25 02:00 . 2011-03-25 02:00    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2011-03-25 02:00 . 2011-03-25 02:00    --------    d-----w-    c:\windows\system32\appmgmt
2011-03-24 23:51 . 2011-03-24 23:51    --------    d-----w-    c:\programdata\Sony
2011-03-24 23:51 . 2011-03-24 23:51    --------    d-----w-    c:\program files (x86)\Sony
2011-03-24 23:41 . 2011-03-24 23:43    --------    d-----w-    c:\programdata\regid.1986-12.com.adobe
2011-03-24 23:40 . 2011-03-24 23:40    --------    d-----w-    c:\program files (x86)\Adobe Media Player
2011-03-24 23:39 . 2011-03-24 23:41    --------    d-----w-    c:\program files\Common Files\Adobe
2011-03-24 23:38 . 2011-03-24 23:38    --------    d-----w-    c:\program files (x86)\Common Files\Adobe AIR
2011-03-24 23:34 . 2011-03-24 23:40    --------    d-----w-    c:\program files (x86)\Common Files\Adobe
2011-03-24 23:22 . 2011-03-25 02:43    --------    d-----w-    c:\program files (x86)\Microsoft Works
2011-03-24 23:22 . 2011-03-24 23:22    --------    d-----w-    c:\windows\PCHEALTH
2011-03-24 23:22 . 2011-03-24 23:22    --------    d-----w-    c:\program files (x86)\Microsoft.NET
2011-03-24 23:19 . 2011-03-25 22:06    --------    d-----w-    c:\programdata\Microsoft Help
2011-03-24 23:18 . 2011-03-24 23:18    --------    d-----r-    C:\MSOCache
2011-03-24 23:10 . 2011-03-24 23:10    --------    d-----w-    c:\program files (x86)\Logitech
2011-03-24 23:10 . 2011-03-24 23:10    --------    d-----w-    c:\programdata\Logitech
2011-03-24 23:08 . 2011-03-24 23:08    --------    d-----w-    c:\program files\Logitech
2011-03-24 23:06 . 2011-03-24 23:06    --------    d--h--w-    c:\programdata\CanonIJMyPrinter
2011-03-24 23:05 . 2011-03-24 23:24    --------    d-----w-    c:\programdata\CanonIJPLM
2011-03-24 23:04 . 2011-03-24 23:04    --------    d-----w-    c:\program files\Canon
2011-03-24 23:04 . 2011-03-24 23:04    --------    d--h--w-    c:\programdata\CanonBJ
2011-03-24 23:04 . 2009-03-24 12:00    83968    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPP9Z.DLL
2011-03-24 23:04 . 2009-03-24 12:00    28672    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\CNMPD9Z.DLL
2011-03-24 23:04 . 2011-03-24 23:04    --------    d--h--w-    c:\windows\system32\CanonIJ Uninstaller Information
2011-03-24 23:04 . 2009-04-03 23:01    1321984    ----a-w-    c:\windows\system32\CNC550C.dll
2011-03-24 23:04 . 2009-04-03 23:00    92672    ----a-w-    c:\windows\system32\CNC550I.dll
2011-03-24 23:04 . 2009-04-03 22:57    106496    ----a-w-    c:\windows\SysWow64\CNC550U.dll
2011-03-24 23:04 . 2009-03-19 21:39    328192    ----a-w-    c:\windows\system32\CNC550L.dll
2011-03-24 23:04 . 2009-03-19 21:38    303104    ----a-w-    c:\windows\SysWow64\CNC550L.dll
2011-03-24 23:04 . 2008-08-26 01:02    17920    ----a-w-    c:\windows\system32\CNHMCA6.dll
2011-03-24 23:04 . 2008-08-26 01:02    15872    ----a-w-    c:\windows\SysWow64\CNHMCA.dll
2011-03-24 23:03 . 2009-03-24 12:00    336896    ----a-w-    c:\windows\system32\CNMLM9Z.DLL
2011-03-24 23:03 . 2009-02-04 12:18    104960    ----a-w-    c:\windows\system32\CNC550O.dll
2011-03-24 23:03 . 2009-03-18 08:10    244736    ----a-w-    c:\windows\system32\CNMIU9Z.DLL
2011-03-24 23:03 . 2011-03-24 23:05    --------    d-----w-    c:\program files (x86)\Canon
2011-03-24 23:00 . 2010-12-21 06:15    264192    ----a-w-    c:\windows\system32\upnp.dll
2011-03-24 23:00 . 2010-12-21 06:13    2003968    ----a-w-    c:\windows\system32\msxml6.dll
2011-03-24 23:00 . 2010-12-21 06:13    1880576    ----a-w-    c:\windows\system32\msxml3.dll
2011-03-24 23:00 . 2010-12-21 06:16    1197056    ----a-w-    c:\windows\system32\wininet.dll
2011-03-24 23:00 . 2010-12-21 05:38    204288    ----a-w-    c:\windows\SysWow64\upnp.dll
2011-03-24 23:00 . 2010-12-21 06:16    442880    ----a-w-    c:\windows\system32\winhttp.dll
2011-03-24 23:00 . 2010-12-21 05:36    1389568    ----a-w-    c:\windows\SysWow64\msxml6.dll
2011-03-24 22:53 . 2011-03-24 22:53    --------    d-----w-    c:\program files (x86)\NVIDIA Corporation
2011-03-24 22:52 . 2010-08-12 17:14    660072    ----a-w-    c:\windows\system32\nvunrm.exe
2011-03-24 22:52 . 2009-07-01 04:20    339744    ----a-w-    c:\windows\system32\drivers\nvmf6264.sys
2011-03-24 22:52 . 2009-07-01 03:55    898560    ----a-w-    c:\windows\system32\fdco1.dll
2011-03-24 22:52 . 2011-03-25 04:40    --------    d-----w-    c:\windows\.jagex_cache_32
2011-03-24 22:52 . 2009-06-28 16:36    28704    ----a-w-    c:\windows\system32\drivers\nvsmu.sys
2011-03-24 22:52 . 2009-06-26 08:15    167936    ----a-w-    c:\windows\system32\NVCOSMU.DLL
2011-03-24 22:52 . 2010-08-12 17:14    660072    ----a-w-    c:\windows\system32\NVUNINST.EXE
2011-03-24 22:52 . 2009-06-26 08:15    539168    ----a-r-    c:\windows\system32\nvusmu.exe
2011-03-24 22:47 . 2010-10-27 04:32    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2011-03-24 22:47 . 2010-10-27 05:06    2048    ----a-w-    c:\windows\system32\tzres.dll
2011-03-24 22:45 . 2011-03-24 22:45    --------    d-----w-    c:\programdata\ATI
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\SysWow64\nl
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\nl-NL
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\SysWow64\drivers\nl-NL
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\SysWow64\XPSViewer
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\SysWow64\wbem\nl-NL
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\system32\nl
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\system32\drivers\nl-NL
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\system32\drivers\UMDF\nl-NL
2011-03-24 22:40 . 2011-03-24 22:40    --------    d-----w-    c:\windows\system32\wbem\nl-NL
2011-03-24 22:39 . 2011-03-24 22:39    --------    d-----w-    c:\windows\SysWow64\Wat
2011-03-24 22:39 . 2011-03-24 22:39    --------    d-----w-    c:\windows\system32\Wat
2011-03-24 22:39 . 2011-03-24 22:39    --------    d-----w-    c:\program files (x86)\Common Files\Java
2011-03-24 22:39 . 2011-03-24 22:38    472808    ----a-w-    c:\windows\SysWow64\deployJava1.dll
2011-03-24 22:38 . 2011-03-24 22:38    --------    d-----w-    c:\program files (x86)\Java
2011-03-24 22:37 . 2011-03-24 22:37    --------    d-----w-    c:\programdata\McAfee
2011-03-24 22:36 . 2011-03-24 22:36    --------    d-----w-    c:\program files\Common Files\ATI Technologies
2011-03-24 22:36 . 2011-03-24 22:36    --------    d-----w-    c:\program files (x86)\Common Files\ATI Technologies
2011-03-24 22:36 . 2011-03-24 22:36    --------    d-----w-    c:\program files (x86)\ATI Stream
2011-03-24 22:36 . 2011-03-24 22:36    --------    d-----w-    c:\program files (x86)\ATI
2011-03-24 22:35 . 2010-02-18 16:18    46136    ----a-w-    c:\windows\system32\drivers\amdiox64.sys
2011-03-24 22:33 . 2011-03-24 22:33    --------    d-----w-    c:\program files\ATI
2011-03-24 22:31 . 2011-03-24 22:31    --------    d-----w-    C:\ATI
2011-03-24 22:22 . 2010-09-14 06:45    367104    ----a-w-    c:\windows\system32\wcncsvc.dll
2011-03-24 22:22 . 2010-09-14 06:07    276992    ----a-w-    c:\windows\SysWow64\wcncsvc.dll
2011-03-24 22:18 . 2011-03-24 22:18    --------    d-----w-    c:\windows\SysWow64\Macromed
2011-03-24 22:18 . 2009-07-01 03:55    704000    ----a-r-    c:\windows\system32\cohelper.dll
2011-03-24 22:18 . 2009-06-29 20:48    6136    ----a-r-    c:\windows\system32\drivers\nvphy.bin
2011-03-24 22:11 . 2009-07-14 01:55    3584    ----a-w-    c:\windows\system32\Spool\prtprocs\x64\nl-NL\LXKPTPRC.DLL.mui
2011-03-24 22:07 . 2011-01-07 08:07    662528    ----a-w-    c:\windows\system32\XpsPrint.dll
2011-03-24 22:07 . 2011-01-07 08:07    475648    ----a-w-    c:\windows\system32\XpsGdiConverter.dll
2011-03-24 22:07 . 2011-01-07 07:31    442880    ----a-w-    c:\windows\SysWow64\XpsPrint.dll
2011-03-24 22:07 . 2011-01-07 07:31    288256    ----a-w-    c:\windows\SysWow64\XpsGdiConverter.dll
2011-03-24 22:07 . 2010-12-21 06:16    214016    ----a-w-    c:\windows\system32\winsrv.dll
2011-03-24 22:07 . 2010-11-02 05:12    1837568    ----a-w-    c:\windows\system32\d3d10warp.dll
2011-03-24 22:07 . 2010-11-02 04:35    1170944    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2011-03-24 22:07 . 2010-05-23 08:37    1888256    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2011-03-24 22:07 . 2010-05-23 08:35    4068864    ----a-w-    c:\windows\system32\mf.dll
2011-03-24 22:05 . 2010-11-02 05:17    1169408    ----a-w-    c:\windows\system32\taskschd.dll
2011-03-24 22:03 . 2011-02-03 01:11    270720    ------w-    c:\windows\system32\MpSigStub.exe
2011-03-24 21:55 . 2011-03-24 21:03    --------    d-----w-    c:\windows\Panther
2011-03-24 21:54 . 2011-03-26 01:21    --------    d-sh--w-    c:\windows\Installer
2011-03-24 21:33 . 2011-03-24 21:33    --------    d-----w-    c:\windows\SysWow64\0413
2011-03-24 21:33 . 2011-03-24 21:33    --------    d-----w-    c:\windows\SysWow64\drivers\UMDF\nl-NL
2011-03-24 21:33 . 2011-03-24 21:33    --------    d-----w-    c:\windows\system32\0413
2011-03-24 21:24 . 2011-03-24 21:24    --------    d-----w-    c:\program files\NVIDIA Corporation
2011-03-24 21:13 . 2010-10-16 05:17    720896    ----a-w-    c:\windows\system32\odbc32.dll
2011-03-24 21:13 . 2010-10-16 04:34    573440    ----a-w-    c:\windows\SysWow64\odbc32.dll
2011-03-24 21:13 . 2010-10-16 05:16    495616    ----a-w-    c:\program files\Common Files\System\ado\msadox.dll
2011-03-24 21:13 . 2010-10-16 05:16    466944    ----a-w-    c:\program files\Common Files\System\ado\msadomd.dll
2011-03-24 21:13 . 2010-10-16 05:16    1425408    ----a-w-    c:\program files\Common Files\System\ado\msado15.dll
2011-03-24 21:13 . 2010-10-16 05:16    258048    ----a-w-    c:\program files\Common Files\System\msadc\msadco.dll
2011-03-24 21:13 . 2010-10-16 04:33    372736    ----a-w-    c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-03-24 21:13 . 2010-10-16 04:33    352256    ----a-w-    c:\program files (x86)\Common Files\System\ado\msadomd.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-26 23:37 . 2011-01-26 23:37    9085952    ----a-w-    c:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22    22295040    ----a-w-    c:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00    143360    ----a-w-    c:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2011-01-26 23:00    596480    ----a-w-    c:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59    17204736    ----a-w-    c:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2011-01-26 22:59    708608    ----a-w-    c:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2011-01-26 22:56    462848    ----a-w-    c:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56    479232    ----a-w-    c:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55    203776    ----a-w-    c:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54    120320    ----a-w-    c:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54    423424    ----a-w-    c:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53    356352    ----a-w-    c:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53    278528    ----a-w-    c:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53    16384    ----a-w-    c:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53    59392    ----a-w-    c:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53    43520    ----a-w-    c:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49    4105728    ----a-w-    c:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2009-07-13 21:59    4847616    ----a-w-    c:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32    1208320    ----a-w-    c:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32    1912832    ----a-w-    c:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2011-01-26 22:32    3222016    ----a-w-    c:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2011-01-26 22:28    4170752    ----a-w-    c:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27    51200    ----a-w-    c:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27    46080    ----a-w-    c:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27    44544    ----a-w-    c:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27    44032    ----a-w-    c:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27    6982144    ----a-w-    c:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25    5580800    ----a-w-    c:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2011-01-26 22:24    3463680    ----a-w-    c:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2011-01-26 22:21    5316096    ----a-w-    c:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2011-01-26 22:20    58880    ----a-w-    c:\windows\system32\coinst.dll
2011-01-26 22:14 . 2011-01-26 22:14    354304    ----a-w-    c:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14    249856    ----a-w-    c:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13    14848    ----a-w-    c:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13    12800    ----a-w-    c:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13    12800    ----a-w-    c:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13    39936    ----a-w-    c:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13    32768    ----a-w-    c:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13    299520    ----a-w-    c:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2011-01-26 22:12    39936    ----a-w-    c:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12    30720    ----a-w-    c:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2011-01-26 22:12    38400    ----a-w-    c:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2011-01-26 22:12    28672    ----a-w-    c:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11    53248    ----a-w-    c:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08    53760    ----a-w-    c:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08    53760    ----a-w-    c:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08    52736    ----a-w-    c:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08    52736    ----a-w-    c:\windows\SysWow64\amdpcom32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    94208    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    94208    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    94208    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    94208    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"zASRockInstantBoot"="" [bU]
"Steam"="d:\games\Steam\steam.exe" [2011-03-25 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-04 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
.
c:\users\Drekes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Drekes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-1-26 23361424]
Steam.lnk - d:\games\Steam\Steam.exe [2009-9-14 1242448]
stunnel.exe - Shortcut.lnk - d:\program files (x86)\stunnel\stunnel.exe [2011-2-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-20 357182]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM10664.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD Reservation Manager;AMD Reservation Manager;d:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 140224]
S2 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2009-04-09 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AsrIbDrv;AsrIbDrv;c:\windows\SysWOW64\Drivers\AsrIbDrv.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 VaneFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    97792    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    97792    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    97792    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36    97792    ----a-w-    c:\users\Drekes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2009-04-09 2692008]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-02-23 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Drekes\AppData\Roaming\Mozilla\Firefox\Profiles\4cdcvs36.default\
FF - prefs.js: browser.startup.homepage - google.be
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\program files (x86)\ASRock Utility\InstantBoot\InstantBoot.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Completion time: 2011-03-25  20:05:33 - machine was rebooted
ComboFix-quarantined-files.txt  2011-03-26 03:05
ComboFix2.txt  2011-03-25 21:40
.
Pre-Run: 126.111.866.880 bytes free
Post-Run: 126.853.361.664 bytes free
.
- - End Of File - - EE69993C813845E6E90B1B70CB8EAB13

Link naar reactie
Delen op andere sites

Download Dr.Web CureIt en sla het op je bureaublad op.

  • Dubbelklik drweb-cureit.exe en sta het toe om te express scan te starten.
    Indien er een popup verschijnt met het voorstel tot kopen/50% korting mag je deze sluiten.
  • De express scan zal de bestanden scannen die momenteel in het geheugen geladen zijn. Wanneer er iets gevonden wordt klik op 'alles selecteren' kies nu voor 'repareren' en uit het kleine menutje dat verschijnt kies je 'verplaatsen'.
  • Kies bovenaan in het menu voor Language/Taal en wijzig deze naar Dutch (Nederlands) indien deze bij jou anders staat ingesteld.
  • Druk op F9, kies daarna voor het tabblad Acties en stel daar het volgende in onder Malware:

    • Adware: Verplaats
    • Dialers: Verplaats
    • Jokes: Rapportage
    • Riskware: Rapportage
    • Hacktools: Verplaats
    • Haal dan het vinkje weg bij 'Prompt bij actie'.

    [*]Kies daarna voor het tabblad Scan en verwijder het vinkje bij Heuristische analyse.

    Druk vervolgens op Toepassen gevolgd door OK.

    [*]Eenmaal als de korte scan is beëindigd vink je aan: Volledige scan.

    Druk daarna op het groene pijltje (start knop) om de scan te starten.

    [*]Gevonden bestanden worden naar '%USERPROFILE%\DocterWeb\Quarantine' -map verplaatst indien het herstellen niet mogelijk is.

    [*]Nadat de scan gedaan is ga dan naar Bestand en kies Rapportage lijst opslaan.

    Bewaar deze op je bureaublad en sluit daarna Dr.Web CureIt.

    [*]Herstart vervolgens de computer!! Dit is een belangrijke stap want het kan zijn dat Dr.Web CureIt bestanden zal verplaatsen/verwijderen tijdens herstart.

    [*]Na het herstarten, kopieer en plak de inhoud van die log die je eerder hebt bewaard in je volgende post.

Link naar reactie
Delen op andere sites

Gast
Dit topic is nu gesloten voor nieuwe reacties.
×
×
  • Nieuwe aanmaken...

Belangrijke informatie

We hebben cookies geplaatst op je toestel om deze website voor jou beter te kunnen maken. Je kunt de cookie instellingen aanpassen, anders gaan we er van uit dat het goed is om verder te gaan.